Unbreak regression testing tools for net80211 crypto cipher modules

Approved by:	adrian (mentor)
Differential Revision:	https://reviews.freebsd.org/D3441
This commit is contained in:
Andriy Voskoboinyk 2015-10-22 17:08:12 +00:00
parent 9f2eb74093
commit 3c64fc9c3d
3 changed files with 124 additions and 78 deletions

View File

@ -53,6 +53,7 @@
#include <sys/socket.h> #include <sys/socket.h>
#include <net/if.h> #include <net/if.h>
#include <net/if_var.h>
#include <net/if_media.h> #include <net/if_media.h>
#include <net80211/ieee80211_var.h> #include <net80211/ieee80211_var.h>
@ -591,32 +592,32 @@ printtest(const struct ciphertest *t)
} }
static int static int
runtest(struct ieee80211com *ic, struct ciphertest *t) runtest(struct ieee80211vap *vap, struct ciphertest *t)
{ {
struct ieee80211_key key; struct ieee80211_key *key = &vap->iv_nw_keys[t->keyix];
struct mbuf *m = NULL; struct mbuf *m = NULL;
const struct ieee80211_cipher *cip; const struct ieee80211_cipher *cip;
u_int8_t mac[IEEE80211_ADDR_LEN]; int hdrlen;
printf("%s: ", t->name); printf("%s: ", t->name);
/* /*
* Setup key. * Setup key.
*/ */
memset(&key, 0, sizeof(key)); memset(key, 0, sizeof(*key));
key.wk_flags = IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV; key->wk_flags = IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV;
key.wk_cipher = &ieee80211_cipher_none; key->wk_cipher = &ieee80211_cipher_none;
if (!ieee80211_crypto_newkey(ic, t->cipher, if (!ieee80211_crypto_newkey(vap, t->cipher,
IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV, &key)) { IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV, key)) {
printf("FAIL: ieee80211_crypto_newkey failed\n"); printf("FAIL: ieee80211_crypto_newkey failed\n");
goto bad; goto bad;
} }
memcpy(key.wk_key, t->key, t->key_len); memcpy(key->wk_key, t->key, t->key_len);
key.wk_keylen = t->key_len; key->wk_keylen = t->key_len;
key.wk_keyrsc = 0; memset(key->wk_keyrsc, 0, sizeof(key->wk_keyrsc));
key.wk_keytsc = t->pn-1; /* PN-1 since we do encap */ key->wk_keytsc = t->pn-1; /* PN-1 since we do encap */
if (!ieee80211_crypto_setkey(ic, &key, mac)) { if (!ieee80211_crypto_setkey(vap, key)) {
printf("FAIL: ieee80211_crypto_setkey failed\n"); printf("FAIL: ieee80211_crypto_setkey failed\n");
goto bad; goto bad;
} }
@ -624,17 +625,18 @@ runtest(struct ieee80211com *ic, struct ciphertest *t)
/* /*
* Craft frame from plaintext data. * Craft frame from plaintext data.
*/ */
cip = key.wk_cipher; cip = key->wk_cipher;
m = m_getcl(M_NOWAIT, MT_HEADER, M_PKTHDR); m = m_getcl(M_NOWAIT, MT_HEADER, M_PKTHDR);
m->m_data += cip->ic_header; m->m_data += cip->ic_header;
memcpy(mtod(m, void *), t->plaintext, t->plaintext_len); memcpy(mtod(m, void *), t->plaintext, t->plaintext_len);
m->m_len = t->plaintext_len; m->m_len = t->plaintext_len;
m->m_pkthdr.len = m->m_len; m->m_pkthdr.len = m->m_len;
hdrlen = ieee80211_anyhdrsize(mtod(m, void *));
/* /*
* Encrypt frame w/ MIC. * Encrypt frame w/ MIC.
