forked from rpms/openssh
		
	add CAVS test driver for the aes-ctr ciphers
This commit is contained in:
		
							parent
							
								
									6148abd585
								
							
						
					
					
						commit
						017c65d99b
					
				
							
								
								
									
										250
									
								
								openssh-5.9p1-ctr-cavstest.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										250
									
								
								openssh-5.9p1-ctr-cavstest.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,250 @@ | ||||
| diff -up openssh-5.9p1/ctr-cavstest.c.ctr-cavs openssh-5.9p1/ctr-cavstest.c
 | ||||
| --- openssh-5.9p1/ctr-cavstest.c.ctr-cavs	2012-01-13 15:59:06.584283289 +0100
 | ||||
| +++ openssh-5.9p1/ctr-cavstest.c	2012-01-13 18:21:33.791941027 +0100
 | ||||
| @@ -0,0 +1,208 @@
 | ||||
| +/*
 | ||||
| + *
 | ||||
| + * invocation (all of the following are equal):
 | ||||
| + * ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt --data a6deca405eef2e8e4609abf3c3ccf4a6
 | ||||
| + * ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt --data a6deca405eef2e8e4609abf3c3ccf4a6 --iv 00000000000000000000000000000000
 | ||||
| + * echo -n a6deca405eef2e8e4609abf3c3ccf4a6 | ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt
 | ||||
| + */
 | ||||
| +
 | ||||
| +#include "includes.h"
 | ||||
| +
 | ||||
| +#include <sys/types.h>
 | ||||
| +#include <sys/param.h>
 | ||||
| +#include <stdarg.h>
 | ||||
| +#include <stdio.h>
 | ||||
| +#include <stdlib.h>
 | ||||
| +#include <string.h>
 | ||||
| +#include <ctype.h>
 | ||||
| +
 | ||||
| +#include "xmalloc.h"
 | ||||
| +#include "log.h"
 | ||||
| +#include "cipher.h"
 | ||||
| +
 | ||||
| +/* compatibility with old or broken OpenSSL versions */
 | ||||
| +#include "openbsd-compat/openssl-compat.h"
 | ||||
| +
 | ||||
| +void usage(void) {
 | ||||
| +        fprintf(stderr, "Usage: ctr-cavstest --algo <ssh-crypto-algorithm>\n"
 | ||||
| +                        "                    --key <hexadecimal-key> --mode <encrypt|decrypt>\n"
 | ||||
| +                        "                    [--iv <hexadecimal-iv>] --data <hexadecimal-data>\n\n"
 | ||||
| +                        "Hexadecimal output is printed to stdout.\n"
 | ||||
| +                        "Hexadecimal input data can be alternatively read from stdin.\n");
 | ||||
| +        exit(1);
 | ||||
| +}
 | ||||
| +
 | ||||
| +void *fromhex(char *hex, size_t *len)
 | ||||
| +{
 | ||||
| +        unsigned char *bin;
 | ||||
| +        char *p;
 | ||||
| +        size_t n = 0;
 | ||||
| +        int shift = 4;
 | ||||
| +        unsigned char out = 0;
 | ||||
| +        unsigned char *optr;
 | ||||
| +
 | ||||
| +        bin = xmalloc(strlen(hex)/2);
 | ||||
| +        optr = bin;
 | ||||
| +
 | ||||
| +        for (p = hex; *p != '\0'; ++p) {
 | ||||
| +                unsigned char c;
 | ||||
| +
 | ||||
| +                c = *p;
 | ||||
| +                if (isspace(c))
 | ||||
| +                        continue;
 | ||||
| +
 | ||||
| +                if (c >= '0' && c <= '9') {
 | ||||
| +                        c = c - '0';
 | ||||
| +                } else if (c >= 'A' && c <= 'F') {
 | ||||
| +                        c = c - 'A' + 10;
 | ||||
| +                } else if (c >= 'a' && c <= 'f') {
 | ||||
| +                        c = c - 'a' + 10;
 | ||||
| +                } else {
 | ||||
| +                        /* truncate on nonhex cipher */
 | ||||
| +                        break;
 | ||||
| +                }
 | ||||
| +
 | ||||
| +                out |= c << shift;
 | ||||
| +                shift = (shift + 4) % 8;
 | ||||
| +
 | ||||
