kris
/
boringssl
1
0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
528 Revīzijas
12 Atzari
38 MiB
Koks: f4b4952719
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no 'f4b4952719'
${ noResults }
boringssl/crypto/cipher/aead_test.c

aead_test.c 8.6 KiB
Neapstrādāts Parastais skats Vēsture

AEAD tests.
pirms 10 gadiem
Add a CRYPTO_library_init and static-initializer-less build option. Chromium does not like static initializers, and the CPU logic uses one to initialize CPU bits. However, the crypto library lacks an explicit initialization function, which could complicate (no compile-time errors) porting existing code which uses crypto/, but not ssl/. Add an explicit CRYPTO_library_init function, but make it a no-op by default. It only does anything (and is required) if building with BORINGSSL_NO_STATIC_INITIALIZER. Change-Id: I6933bdc3447fb382b1f87c788e5b8142d6f3fe39 Reviewed-on: https://boringssl-review.googlesource.com/1770 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
AEAD tests.
pirms 10 gadiem
Add stitched RC4-MD5 as an AEAD. This change adds the stitched RC4-MD5 code from upstream OpenSSL but exposes it as an AEAD. It's not a normal AEAD (it's stateful thus doesn't take an nonce) but forcing pre-AEAD cipher suites in the AEAD interface is less painful than forcing AEADs into the EVP_CIPHER interface. Over time, more and more cipher suites will be exposed as TLS-specific AEADs and then ssl/ can drop support for EVP_CIPHER. See original code from upstream: https://github.com/openssl/openssl/blob/master/crypto/evp/e_rc4_hmac_md5.c Change-Id: Ia9267b224747f02be6b934ea0b2b50e1f529fab9 Reviewed-on: https://boringssl-review.googlesource.com/1043 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
AEAD tests.
pirms 10 gadiem
Add stitched RC4-MD5 as an AEAD. This change adds the stitched RC4-MD5 code from upstream OpenSSL but exposes it as an AEAD. It's not a normal AEAD (it's stateful thus doesn't take an nonce) but forcing pre-AEAD cipher suites in the AEAD interface is less painful than forcing AEADs into the EVP_CIPHER interface. Over time, more and more cipher suites will be exposed as TLS-specific AEADs and then ssl/ can drop support for EVP_CIPHER. See original code from upstream: https://github.com/openssl/openssl/blob/master/crypto/evp/e_rc4_hmac_md5.c Change-Id: Ia9267b224747f02be6b934ea0b2b50e1f529fab9 Reviewed-on: https://boringssl-review.googlesource.com/1043 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
AEAD tests.
pirms 10 gadiem
Add a CRYPTO_library_init and static-initializer-less build option. Chromium does not like static initializers, and the CPU logic uses one to initialize CPU bits. However, the crypto library lacks an explicit initialization function, which could complicate (no compile-time errors) porting existing code which uses crypto/, but not ssl/. Add an explicit CRYPTO_library_init function, but make it a no-op by default. It only does anything (and is required) if building with BORINGSSL_NO_STATIC_INITIALIZER. Change-Id: I6933bdc3447fb382b1f87c788e5b8142d6f3fe39 Reviewed-on: https://boringssl-review.googlesource.com/1770 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
AEAD tests.
pirms 10 gadiem
ChaCha20-Poly1305 support.
pirms 10 gadiem
Add stitched RC4-MD5 as an AEAD. This change adds the stitched RC4-MD5 code from upstream OpenSSL but exposes it as an AEAD. It's not a normal AEAD (it's stateful thus doesn't take an nonce) but forcing pre-AEAD cipher suites in the AEAD interface is less painful than forcing AEADs into the EVP_CIPHER interface. Over time, more and more cipher suites will be exposed as TLS-specific AEADs and then ssl/ can drop support for EVP_CIPHER. See original code from upstream: https://github.com/openssl/openssl/blob/master/crypto/evp/e_rc4_hmac_md5.c Change-Id: Ia9267b224747f02be6b934ea0b2b50e1f529fab9 Reviewed-on: https://boringssl-review.googlesource.com/1043 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
Add AES Key Wrap mode. This is needed in order to support Web Crypto. https://code.google.com/p/chromium/issues/detail?id=396407 Change-Id: I900d8cad2716c2e3341eeae153659502326c9173 Reviewed-on: https://boringssl-review.googlesource.com/1335 Reviewed-by: Adam Langley <agl@google.com>
pirms 10 gadiem
AEAD tests.
pirms 10 gadiem
Run AEAD test cases at the end of a file. aead_test reads test vectors from a file but used blank lines to indicate the end of a test case. If the file ended without a blank line to terminate the final test case, it would previously have been skipped. Change-Id: Id8dd34e86f0b912596dfb33234a894f8d9aa0235
pirms 10 gadiem
AEAD tests.
pirms 10 gadiem
Run AEAD test cases at the end of a file. aead_test reads test vectors from a file but used blank lines to indicate the end of a test case. If the file ended without a blank line to terminate the final test case, it would previously have been skipped. Change-Id: Id8dd34e86f0b912596dfb33234a894f8d9aa0235
pirms 10 gadiem
AEAD tests.
pirms 10 gadiem
Run AEAD test cases at the end of a file. aead_test reads test vectors from a file but used blank lines to indicate the end of a test case. If the file ended without a blank line to terminate the final test case, it would previously have been skipped. Change-Id: Id8dd34e86f0b912596dfb33234a894f8d9aa0235
pirms 10 gadiem
AEAD tests.
pirms 10 gadiem
Run AEAD test cases at the end of a file. aead_test reads test vectors from a file but used blank lines to indicate the end of a test case. If the file ended without a blank line to terminate the final test case, it would previously have been skipped. Change-Id: Id8dd34e86f0b912596dfb33234a894f8d9aa0235
pirms 10 gadiem
AEAD tests.
pirms 10 gadiem
Run AEAD test cases at the end of a file. aead_test reads test vectors from a file but used blank lines to indicate the end of a test case. If the file ended without a blank line to terminate the final test case, it would previously have been skipped. Change-Id: Id8dd34e86f0b912596dfb33234a894f8d9aa0235
pirms 10 gadiem
AEAD tests.
pirms 10 gadiem
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310 
  1. /* Copyright (c) 2014, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #include <stdint.h>