*/ */
if (!cip->ic_encap(&key, m, t->keyix<<6)) { if (!cip->ic_encap(key, m)) {
printtest(t); printtest(t);
printf("FAIL: ccmp encap failed\n"); printf("FAIL: ccmp encap failed\n");
goto bad; goto bad;
@ -660,7 +662,7 @@ runtest(struct ieee80211com *ic, struct ciphertest *t)
/* /*
* Decrypt frame; strip MIC. * Decrypt frame; strip MIC.
*/ */
if (!cip->ic_decap(&key, m)) { if (!cip->ic_decap(key, m, hdrlen)) {
printf("FAIL: ccmp decap failed\n"); printf("FAIL: ccmp decap failed\n");
printtest(t); printtest(t);
cmpfail(mtod(m, const void *), m->m_len, cmpfail(mtod(m, const void *), m->m_len,
@ -680,17 +682,17 @@ runtest(struct ieee80211com *ic, struct ciphertest *t)
printf("FAIL: decap botch; data does not compare\n"); printf("FAIL: decap botch; data does not compare\n");
printtest(t); printtest(t);
cmpfail(mtod(m, const void *), m->m_pkthdr.len, cmpfail(mtod(m, const void *), m->m_pkthdr.len,
t->plaintext, t_plaintext_len); t->plaintext, t->plaintext_len);
goto bad; goto bad;
} }
m_freem(m); m_freem(m);
ieee80211_crypto_delkey(ic, &key); ieee80211_crypto_delkey(vap, key);
printf("PASS\n"); printf("PASS\n");
return 1; return 1;
bad: bad:
if (m != NULL) if (m != NULL)
m_freem(m); m_freem(m);
ieee80211_crypto_delkey(ic, &key); ieee80211_crypto_delkey(vap, key);
return 0; return 0;
} }
@ -704,26 +706,38 @@ static int debug = 0;
static int static int
init_crypto_ccmp_test(void) init_crypto_ccmp_test(void)
{ {
#define N(a) (sizeof(a)/sizeof(a[0]))
struct ieee80211com ic; struct ieee80211com ic;
struct ieee80211vap vap;
struct ifnet ifp;
int i, pass, total; int i, pass, total;
memset(&ic, 0, sizeof(ic)); memset(&ic, 0, sizeof(ic));
if (debug) memset(&vap, 0, sizeof(vap));
ic.ic_debug = IEEE80211_MSG_CRYPTO; memset(&ifp, 0, sizeof(ifp));
ieee80211_crypto_attach(&ic); ieee80211_crypto_attach(&ic);
/* some minimal initialization */
strncpy(ifp.if_xname, "test_ccmp", sizeof(ifp.if_xname));
vap.iv_ic = &ic;
vap.iv_ifp = &ifp;
if (debug)
vap.iv_debug = IEEE80211_MSG_CRYPTO;
ieee80211_crypto_vattach(&vap);
pass = 0; pass = 0;
total = 0; total = 0;
for (i = 0; i < N(ccmptests); i++) for (i = 0; i < nitems(ccmptests); i++)
if (tests & (1<<i)) { if (tests & (1<<i)) {
total++; total++;
pass += runtest(&ic, &ccmptests[i]); pass += runtest(&vap, &ccmptests[i]);
} }
printf("%u of %u 802.11i AES-CCMP test vectors passed\n", pass, total); printf("%u of %u 802.11i AES-CCMP test vectors passed\n", pass, total);
ieee80211_crypto_vdetach(&vap);
ieee80211_crypto_detach(&ic); ieee80211_crypto_detach(&ic);
return (pass == total ? 0 : -1); return (pass == total ? 0 : -1);
#undef N
} }
static int static int

View File

@ -43,6 +43,7 @@
#include <sys/socket.h> #include <sys/socket.h>
#include <net/if.h> #include <net/if.h>
#include <net/if_var.h>
#include <net/if_media.h> #include <net/if_media.h>