| +                if (shift) {
 | ||||
| +                        *(optr++) = out;
 | ||||
| +                        out = 0;
 | ||||
| +                        ++n;
 | ||||
| +                }
 | ||||
| +        }
 | ||||
| +
 | ||||
| +        *len = n;
 | ||||
| +        return bin;
 | ||||
| +}
 | ||||
| +
 | ||||
| +#define READ_CHUNK 4096
 | ||||
| +#define MAX_READ_SIZE 1024*1024*100
 | ||||
| +char *read_stdin(void)
 | ||||
| +{
 | ||||
| +        char *buf;
 | ||||
| +        size_t n, total = 0;
 | ||||
| +
 | ||||
| +        buf = xmalloc(READ_CHUNK);
 | ||||
| +
 | ||||
| +        do {
 | ||||
| +                n = fread(buf + total, 1, READ_CHUNK, stdin);
 | ||||
| +                if (n < READ_CHUNK) /* terminate on short read */
 | ||||
| +                        break;
 | ||||
| +
 | ||||
| +                total += n;
 | ||||
| +                buf = xrealloc(buf, total + READ_CHUNK, 1);
 | ||||
| +        } while(total < MAX_READ_SIZE);
 | ||||
| +        return buf;
 | ||||
| +}
 | ||||
| +
 | ||||
| +int main (int argc, char *argv[])
 | ||||
| +{
 | ||||
| +
 | ||||
| +        Cipher *c;
 | ||||
| +        CipherContext cc;
 | ||||
| +        char *algo = "aes128-ctr";
 | ||||
| +        char *hexkey = NULL;
 | ||||
| +        char *hexiv = "00000000000000000000000000000000";
 | ||||
| +        char *hexdata = NULL;
 | ||||
| +        char *p;
 | ||||
| +        int i;
 | ||||
| +        int encrypt = 1;
 | ||||
| +        void *key;
 | ||||
| +        size_t keylen;
 | ||||
| +        void *iv;
 | ||||
| +        size_t ivlen;
 | ||||
| +        void *data;
 | ||||
| +        size_t datalen;
 | ||||
| +        void *outdata;
 | ||||
| +
 | ||||
| +        for (i = 1; i < argc; ++i) {
 | ||||
| +                if (strcmp(argv[i], "--algo") == 0) {
 | ||||
| +                        algo = argv[++i];
 | ||||
| +                } else if (strcmp(argv[i], "--key") == 0) {
 | ||||
| +                        hexkey = argv[++i];
 | ||||
| +                } else if (strcmp(argv[i], "--mode") == 0) {
 | ||||
| +                        ++i;
 | ||||
| +                        if (argv[i] == NULL) {
 | ||||
| +                                usage();
 | ||||
| +                        }
 | ||||
| +                        if (strncmp(argv[i], "enc", 3) == 0) {
 | ||||
| +                                encrypt = 1;
 | ||||
| +                        } else if (strncmp(argv[i], "dec", 3) == 0) {
 | ||||
| +                                encrypt = 0;
 | ||||
| +                        } else {
 | ||||
| +                                usage();
 | ||||
| +                        }
 | ||||
| +                } else if (strcmp(argv[i], "--iv") == 0) {
 | ||||
| +                        hexiv = argv[++i];
 | ||||
| +                } else if (strcmp(argv[i], "--data") == 0) {
 | ||||
| +                        hexdata = argv[++i];
 | ||||
| +                }
 | ||||
| +        }
 | ||||
| +
 | ||||
| +        if (hexkey == NULL || algo == NULL) {
 | ||||
| +                usage();
 | ||||
| +        }
 | ||||
| +
 | ||||
| +	SSLeay_add_all_algorithms();
 | ||||
| +
 | ||||
| +	c = cipher_by_name(algo);
 | ||||
| +	if (c == NULL) {
 | ||||
| +		fprintf(stderr, "Error: unknown algorithm\n");
 | ||||
| +		return 2;
 | ||||
| +	}
 | ||||
| +
 | ||||
| +        if (hexdata == NULL) {
 | ||||
| +                hexdata = read_stdin();
 | ||||
| +        } else {
 | ||||
| +                hexdata = xstrdup(hexdata);
 | ||||
| +        }
 | ||||
| +
 | ||||
| +        key = fromhex(hexkey, &keylen);
 | ||||
| +
 | ||||
| +	if (keylen != 16 && keylen != 24 && keylen == 32) {
