Commit Graph

372 Commits

Author SHA1 Message Date
cem
de7a7877e1 aesni(4): Add support for x86 SHA intrinsics
Some x86 class CPUs have accelerated intrinsics for SHA1 and SHA256.
Provide this functionality on CPUs that support it.

This implements CRYPTO_SHA1, CRYPTO_SHA1_HMAC, and CRYPTO_SHA2_256_HMAC.

Correctness: The cryptotest.py suite in tests/sys/opencrypto has been
enhanced to verify SHA1 and SHA256 HMAC using standard NIST test vectors.
The test passes on this driver.  Additionally, jhb's cryptocheck tool has
been used to compare various random inputs against OpenSSL.  This test also
passes.

Rough performance averages on AMD Ryzen 1950X (4kB buffer):
aesni:      SHA1: ~8300 Mb/s    SHA256: ~8000 Mb/s
cryptosoft:       ~1800 Mb/s    SHA256: ~1800 Mb/s

So ~4.4-4.6x speedup depending on algorithm choice.  This is consistent with
the results the Linux folks saw for 4kB buffers.

The driver borrows SHA update code from sys/crypto sha1 and sha256.  The
intrinsic step function comes from Intel under a 3-clause BSDL.[0]  The
intel_sha_extensions_sha<foo>_intrinsic.c files were renamed and lightly
modified (added const, resolved a warning or two; included the sha_sse
header to declare the functions).

[0]: https://software.intel.com/en-us/articles/intel-sha-extensions-implementations

Reviewed by:	jhb
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12452
2017-09-26 23:12:32 +00:00
cem
9ea19b9427 crypto(9): Use a more specific error code when a capable driver is not found
When crypto_newsession() is given a request for an unsupported capability,
raise a more specific error than EINVAL.

This allows cryptotest.py to skip some HMAC tests that a driver does not
support.

Reviewed by:	jhb, rlibby
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12451
2017-09-26 01:31:49 +00:00
ngie
eda725d65a Convert some idioms over to py3k-compatible idioms
- Import print_function from __future__ and use print(..) instead of `print ..`.
- Use repr instead of backticks when the object needs to be dumped, unless
  print(..) can do it lazily. Use str instead of backticks as appropriate
  for simplification reasons.

This doesn't fully convert these modules over py3k. It just gets over some of
the trivial compatibility hurdles.
2017-09-24 00:14:48 +00:00
cem
7cc3781303 cryptotest.py: Like r323869, skip SHA HMAC tests on non-SHA drivers
Sponsored by:	Dell EMC Isilon
2017-09-22 04:41:48 +00:00
cem
8863661513 cryptotest.py: Fix whitespace style errors
I accidentally introduced different whitespace style in r323878.  I'm not
used to using tabs for indentation in Python scripts.

Whitespace only; no functional change.

Sponsored by:	Dell EMC Isilon
2017-09-22 04:25:44 +00:00
cem
23508ac59c cryptotest.py: Actually use NIST-KAT HMAC test vectors and test the right hashes
Previously, this test was entirely a no-op as no vector in the NIST-KAT file
has a precisely 20-byte key.

Additionally, not every vector in the file is SHA1.  The length field
determines the hash under test, and is now decoded correctly.

Finally, due to a limitation I didn't feel like fixing in cryptodev.py, MACs
are truncated to 16 bytes in this test.

With this change and the uncommitted D12437 (to allow key sizes other than
those used in IPSec), the SHA tests in cryptotest.py actually test something
and e.g. at least cryptosoft passes the test.

Sponsored by:	Dell EMC Isilon
2017-09-21 21:07:21 +00:00
cem
ce5730adaa cryptotest.py: Do not run AES-CBC or AES-GCM tests on non-AES crypto(4) drivers
For some reason, we only skipped AES-XTS tests if a driver was not in the
aesmodules list.  Skip other AES modes as well to prevent spurious failures
in non-AES drivers.

Sponsored by:	Dell EMC Isilon
2017-09-21 18:06:21 +00:00
cem
6a2e937b3f cryptotest.py: Add a seatbelt that we're actually testing anything
Without nist-kat installed, cryptotest.py is a no-op.  Showing 'success' in
that case is unhelpful.

Sponsored by:	Dell EMC Isilon
2017-09-21 05:46:28 +00:00
ngie
18951eee49 Add supporting changes for Add limited sandbox capability to "make check"
Non-tests/... changes:
- Add HAS_TESTS= to Makefiles with libraries and programs to enable iteration
  and propagate the appropriate environment down to *.test.mk.

tests/... changes:
- Add appropriate support Makefile.inc's to set HAS_TESTS in a minimal manner,
  since tests/... is a special subdirectory tree compared to the others.

