add CAVS test driver for the aes-ctr ciphers
This commit is contained in:
parent
6148abd585
commit
017c65d99b
250
openssh-5.9p1-ctr-cavstest.patch
Normal file
250
openssh-5.9p1-ctr-cavstest.patch
Normal file
@ -0,0 +1,250 @@
|
|||||||
|
diff -up openssh-5.9p1/ctr-cavstest.c.ctr-cavs openssh-5.9p1/ctr-cavstest.c
|
||||||
|
--- openssh-5.9p1/ctr-cavstest.c.ctr-cavs 2012-01-13 15:59:06.584283289 +0100
|
||||||
|
+++ openssh-5.9p1/ctr-cavstest.c 2012-01-13 18:21:33.791941027 +0100
|
||||||
|
@@ -0,0 +1,208 @@
|
||||||
|
+/*
|
||||||
|
+ *
|
||||||
|
+ * invocation (all of the following are equal):
|
||||||
|
+ * ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt --data a6deca405eef2e8e4609abf3c3ccf4a6
|
||||||
|
+ * ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt --data a6deca405eef2e8e4609abf3c3ccf4a6 --iv 00000000000000000000000000000000
|
||||||
|
+ * echo -n a6deca405eef2e8e4609abf3c3ccf4a6 | ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#include "includes.h"
|
||||||
|
+
|
||||||
|
+#include <sys/types.h>
|
||||||
|
+#include <sys/param.h>
|
||||||
|
+#include <stdarg.h>
|
||||||
|
+#include <stdio.h>
|
||||||
|
+#include <stdlib.h>
|
||||||
|
+#include <string.h>
|
||||||
|
+#include <ctype.h>
|
||||||
|
+
|
||||||
|
+#include "xmalloc.h"
|
||||||
|
+#include "log.h"
|
||||||
|
+#include "cipher.h"
|
||||||
|
+
|
||||||
|
+/* compatibility with old or broken OpenSSL versions */
|
||||||
|
+#include "openbsd-compat/openssl-compat.h"
|
||||||
|
+
|
||||||
|
+void usage(void) {
|
||||||
|
+ fprintf(stderr, "Usage: ctr-cavstest --algo <ssh-crypto-algorithm>\n"
|
||||||
|
+ " --key <hexadecimal-key> --mode <encrypt|decrypt>\n"
|
||||||
|
+ " [--iv <hexadecimal-iv>] --data <hexadecimal-data>\n\n"
|
||||||
|
+ "Hexadecimal output is printed to stdout.\n"
|
||||||
|
+ "Hexadecimal input data can be alternatively read from stdin.\n");
|
||||||
|
+ exit(1);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void *fromhex(char *hex, size_t *len)
|
||||||
|
+{
|
||||||
|
+ unsigned char *bin;
|
||||||
|
+ char *p;
|
||||||
|
+ size_t n = 0;
|
||||||
|
+ int shift = 4;
|
||||||
|
+ unsigned char out = 0;
|
||||||
|
+ unsigned char *optr;
|
||||||
|
+
|
||||||
|
+ bin = xmalloc(strlen(hex)/2);
|
||||||
|
+ optr = bin;
|
||||||
|
+
|
||||||
|
+ for (p = hex; *p != '\0'; ++p) {
|
||||||
|
+ unsigned char c;
|
||||||
|
+
|
||||||
|
+ c = *p;
|
||||||
|
+ if (isspace(c))
|
||||||
|
+ continue;
|
||||||
|
+
|
||||||
|
+ if (c >= '0' && c <= '9') {
|
||||||
|
+ c = c - '0';
|
||||||
|
+ } else if (c >= 'A' && c <= 'F') {
|
||||||
|
+ c = c - 'A' + 10;
|
||||||
|
+ } else if (c >= 'a' && c <= 'f') {
|
||||||
|
+ c = c - 'a' + 10;
|
||||||
|
+ } else {
|
||||||
|
+ /* truncate on nonhex cipher */
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ out |= c << shift;
|
||||||
|
+ shift = (shift + 4) % 8;
|
||||||
|
+
|
||||||
|
+ if (shift) {
|
||||||
|
+ *(optr++) = out;
|
||||||
|
+ out = 0;
|
||||||
|
+ ++n;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ *len = n;
|
||||||
|