#include <net80211/ieee80211_var.h> #include <net80211/ieee80211_var.h>
@ -141,7 +142,6 @@ struct tkip_ctx {
struct ieee80211com *tc_ic; /* for diagnostics */ struct ieee80211com *tc_ic; /* for diagnostics */
uint16_t tx_ttak[5]; uint16_t tx_ttak[5];
int tx_phase1_done;
uint8_t tx_rc4key[16]; uint8_t tx_rc4key[16];
uint16_t rx_ttak[5]; uint16_t rx_ttak[5];
@ -179,34 +179,34 @@ cmpfail(const void *gen, size_t genlen, const void *ref, size_t reflen)
} }
static int static int
runtest(struct ieee80211com *ic, struct ciphertest *t) runtest(struct ieee80211vap *vap, struct ciphertest *t)
{ {
struct tkip_ctx *ctx; struct tkip_ctx *ctx;
struct ieee80211_key key; struct ieee80211_key *key = &vap->iv_nw_keys[t->keyix];
struct mbuf *m = NULL; struct mbuf *m = NULL;
const struct ieee80211_cipher *cip; const struct ieee80211_cipher *cip;
u_int8_t mac[IEEE80211_ADDR_LEN];
u_int len; u_int len;
int hdrlen;
printf("%s: ", t->name); printf("%s: ", t->name);
/* /*
* Setup key. * Setup key.
*/ */
memset(&key, 0, sizeof(key)); memset(key, 0, sizeof(*key));
key.wk_flags = IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV; key->wk_flags = IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV;
key.wk_cipher = &ieee80211_cipher_none; key->wk_cipher = &ieee80211_cipher_none;
if (!ieee80211_crypto_newkey(ic, IEEE80211_CIPHER_TKIP, if (!ieee80211_crypto_newkey(vap, t->cipher,
IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV, &key)) { IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV, key)) {
printf("FAIL: ieee80211_crypto_newkey failed\n"); printf("FAIL: ieee80211_crypto_newkey failed\n");
goto bad; goto bad;
} }
memcpy(key.wk_key, t->key, t->key_len); memcpy(key->wk_key, t->key, t->key_len);
key.wk_keylen = 128/NBBY; key->wk_keylen = 128/NBBY;
key.wk_keyrsc = 0; memset(key->wk_keyrsc, 0, sizeof(key->wk_keyrsc));
key.wk_keytsc = t->pn; key->wk_keytsc = t->pn;
if (!ieee80211_crypto_setkey(ic, &key, mac)) { if (!ieee80211_crypto_setkey(vap, key)) {
printf("FAIL: ieee80211_crypto_setkey failed\n"); printf("FAIL: ieee80211_crypto_setkey failed\n");
goto bad; goto bad;
} }
@ -214,18 +214,19 @@ runtest(struct ieee80211com *ic, struct ciphertest *t)
/* /*
* Craft frame from plaintext data. * Craft frame from plaintext data.
*/ */
cip = key.wk_cipher; cip = key->wk_cipher;
m = m_getcl(M_NOWAIT, MT_HEADER, M_PKTHDR); m = m_getcl(M_NOWAIT, MT_HEADER, M_PKTHDR);
m->m_data += cip->ic_header; m->m_data += cip->ic_header;
len = t->plaintext_len - IEEE80211_WEP_MICLEN; len = t->plaintext_len - IEEE80211_WEP_MICLEN;
memcpy(mtod(m, void *), t->plaintext, len); memcpy(mtod(m, void *), t->plaintext, len);
m->m_len = len; m->m_len = len;
m->m_pkthdr.len = m->m_len; m->m_pkthdr.len = m->m_len;
hdrlen = ieee80211_anyhdrsize(mtod(m, void *));
/* /*
* Add MIC. * Add MIC.