MFC after:	2 months
MFC with:	r322511
Reviewed by:	arch (silence), testing (silence)
Differential Revision:	D12014
2017-08-14 19:21:37 +00:00
asomers
6d922d0b47 tests/sys/netinet/fibs_test: skip selected tests when firewalls are enabled
Some tests send packets over epair(4) interfaces. Firewalls can cause
spurious failures.

Reviewed by:	ngie
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D11917
2017-08-08 15:37:21 +00:00
ngie
9e96179b9c Make test scripts under tests/... non-executable
Executable bits should be set at install time instead of in the repo.
Setting executable bits on files triggers false positives with Phabricator.

MFC after:	2 months
2017-08-08 04:59:16 +00:00
ngie
d739d878b2 MFhead@r321967 2017-08-03 03:45:48 +00:00
ngie
9487faf877 Chase r321920 and r321930 (dev_t being widened)
The layout of st_rdev has changed after this commit, and assumptions made
in the NetBSD tests are no longer valid. Change the hardcoded assumed
values to account for the fact that major/minor are now represented by
64 bits as opposed to the less precise legacy precision of 16 bits.

PR:	221048
Relnotes: st_rdev layout changed; warning about impact of r321920 to
	  downstream consumers
2017-08-03 03:43:41 +00:00
ngie
6a035474e5 Use bsd.opts.mk, not src.opts.mk 2017-08-03 00:35:35 +00:00
ngie
7ec8e284a3 MFhead@r321960 2017-08-02 22:28:12 +00:00
ngie
e01efdbd81 Use MK_CHECK_USE_SANDBOX in tests/..., to deal with the fact that
tests/... is a special snowflake directory and using HAS_TESTS would
result in a nasty layering violation between bsd.tests.mk and
bsd.prog.mk.

Add reachover Makefile.inc's which get the default value from
Makefile.inc0 (inspired by gnu/usr.bin/binutils/Makefile.inc0).
2017-08-02 22:24:08 +00:00
ngie
baa75b89b8 Annotate tests that require root privileges appropriately
This unbreaks running the tests with unprivileged users.

MFC after:	1 week
2017-08-02 22:19:45 +00:00
ngie
d4aa74266a Fix cosmetic issue with error message
Add missing space in error message related to PR noted.

MFC after:	2 weeks
PR:		220398
2017-08-02 09:49:41 +00:00
bdrewery
088f68e737 Allow changing the test PORT at compile-time.
Sponsored by:	Dell EMC Isilon
2017-07-31 22:00:27 +00:00
ngie
8989e76d12 Remove superfluous exit 0 added in r321702
atf_skip triggers equivalent functionality, which means the `exit 0`
is unreachable code.

PR:		220164
MFC after:	1 month
MFC with:	r321702
2017-07-29 22:03:21 +00:00
ngie
e2012dbcee Load geom_gate(4) if necessary before running tests; skip if it can't be loaded
The test code prior to r311893 loaded geom_gate at test start if necessary and
skipped the tests if it couldn't be loaded.

The ATF-ifcation of this test done in r311893 unfortunately dropped this
functionality.

This change restores the geom_gate module load and skips the test(s) if unavailable
in an ATF-like way.

MFC after:	1 month
PR:		220164
Reported by:	gjb
2017-07-29 22:01:17 +00:00
asomers
8d64b20efc Implement SIGEV_THREAD notifications for lio_listio(2)
Our man pages have always indicated that this was supported, but in fact the
feature was never implemented for lio_listio(2).

Reviewed by:	jhb, kib (earlier version)
MFC after:	20 days
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D11680
2017-07-21 15:09:24 +00:00
ngie
e41883e6e0 Clean up :coredump_phnum
- Use "atf_check -x 'cmd1 | cmd2'" instead of "cmd1 | atf_check cmd2". The
  two forms are idiomatically similar, but subtly different in the sense of
  what program invokes the other, and there could be unwanted side effects
  of the latter idiom dealing with forking, pipes, etc.
- Remove chmod and instead source coredump_phnum_restore_state.sh directly.
  This avoids the need to check the result of the chmod call.
- Fix indentation in an if-block (4 column space indentation -> hard tab).
2017-07-19 16:23:02 +00:00
ngie
0b782649a7 Remove expected failure for :coredump_phnum
The testcase no longer fails on ^/head because readelf has established parity
with binutils' copy of readelf.

This issue is not seen on Jenkins because
`test_suites.FreeBSD.allow_sysctl_side_effects` isn't set in kyua.conf on
the CI host, i.e., the test is skipped.