+ return bin;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+#define READ_CHUNK 4096
|
||||||
|
+#define MAX_READ_SIZE 1024*1024*100
|
||||||
|
+char *read_stdin(void)
|
||||||
|
+{
|
||||||
|
+ char *buf;
|
||||||
|
+ size_t n, total = 0;
|
||||||
|
+
|
||||||
|
+ buf = xmalloc(READ_CHUNK);
|
||||||
|
+
|
||||||
|
+ do {
|
||||||
|
+ n = fread(buf + total, 1, READ_CHUNK, stdin);
|
||||||
|
+ if (n < READ_CHUNK) /* terminate on short read */
|
||||||
|
+ break;
|
||||||
|
+
|
||||||
|
+ total += n;
|
||||||
|
+ buf = xrealloc(buf, total + READ_CHUNK, 1);
|
||||||
|
+ } while(total < MAX_READ_SIZE);
|
||||||
|
+ return buf;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int main (int argc, char *argv[])
|
||||||
|
+{
|
||||||
|
+
|
||||||
|
+ Cipher *c;
|
||||||
|
+ CipherContext cc;
|
||||||
|
+ char *algo = "aes128-ctr";
|
||||||
|
+ char *hexkey = NULL;
|
||||||
|
+ char *hexiv = "00000000000000000000000000000000";
|
||||||
|
+ char *hexdata = NULL;
|
||||||
|
+ char *p;
|
||||||
|
+ int i;
|
||||||
|
+ int encrypt = 1;
|
||||||
|
+ void *key;
|
||||||
|
+ size_t keylen;
|
||||||
|
+ void *iv;
|
||||||
|
+ size_t ivlen;
|
||||||
|
+ void *data;
|
||||||
|
+ size_t datalen;
|
||||||
|
+ void *outdata;
|
||||||
|
+
|
||||||
|
+ for (i = 1; i < argc; ++i) {
|
||||||
|
+ if (strcmp(argv[i], "--algo") == 0) {
|
||||||
|
+ algo = argv[++i];
|
||||||
|
+ } else if (strcmp(argv[i], "--key") == 0) {
|
||||||
|
+ hexkey = argv[++i];
|
||||||
|
+ } else if (strcmp(argv[i], "--mode") == 0) {
|
||||||
|
+ ++i;
|
||||||
|
+ if (argv[i] == NULL) {
|
||||||
|
+ usage();
|
||||||
|
+ }
|
||||||
|
+ if (strncmp(argv[i], "enc", 3) == 0) {
|
||||||
|
+ encrypt = 1;
|
||||||
|
+ } else if (strncmp(argv[i], "dec", 3) == 0) {
|
||||||
|
+ encrypt = 0;
|
||||||
|
+ } else {
|
||||||
|
+ usage();
|
||||||
|
+ }
|
||||||
|
+ } else if (strcmp(argv[i], "--iv") == 0) {
|
||||||
|
+ hexiv = argv[++i];
|
||||||
|
+ } else if (strcmp(argv[i], "--data") == 0) {
|
||||||
|
+ hexdata = argv[++i];
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (hexkey == NULL || algo == NULL) {
|
||||||
|
+ usage();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ SSLeay_add_all_algorithms();
|
||||||
|
+
|
||||||
|
+ c = cipher_by_name(algo);
|
||||||
|
+ if (c == NULL) {
|
||||||
|
+ fprintf(stderr, "Error: unknown algorithm\n");
|
||||||
|
+ return 2;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (hexdata == NULL) {
|
||||||
|
+ hexdata = read_stdin();
|
||||||
|
+ } else {
|
||||||
|
+ hexdata = xstrdup(hexdata);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ key = fromhex(hexkey, &keylen);
|
||||||
|
+
|
||||||
|
+ if (keylen != 16 && keylen != 24 && keylen == 32) {
|
||||||
|
+ fprintf(stderr, "Error: unsupported key length\n");
|
||||||
|
+ return 2;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ iv = fromhex(hexiv, &ivlen);
|
||||||
|
+
|
||||||
|
+ if (ivlen != 16) {
|
||||||
|
+ fprintf(stderr, "Error: unsupported iv length\n");
|
||||||
|
+ return 2;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ data = fromhex(hexdata, &datalen);
|
||||||
|
+
|
||||||
|