 | ||||
| +		fprintf(stderr, "Error: unsupported key length\n");
 | ||||
| +		return 2;
 | ||||
| +	}
 | ||||
| +
 | ||||
| +        iv = fromhex(hexiv, &ivlen);
 | ||||
| +
 | ||||
| +        if (ivlen != 16) {
 | ||||
| +		fprintf(stderr, "Error: unsupported iv length\n");
 | ||||
| +		return 2;
 | ||||
| +        }
 | ||||
| +
 | ||||
| +        data = fromhex(hexdata, &datalen);
 | ||||
| +
 | ||||
| +	if (data == NULL || datalen == 0) {
 | ||||
| +		fprintf(stderr, "Error: no data to encrypt/decrypt\n");
 | ||||
| +		return 2;
 | ||||
| +	}
 | ||||
| +
 | ||||
| +	cipher_init(&cc, c, key, keylen, iv, ivlen, encrypt);
 | ||||
| +
 | ||||
| +        xfree(key);
 | ||||
| +        xfree(iv);
 | ||||
| +
 | ||||
| +	outdata = malloc(datalen);
 | ||||
| +	if(outdata == NULL) {
 | ||||
| +		fprintf(stderr, "Error: memory allocation failure\n");
 | ||||
| +		return 2;
 | ||||
| +	}
 | ||||
| +
 | ||||
| +	cipher_crypt(&cc, outdata, data, datalen);
 | ||||
| +
 | ||||
| +        xfree(data);
 | ||||
| +
 | ||||
| +	cipher_cleanup(&cc);
 | ||||
| +
 | ||||
| +        for (p = outdata; datalen > 0; ++p, --datalen) {
 | ||||
| +		printf("%02X", (unsigned char)*p);
 | ||||
| +	}
 | ||||
| +
 | ||||
| +        xfree(outdata);
 | ||||
| +
 | ||||
| +        printf("\n");
 | ||||
| +        return 0;
 | ||||
| +}
 | ||||
| +
 | ||||
| diff -up openssh-5.9p1/Makefile.in.ctr-cavs openssh-5.9p1/Makefile.in
 | ||||
| --- openssh-5.9p1/Makefile.in.ctr-cavs	2012-01-13 15:59:06.539282357 +0100
 | ||||
| +++ openssh-5.9p1/Makefile.in	2012-01-13 15:59:06.588283373 +0100
 | ||||
| @@ -28,6 +28,7 @@ SSH_KEYSIGN=$(libexecdir)/ssh-keysign
 | ||||
|  SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper | ||||
|  SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper | ||||
|  SSH_KEYCAT=$(libexecdir)/ssh-keycat | ||||
| +CTR_CAVSTEST=$(libexecdir)/ctr-cavstest
 | ||||
|  SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper | ||||
|  PRIVSEP_PATH=@PRIVSEP_PATH@ | ||||
|  SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ | ||||
| @@ -63,7 +64,7 @@ EXEEXT=@EXEEXT@
 | ||||
|  MANFMT=@MANFMT@ | ||||
|  INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@ | ||||
|   | ||||
| -TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT)
 | ||||
| +TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT)
 | ||||
|   | ||||
|  LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ | ||||
|  	canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ | ||||
| @@ -171,6 +172,9 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l
 | ||||
|  ssh-keycat$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keycat.o | ||||
|  	$(LD) -o $@ ssh-keycat.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(SSHDLIBS) | ||||
|   | ||||
| +ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
 | ||||
| +	$(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
 | ||||
| +
 | ||||
|  ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o | ||||
|  	$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS) | ||||
|   | ||||
| @@ -271,6 +275,7 @@ install-files:
 | ||||
|  		$(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \ | ||||
|  	fi | ||||
|  	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keycat$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-keycat$(EXEEXT) | ||||
| +	$(INSTALL) -m 0755 $(STRIP_OPT) ctr-cavstest$(EXEEXT) $(DESTDIR)$(libexecdir)/ctr-cavstest$(EXEEXT)
 | ||||
|  	$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) | ||||
|  	$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) | ||||
|  	$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 | ||||
							