PR:	215019
Tested with:	binutils (amd64-binutils-2.28,1); elftoolchain (r3561M)
2017-07-19 16:08:08 +00:00
asomers
9d0182f904 Remove dead code that was killed by r320975
Reported by:	Coverity
CID:		1377977
MFC after:	15 days
X-MFC-With:	320975
Sponsored by:	Spectra Logic Corp
2017-07-19 15:22:10 +00:00
asomers
ffa3f53018 Add regression tests for bugs 220459 and 220398
Bug 220398 - lio_listio(2) never sends asynchronous notification if nent==0
Bug 220459 - lio_listio(2) doesn't support SIGEV_THREAD

PR:		220459
PR:		220398
Reviewed by:	cem, jhb
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D11470
2017-07-17 18:33:30 +00:00
asomers
f7f43aa72d Fix the build with GCC after r320975
Reported by:	pfg
MFC after:	20 days
X-MFC-With:	320975
Sponsored by:	Spectra Logic Corp
2017-07-14 21:50:04 +00:00
asomers
0f2819fcf8 Add tests for aio(4) completion notification via signals and threads
Reviewed by:	jhb
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D11468
2017-07-13 22:53:13 +00:00
asomers
222e8588d4 Use ATF cleanup routines in aio_test.c
Remove aio_test's legacy timeout handling and cleanup routines.  Instead,
use ATF's builtin capabilities.  ATF automatically cleans up newly created
files, too, so we don't have to explicitly unlink them.  The only tests than
need a cleanup routine are the md(4) tests, which must destroy their md
device.

Reviewed by:	jhb
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D11468
2017-07-13 22:49:55 +00:00
ngie
7d16d4740d Pull down pjdfstest 0.1
The summary of changes is as follows..

Generic changes::
- Added configure support [2].
- Check for lchmod filesystem support with create_file(..); for
  testcases that require lchmod, skip the testcase -- otherwise
  use chmod directly [1].
- Added Travis CI integration [2].
- Added utimensat testcases [1].

Linux support::
- Fixed Linux support to pass on later supported versions of
  Fedora/Ubuntu [2].
- Conditionally enable posix_fallocate(2) support [2].

OSX support::
- Fixed compilation on OSX [2].
- Added partial OSX support (the test run isn't fully green yet)
  [2].

MFC after:	2 months
Obtained from:	https://github.com/pjd/pjdfstest/tree/0.1
Relnotes:	yes
Submitted by:	asomers [1], ngie [2]
Tested with:	UFS, ZFS
2017-06-28 09:22:45 +00:00
ngie
e3a688bd91 Pull down pjdfstest 0.1
The summary of changes is as follows..

Generic changes::
- Added configure support [2].
- Check for lchmod filesystem support with create_file(..); for
  testcases that require lchmod, skip the testcase -- otherwise
  use chmod directly [1].
- Added Travis CI integration [2].
- Added utimensat testcases [1].

Linux support::
- Fixed Linux support to pass on later supported versions of
  Fedora/Ubuntu [2].
- Conditionally enable posix_fallocate(2) support [2].

OSX support::
- Fixed compilation on OSX [2].
- Added partial OSX support (the test run isn't fully green yet)
  [2].

Obtained from:	https://github.com/pjd/pjdfstest/tree/0.1
Submitted by:	asomers [1], ngie [2]
2017-06-28 08:48:09 +00:00
ngie
b5d7260895 trailing_slash is a TAP-compliant testcase; mark it as such, instead
of calling is a plain testcase.

MFC after:	1 month
2017-06-28 08:29:20 +00:00
ngie
3ecabcede9 Don't hardcode path to file in /tmp; this violates the kyua sandbox
MFC after:	1 month
2017-06-28 08:28:07 +00:00
kib
d7f022a3ab Add abstime kqueue(2) timers and expand struct kevent members.
This change implements NOTE_ABSTIME flag for EVFILT_TIMER, which
specifies that the data field contains absolute time to fire the
event.

To make this useful, data member of the struct kevent must be extended
to 64bit.  Using the opportunity, I also added ext members.  This
changes struct kevent almost to Apple struct kevent64, except I did
not changed type of ident and udata, the later would cause serious API
incompatibilities.

The type of ident was kept uintptr_t since EVFILT_AIO returns a
pointer in this field, and e.g. CHERI is sensitive to the type
(discussed with brooks, jhb).

Unlike Apple kevent64, symbol versioning allows us to claim ABI
compatibility and still name the new syscall kevent(2).  Compat shims
are provided for both host native and compat32.

Requested by:	bapt
Reviewed by:	bapt, brooks, ngie (previous version)
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D11025
2017-06-17 00:57:26 +00:00
jhb
4623d5ec30 Add the ccr0 device to the opencrypto tests against the NIST KAT tests.
The ccr0 device supports both AES and SHA tests.