+ if (data == NULL || datalen == 0) {
|
||||||
|
+ fprintf(stderr, "Error: no data to encrypt/decrypt\n");
|
||||||
|
+ return 2;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ cipher_init(&cc, c, key, keylen, iv, ivlen, encrypt);
|
||||||
|
+
|
||||||
|
+ xfree(key);
|
||||||
|
+ xfree(iv);
|
||||||
|
+
|
||||||
|
+ outdata = malloc(datalen);
|
||||||
|
+ if(outdata == NULL) {
|
||||||
|
+ fprintf(stderr, "Error: memory allocation failure\n");
|
||||||
|
+ return 2;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ cipher_crypt(&cc, outdata, data, datalen);
|
||||||
|
+
|
||||||
|
+ xfree(data);
|
||||||
|
+
|
||||||
|
+ cipher_cleanup(&cc);
|
||||||
|
+
|
||||||
|
+ for (p = outdata; datalen > 0; ++p, --datalen) {
|
||||||
|
+ printf("%02X", (unsigned char)*p);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ xfree(outdata);
|
||||||
|
+
|
||||||
|
+ printf("\n");
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
diff -up openssh-5.9p1/Makefile.in.ctr-cavs openssh-5.9p1/Makefile.in
|
||||||
|
--- openssh-5.9p1/Makefile.in.ctr-cavs 2012-01-13 15:59:06.539282357 +0100
|
||||||
|
+++ openssh-5.9p1/Makefile.in 2012-01-13 15:59:06.588283373 +0100
|
||||||
|
@@ -28,6 +28,7 @@ SSH_KEYSIGN=$(libexecdir)/ssh-keysign
|
||||||
|
SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper
|
||||||
|
SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper
|
||||||
|
SSH_KEYCAT=$(libexecdir)/ssh-keycat
|
||||||
|
+CTR_CAVSTEST=$(libexecdir)/ctr-cavstest
|
||||||
|
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
|
||||||
|
PRIVSEP_PATH=@PRIVSEP_PATH@
|
||||||
|
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
|
||||||
|
@@ -63,7 +64,7 @@ EXEEXT=@EXEEXT@
|
||||||
|
MANFMT=@MANFMT@
|
||||||
|
INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
|
||||||
|
|
||||||
|
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT)
|
||||||
|
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT)
|
||||||
|
|
||||||
|
LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
|
||||||
|
canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
|
||||||
|
@@ -171,6 +172,9 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l
|
||||||
|
ssh-keycat$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keycat.o
|
||||||
|
$(LD) -o $@ ssh-keycat.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(SSHDLIBS)
|
||||||
|
|
||||||
|
+ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
|
||||||
|
+ $(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
|
||||||
|
+
|
||||||
|
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
|
||||||
|
$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
|
||||||
|
|
||||||
|
@@ -271,6 +275,7 @@ install-files:
|
||||||
|
$(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
|
||||||
|
fi
|
||||||
|
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keycat$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-keycat$(EXEEXT)
|
||||||
|
+ $(INSTALL) -m 0755 $(STRIP_OPT) ctr-cavstest$(EXEEXT) $(DESTDIR)$(libexecdir)/ctr-cavstest$(EXEEXT)
|
||||||
|
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