  16. #include <stdio.h>

  17. #include <stdlib.h>

  18. #include <string.h>

  19. 

  20. #include <openssl/aead.h>

  21. #include <openssl/crypto.h>

  22. 

  23. /* This program tests an AEAD against a series of test vectors from a file. The

  24.  * test vector file consists of key-value lines where the key and value are

  25.  * separated by a colon and optional whitespace. The keys are listed in

  26.  * |NAMES|, below. The values are hex-encoded data.

  27.  *

  28.  * After a number of key-value lines, a blank line or EOF indicates the end of

  29.  * the test case.

  30.  *

  31.  * For example, here's a valid test case:

  32.  *

  33.  *   KEY: 5a19f3173586b4c42f8412f4d5a786531b3231753e9e00998aec12fda8df10e4

  34.  *   NONCE: 978105dfce667bf4

  35.  *   IN: 6a4583908d

  36.  *   AD: b654574932

  37.  *   CT: 5294265a60

  38.  *   TAG: 1d45758621762e061368e68868e2f929

  39.  */

  40. 

  41. #define BUF_MAX 512

  42. 

  43. /* These are the different types of line that are found in the input file. */

  44. enum {

  45.   KEY = 0, /* hex encoded key. */

  46.   NONCE,   /* hex encoded nonce. */

  47.   IN,      /* hex encoded plaintext. */

  48.   AD,      /* hex encoded additional data. */

  49.   CT,      /* hex encoded ciphertext (not including the authenticator,

  50.               which is next). */

  51.   TAG,     /* hex encoded authenticator. */

  52.   NUM_TYPES,

  53. };

  54. 

  55. static const char NAMES[6][NUM_TYPES] = {

  56.     "KEY", "NONCE", "IN", "AD", "CT", "TAG",

  57. };

  58. 

  59. static unsigned char hex_digit(char h) {

  60.   if (h >= '0' && h <= '9') {

  61.     return h - '0';

  62.   } else if (h >= 'a' && h <= 'f') {

  63.     return h - 'a' + 10;

  64.   } else if (h >= 'A' && h <= 'F') {

  65.     return h - 'A' + 10;

  66.   } else {

  67.     return 16;

  68.   }

  69. }

  70. 