								
								
									
										11
									
								
								openssh.spec
									
									
									
									
									
								
							
							
						
						
									
										11
									
								
								openssh.spec
									
									
									
									
									
								
							| @ -75,7 +75,7 @@ | ||||
| 
 | ||||
| # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 | ||||
| %define openssh_ver 5.9p1 | ||||
| %define openssh_rel 15 | ||||
| %define openssh_rel 16 | ||||
| %define pam_ssh_agent_ver 0.9.2 | ||||
| %define pam_ssh_agent_rel 32 | ||||
| 
 | ||||
| @ -198,6 +198,8 @@ Patch710: openssh-5.9p1-copy-id-restorecon.patch | ||||
| Patch711: openssh-5.9p1-log-usepam-no.patch | ||||
| # make aes-ctr ciphers use EVP engines such as AES-NI from OpenSSL | ||||
| Patch712: openssh-5.9p1-ctr-evp-fast.patch | ||||
| # add cavs test binary for the aes-ctr | ||||
| Patch713: openssh-5.9p1-ctr-cavstest.patch | ||||
| 
 | ||||
| #http://www.sxw.org.uk/computing/patches/openssh.html | ||||
| Patch800: openssh-5.9p1-gsskex.patch | ||||
| @ -446,6 +448,7 @@ popd | ||||
| %patch710 -p1 -b .restorecon | ||||
| %patch711 -p1 -b .log-usepam-no | ||||
| %patch712 -p1 -b .evp-ctr | ||||
| %patch713 -p1 -b .ctr-cavs | ||||
| 
 | ||||
| %patch800 -p1 -b .gsskex | ||||
| %patch801 -p1 -b .force_krb | ||||
| @ -697,6 +700,7 @@ fi | ||||
| %attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1* | ||||
| %attr(0755,root,root) %dir %{_libexecdir}/openssh | ||||
| %attr(2111,root,ssh_keys) %{_libexecdir}/openssh/ssh-keysign | ||||
| %attr(0755,root,root) %{_libexecdir}/openssh/ctr-cavstest | ||||
| %attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8* | ||||
| %endif | ||||
| %if %{scard} | ||||
| @ -791,7 +795,10 @@ fi | ||||
| %endif | ||||
| 
 | ||||
| %changelog | ||||
| * Tue Dec 06 2011 Tomas Mraz <tmraz@redhat.com> 5.9p1-15 + 0.9.2-32 | ||||
| * Fri Dec 13 2011 Tomas Mraz <tmraz@redhat.com> 5.9p1-16 + 0.9.2-32 | ||||
| - add CAVS test driver for the aes-ctr ciphers | ||||
| 
 | ||||
| * Wed Dec 11 2011 Tomas Mraz <tmraz@redhat.com> 5.9p1-15 + 0.9.2-32 | ||||
| - enable aes-ctr ciphers use the EVP engines from OpenSSL such as the AES-NI | ||||
| 
 | ||||
| * Tue Dec 06 2011 Petr Lautrbach <plautrba@redhat.com> 5.9p1-14 + 0.9.2-32 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user