|
||||||
|
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
||||||
|
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
|
11
openssh.spec
11
openssh.spec
@ -75,7 +75,7 @@
|
|||||||
|
|
||||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||||
%define openssh_ver 5.9p1
|
%define openssh_ver 5.9p1
|
||||||
%define openssh_rel 15
|
%define openssh_rel 16
|
||||||
%define pam_ssh_agent_ver 0.9.2
|
%define pam_ssh_agent_ver 0.9.2
|
||||||
%define pam_ssh_agent_rel 32
|
%define pam_ssh_agent_rel 32
|
||||||
|
|
||||||
@ -198,6 +198,8 @@ Patch710: openssh-5.9p1-copy-id-restorecon.patch
|
|||||||
Patch711: openssh-5.9p1-log-usepam-no.patch
|
Patch711: openssh-5.9p1-log-usepam-no.patch
|
||||||
# make aes-ctr ciphers use EVP engines such as AES-NI from OpenSSL
|
# make aes-ctr ciphers use EVP engines such as AES-NI from OpenSSL
|
||||||
Patch712: openssh-5.9p1-ctr-evp-fast.patch
|
Patch712: openssh-5.9p1-ctr-evp-fast.patch
|
||||||
|
# add cavs test binary for the aes-ctr
|
||||||
|
Patch713: openssh-5.9p1-ctr-cavstest.patch
|
||||||
|
|
||||||
#http://www.sxw.org.uk/computing/patches/openssh.html
|
#http://www.sxw.org.uk/computing/patches/openssh.html
|
||||||
Patch800: openssh-5.9p1-gsskex.patch
|
Patch800: openssh-5.9p1-gsskex.patch
|
||||||
@ -446,6 +448,7 @@ popd
|
|||||||
%patch710 -p1 -b .restorecon
|
%patch710 -p1 -b .restorecon
|
||||||
%patch711 -p1 -b .log-usepam-no
|
%patch711 -p1 -b .log-usepam-no
|
||||||
%patch712 -p1 -b .evp-ctr
|
%patch712 -p1 -b .evp-ctr
|
||||||
|
%patch713 -p1 -b .ctr-cavs
|
||||||
|
|
||||||
%patch800 -p1 -b .gsskex
|
%patch800 -p1 -b .gsskex
|
||||||
%patch801 -p1 -b .force_krb
|
%patch801 -p1 -b .force_krb
|
||||||
@ -697,6 +700,7 @@ fi
|
|||||||
%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
|
%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
|
||||||
%attr(0755,root,root) %dir %{_libexecdir}/openssh
|
%attr(0755,root,root) %dir %{_libexecdir}/openssh
|
||||||
%attr(2111,root,ssh_keys) %{_libexecdir}/openssh/ssh-keysign
|
%attr(2111,root,ssh_keys) %{_libexecdir}/openssh/ssh-keysign
|
||||||
|
%attr(0755,root,root) %{_libexecdir}/openssh/ctr-cavstest
|
||||||
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
|
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
|
||||||
%endif
|
%endif
|
||||||
%if %{scard}
|
%if %{scard}
|
||||||
@ -791,7 +795,10 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Dec 06 2011 Tomas Mraz <tmraz@redhat.com> 5.9p1-15 + 0.9.2-32
|
* Fri Dec 13 2011 Tomas Mraz <tmraz@redhat.com> 5.9p1-16 + 0.9.2-32
|
||||||
|
- add CAVS test driver for the aes-ctr ciphers
|
||||||
|
|
||||||
|
* Wed Dec 11 2011 Tomas Mraz <tmraz@redhat.com> 5.9p1-15 + 0.9.2-32
|
||||||
- enable aes-ctr ciphers use the EVP engines from OpenSSL such as the AES-NI
|
- enable aes-ctr ciphers use the EVP engines from OpenSSL such as the AES-NI
|
||||||
|
|
||||||
* Tue Dec 06 2011 Petr Lautrbach <plautrba@redhat.com> 5.9p1-14 + 0.9.2-32
|
* Tue Dec 06 2011 Petr Lautrbach <plautrba@redhat.com> 5.9p1-14 + 0.9.2-32
|
||||||
|
Loading…
Reference in New Issue
Block a user