*/ */
if (!ieee80211_crypto_enmic(ic, &key, m)) { if (!ieee80211_crypto_enmic(vap, key, m, 1)) {
printf("FAIL: tkip enmic failed\n"); printf("FAIL: tkip enmic failed\n");
goto bad; goto bad;
} }
@ -247,14 +248,14 @@ runtest(struct ieee80211com *ic, struct ciphertest *t)
/* /*
* Encrypt frame w/ MIC. * Encrypt frame w/ MIC.
*/ */
if (!cip->ic_encap(&key, m, t->keyix<<6)) { if (!cip->ic_encap(key, m)) {
printf("FAIL: tkip encap failed\n"); printf("FAIL: tkip encap failed\n");
goto bad; goto bad;
} }
/* /*
* Verify: phase1, phase2, frame length, frame contents. * Verify: phase1, phase2, frame length, frame contents.
*/ */
ctx = key.wk_private; ctx = key->wk_private;
if (memcmp(ctx->tx_ttak, t->phase1, t->phase1_len)) { if (memcmp(ctx->tx_ttak, t->phase1, t->phase1_len)) {
printf("FAIL: encrypt phase1 botch\n"); printf("FAIL: encrypt phase1 botch\n");
cmpfail(ctx->tx_ttak, sizeof(ctx->tx_ttak), cmpfail(ctx->tx_ttak, sizeof(ctx->tx_ttak),
@ -281,7 +282,7 @@ runtest(struct ieee80211com *ic, struct ciphertest *t)
/* /*
* Decrypt frame. * Decrypt frame.
*/ */
if (!cip->ic_decap(&key, m)) { if (!cip->ic_decap(key, m, hdrlen)) {
printf("tkip decap failed\n"); printf("tkip decap failed\n");
/* /*
* Check reason for failure: phase1, phase2, frame data (ICV). * Check reason for failure: phase1, phase2, frame data (ICV).
@ -319,17 +320,19 @@ runtest(struct ieee80211com *ic, struct ciphertest *t)
/* /*
* De-MIC decrypted frame. * De-MIC decrypted frame.
*/ */
if (!ieee80211_crypto_demic(ic, &key, m)) { if (!ieee80211_crypto_demic(vap, key, m, 1)) {
printf("FAIL: tkip demic failed\n"); printf("FAIL: tkip demic failed\n");
goto bad; goto bad;
} }
/* XXX check frame length and contents... */ /* XXX check frame length and contents... */
m_freem(m);
ieee80211_crypto_delkey(vap, key);
printf("PASS\n"); printf("PASS\n");
return 1; return 1;
bad: bad:
if (m != NULL) if (m != NULL)
m_freem(m); m_freem(m);
ieee80211_crypto_delkey(ic, &key); ieee80211_crypto_delkey(vap, key);
return 0; return 0;
} }
@ -343,26 +346,38 @@ static int tests = -1;
static int static int
init_crypto_tkip_test(void) init_crypto_tkip_test(void)
{ {
#define N(a) (sizeof(a)/sizeof(a[0]))
struct ieee80211com ic; struct ieee80211com ic;
struct ieee80211vap vap;
struct ifnet ifp;
int i, pass, total; int i, pass, total;
memset(&ic, 0, sizeof(ic)); memset(&ic, 0, sizeof(ic));
if (debug) memset(&vap, 0, sizeof(vap));
ic.ic_debug = IEEE80211_MSG_CRYPTO; memset(&ifp, 0, sizeof(ifp));
ieee80211_crypto_attach(&ic); ieee80211_crypto_attach(&ic);
/* some minimal initialization */
strncpy(ifp.if_xname, "test_ccmp", sizeof(ifp.if_xname));
vap.iv_ic = &ic;
vap.iv_ifp = &ifp;
if (debug)
vap.iv_debug = IEEE80211_MSG_CRYPTO;
ieee80211_crypto_vattach(&vap);
pass = 0; pass = 0;
total = 0; total = 0;
for (i = 0; i < N(tkiptests); i++) for (i = 0; i < nitems(tkiptests); i++)
if (tests & (1<<i)) { if (tests & (1<<i)) {
total++; total++;
pass += runtest(&ic, &tkiptests[i]); pass += runtest(&vap, &tkiptests[i]);
} }