Sponsored by:	Chelsio Communications
2017-06-08 21:34:54 +00:00
jilles
b11d0b4b3c tests/sys/aio: Add missing mode to open() calls with O_CREAT. 2017-06-04 21:39:37 +00:00
ngie
cdc66979da tests/sys/opencrypto/runtests: apply minor polish to test script
- Refactor kld loading/unloading logic:
-- Use a loop instead of an unrolled one.
-- Check for the module being loaded before trying to load it, to reduce
   noise when loading modules that are already loaded.
-- Don't mute stderr from kldload -- it could be potentially useful to
   the tester.
-- In the event that the test script was terminated early, it would leave
   the modules still attached to the system (which is undesirable).
   Always unload the modules at test end with EXIT/SIGINT/SIGTERM so the
   system is returned to its former operating state as best possible.
   Unload the modules in reverse order, in part for consistency and/or
   dependency reasons.

MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2017-06-01 19:58:40 +00:00
ngie
5239532a82 Fix up TEST_METADATA
- `TEST_METADATA.foo` should be `TEST_METADATA.run_tests`: this will unbreak
  trying to run the tests on a system without python installed in $PATH.
- The tests require root because they load aesni(4) and/or cryptodev(4) if
  not already loaded.

MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2017-06-01 19:46:48 +00:00
jhb
417809d404 Honor the requested crid when running a test.
Otherwise, the kernel is free to choose an aribtrary crypto device
rather than the requested device subverting tests that force the use
of a specific device.

MFC after:	1 week
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D10762
2017-06-01 19:27:38 +00:00
ngie
aed6c7c421 Tweak r319058 slightly
- Specify an explicit mode when using O_CREAT per open(2).
- Fix the error message (add missing enclosing parentheses).

Submitted by:	jilles
MFC after:	3 days
MFC with:	r319058
Sponsored by:	Dell EMC Isilon
2017-05-28 17:50:29 +00:00
ngie
33310916fc Send all of data, not just a portion of it
It was sending only a long's worth (4 or 8 bytes) of data previously
(instead of the entire buffer) via send(2).

MFC after:	1 week
Reported by:	Coverity
CID:		1229966, 1229967, 1230004, 1230005
Sponsored by:	Dell EMC Isilon
2017-05-28 09:21:28 +00:00
ngie
009d88d5a7 Initial srv before using it in bind(2)
MFC after:	3 days
Reported by:	Coverity
CID:		1357526
Sponsored by:	Dell EMC Isilon
2017-05-28 09:08:30 +00:00
ngie
b3f130849c Don't leak accept_fd on thread completion
MFC after:	3 days
Reported by:	Coverity
CID:		1296068
Sponsored by:	Dell EMC Isilon
2017-05-28 09:01:58 +00:00
ngie
430dd479b1 Use main(void) instead of main(argc __unused, argv __unused)
MFC after:	3 days
Sponsored by:	Dell EMC Isilon
2017-05-28 08:57:08 +00:00
ngie
ea252998ad Use an exit code of 1 instead of -1 for reasons noted in r319056
MFC after:	3 days
Sponsored by:	Dell EMC Isilon
2017-05-28 08:55:32 +00:00
ngie
ba6949f2bf Create a deterministic file in the kyua sandbox, instead of a
temporary file outside the kyua sandbox

This helps ensure that the file is removed at test exit, and as
a side effect, cures a warning about umasks with Coverity.

MFC after:	3 days
Sponsored by:	Dell EMC Isilon
2017-05-28 08:52:12 +00:00
ngie
8125770ec2 tests/sys/file/ftruncate_test: use an exit code of 1 instead
of -1 with err*(3).

An exit code of -1 is implementation defined -- it's best to stick
with something well-defined (1).

MFC after:	3 days
Sponsored by:	Dell EMC Isilon
2017-05-28 08:46:41 +00:00
asomers
583b66b532 Fix build of AIO tests with -DDEBUG
Also, redefine some constants for clarity.  No functional change.

MFC after:	1 week
2017-05-21 15:37:08 +00:00
ngie
2208486050 sys/fs/tmpfs/vnd_test: make md(4) allocation dynamic
The previous logic was flawed in the sense that it assumed that /dev/md3
was always available. This was a caveat I noted in r306038, that I hadn't
gotten around to solving before now.

Cache the device for the mountpoint after executing mdmfs, then use the
cached value in basic_cleanup(..) when unmounting/disconnecting the md(4)
device.

Apply sed expressions to use reuse logic in the NetBSD code that could
also be applied to FreeBSD, just with different tools.

Differential Revision:	D10766
MFC after:	1 week
Reviewed by:	bdrewery
Sponsored by:	Dell EMC Isilon
2017-05-19 17:14:29 +00:00
markj
c0f92af240 Add a regression test for r318191.
Reviewed by:	badger
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D10684
2017-05-12 18:02:57 +00:00