printf("%u of %u 802.11i TKIP test vectors passed\n", pass, total); printf("%u of %u 802.11i TKIP test vectors passed\n", pass, total);
ieee80211_crypto_vdetach(&vap);
ieee80211_crypto_detach(&ic); ieee80211_crypto_detach(&ic);
return (pass == total ? 0 : -1); return (pass == total ? 0 : -1);
#undef N
} }
static int static int

View File

@ -53,6 +53,7 @@
#include <sys/socket.h> #include <sys/socket.h>
#include <net/if.h> #include <net/if.h>
#include <net/if_var.h>
#include <net/if_media.h> #include <net/if_media.h>
#include <net80211/ieee80211_var.h> #include <net80211/ieee80211_var.h>
@ -178,54 +179,55 @@ cmpfail(const void *gen, size_t genlen, const void *ref, size_t reflen)
} }
struct wep_ctx_hw { /* for use with h/w support */ struct wep_ctx_hw { /* for use with h/w support */
struct ieee80211com *wc_ic; /* for diagnostics */ struct ieee80211vap *wc_vap; /* for diagnostics+statistics */
u_int32_t wc_iv; /* initial vector for crypto */ struct ieee80211com *wc_ic;
uint32_t wc_iv; /* initial vector for crypto */
}; };
static int static int
runtest(struct ieee80211com *ic, struct ciphertest *t) runtest(struct ieee80211vap *vap, struct ciphertest *t)
{ {
struct ieee80211_key key; struct ieee80211_key *key = &vap->iv_nw_keys[t->keyix];
struct mbuf *m = NULL; struct mbuf *m = NULL;
const struct ieee80211_cipher *cip; const struct ieee80211_cipher *cip;
u_int8_t mac[IEEE80211_ADDR_LEN];
struct wep_ctx_hw *ctx; struct wep_ctx_hw *ctx;
int hdrlen;
printf("%s: ", t->name); printf("%s: ", t->name);
/* /*
* Setup key. * Setup key.
*/ */
memset(&key, 0, sizeof(key)); memset(key, 0, sizeof(*key));
key.wk_flags = IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV; key->wk_flags = IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV;
key.wk_cipher = &ieee80211_cipher_none; key->wk_cipher = &ieee80211_cipher_none;
if (!ieee80211_crypto_newkey(ic, t->cipher, if (!ieee80211_crypto_newkey(vap, t->cipher,
IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV, &key)) { IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV, key)) {
printf("FAIL: ieee80211_crypto_newkey failed\n"); printf("FAIL: ieee80211_crypto_newkey failed\n");
goto bad; goto bad;
} }
memcpy(key.wk_key, t->key, t->key_len); memcpy(key->wk_key, t->key, t->key_len);
key.wk_keylen = t->key_len; key->wk_keylen = t->key_len;
if (!ieee80211_crypto_setkey(ic, &key, mac)) { if (!ieee80211_crypto_setkey(vap, key)) {
printf("FAIL: ieee80211_crypto_setkey failed\n"); printf("FAIL: ieee80211_crypto_setkey failed\n");
goto bad; goto bad;
} }
cip = key.wk_cipher;
/* /*
* Craft frame from plaintext data. * Craft frame from plaintext data.
*/ */
cip = key.wk_cipher; cip = key->wk_cipher;
m = m_getcl(M_NOWAIT, MT_HEADER, M_PKTHDR); m = m_getcl(M_NOWAIT, MT_HEADER, M_PKTHDR);
memcpy(mtod(m, void *), t->encrypted, t->encrypted_len); memcpy(mtod(m, void *), t->encrypted, t->encrypted_len);
m->m_len = t->encrypted_len; m->m_len = t->encrypted_len;
m->m_pkthdr.len = m->m_len; m->m_pkthdr.len = m->m_len;
hdrlen = ieee80211_anyhdrsize(mtod(m, void *));
/* /*
* Decrypt frame. * Decrypt frame.
*/ */
if (!cip->ic_decap(&key, m)) { if (!cip->ic_decap(key, m, hdrlen)) {
printf("FAIL: wep decap failed\n"); printf("FAIL: wep decap failed\n");
cmpfail(mtod(m, const void *), m->m_pkthdr.len, cmpfail(mtod(m, const void *), m->m_pkthdr.len,
t->plaintext, t->plaintext_len); t->plaintext, t->plaintext_len);
@ -249,9 +251,11 @@ runtest(struct ieee80211com *ic, struct ciphertest *t)
/* /*
* Encrypt frame. * Encrypt frame.
*/ */
ctx = (struct wep_ctx_hw *) key.wk_private; ctx = (struct wep_ctx_hw *) key->wk_private;
ctx->wc_vap = vap;
ctx->wc_ic = vap->iv_ic;
memcpy(&ctx->wc_iv, t->iv, sizeof(t->iv)); /* for encap/encrypt */ memcpy(&ctx->wc_iv, t->iv, sizeof(t->iv)); /* for encap/encrypt */
if (!cip->ic_encap(&key, m, t->keyix<<6)) { if (!cip->ic_encap(key, m)) {
printf("FAIL: wep encap failed\n"); printf("FAIL: wep encap failed\n");
goto bad; goto bad;
} }
@ -271,13 +275,13 @@ runtest(struct ieee80211com *ic, struct ciphertest *t)
goto bad; goto bad;
} }
m_freem(m); m_freem(m);
ieee80211_crypto_delkey(ic, &key); ieee80211_crypto_delkey(vap, key);
printf("PASS\n"); printf("PASS\n");
return 1; return 1;
bad: bad:
if (m != NULL) if (m != NULL)
m_freem(m); m_freem(m);
ieee80211_crypto_delkey(ic, &key); ieee80211_crypto_delkey(vap, key);
return 0; return 0;
} }
@ -291,25 +295,38 @@ static int debug = 0;
static int static int
init_crypto_wep_test(void) init_crypto_wep_test(void)
{ {
#define N(a) (sizeof(a)/sizeof(a[0]))
struct ieee80211com ic; struct ieee80211com ic;
struct ieee80211vap vap;
struct ifnet ifp;
int i, pass, total; int i, pass, total;
memset(&ic, 0, sizeof(ic)); memset(&ic, 0, sizeof(ic));
if (debug) memset(&vap, 0, sizeof(vap));
ic.ic_debug = IEEE80211_MSG_CRYPTO; memset(&ifp, 0, sizeof(ifp));
ieee80211_crypto_attach(&ic); ieee80211_crypto_attach(&ic);
/* some minimal initialization */
strncpy(ifp.if_xname, "test_ccmp", sizeof(ifp.if_xname));
vap.iv_ic = &ic;
vap.iv_ifp = &ifp;
if (debug)
vap.iv_debug = IEEE80211_MSG_CRYPTO;
ieee80211_crypto_vattach(&vap);
pass = 0; pass = 0;
total = 0; total = 0;
for (i = 0; i < N(weptests); i++) for (i = 0; i < nitems(weptests); i++)
if (tests & (1<<i)) { if (tests & (1<<i)) {
total++; total++;
pass += runtest(&ic, &weptests[i]); pass += runtest(&vap, &weptests[i]);
} }
printf("%u of %u 802.11i WEP test vectors passed\n", pass, total); printf("%u of %u 802.11i WEP test vectors passed\n", pass, total);
ieee80211_crypto_vdetach(&vap);
ieee80211_crypto_detach(&ic); ieee80211_crypto_detach(&ic);
return (pass == total ? 0 : -1); return (pass == total ? 0 : -1);
#undef N
} }
static int static int