  71. static int run_test_case(const EVP_AEAD *aead,

  72.                          unsigned char bufs[NUM_TYPES][BUF_MAX],

  73.                          const unsigned int lengths[NUM_TYPES],

  74.                          unsigned int line_no) {

  75.   EVP_AEAD_CTX ctx;

  76.   size_t ciphertext_len, plaintext_len;

  77.   unsigned char out[BUF_MAX + EVP_AEAD_MAX_OVERHEAD], out2[BUF_MAX];

  78. 

  79.   if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY], lengths[TAG],

  80.                          NULL)) {

  81.     fprintf(stderr, "Failed to init AEAD on line %u\n", line_no);

  82.     return 0;

  83.   }

  84. 

  85.   if (!EVP_AEAD_CTX_seal(&ctx, out, &ciphertext_len, sizeof(out), bufs[NONCE],

  86.                          lengths[NONCE], bufs[IN], lengths[IN], bufs[AD],

  87.                          lengths[AD])) {

  88.     fprintf(stderr, "Failed to run AEAD on line %u\n", line_no);

  89.     return 0;

  90.   }

  91. 

  92.   if (ciphertext_len != lengths[CT] + lengths[TAG]) {

  93.     fprintf(stderr, "Bad output length on line %u: %u vs %u\n", line_no,

  94.             (unsigned)ciphertext_len, (unsigned)(lengths[CT] + lengths[TAG]));

  95.     return 0;

  96.   }

  97. 

  98.   if (memcmp(out, bufs[CT], lengths[CT]) != 0) {

  99.     fprintf(stderr, "Bad output on line %u\n", line_no);

  100.     return 0;

  101.   }

  102. 

  103.   if (memcmp(out + lengths[CT], bufs[TAG], lengths[TAG]) != 0) {

  104.     fprintf(stderr, "Bad tag on line %u\n", line_no);

  105.     return 0;

  106.   }

  107. 

  108.   /* The "stateful" AEADs for implementing pre-AEAD cipher suites need to be

  109.    * reset after each operation. */

  110.   EVP_AEAD_CTX_cleanup(&ctx);

  111.   if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY], lengths[TAG],

  112.                          NULL)) {

  113.     fprintf(stderr, "Failed to init AEAD on line %u\n", line_no);

  114.     return 0;

  115.   }

  116. 

  117.   if (!EVP_AEAD_CTX_open(&ctx, out2, &plaintext_len, lengths[IN], bufs[NONCE],

  118.                          lengths[NONCE], out, ciphertext_len, bufs[AD],

  119.                          lengths[AD])) {

  120.     fprintf(stderr, "Failed to decrypt on line %u\n", line_no);

  121.     return 0;

  122.   }

  123. 

  124.   if (plaintext_len != lengths[IN]) {

  125.     fprintf(stderr, "Bad decrypt on line %u: %u\n", line_no,

  126.             (unsigned)ciphertext_len);

  127.     return 0;

  128.   }

  129. 

  130.   /* The "stateful" AEADs for implementing pre-AEAD cipher suites need to be

  131.    * reset after each operation. */

  132.   EVP_AEAD_CTX_cleanup(&ctx);

  133.   if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY], lengths[TAG],

  134.                          NULL)) {

  135.     fprintf(stderr, "Failed to init AEAD on line %u\n", line_no);

  136.     return 0;

  137.   }

  138. 

  139.   out[0] ^= 0x80;

  140.   if (EVP_AEAD_CTX_open(&ctx, out2, &plaintext_len, lengths[IN], bufs[NONCE],

  141.                         lengths[NONCE], out, ciphertext_len, bufs[AD],

  142.                         lengths[AD])) {

  143.     fprintf(stderr, "Decrypted bad data on line %u\n", line_no);

  144.     return 0;

  145.   }

  146. 

  147.   EVP_AEAD_CTX_cleanup(&ctx);

  148.   return 1;

  149. }

  150. 

  151. int main(int argc, char **argv) {

  152.   FILE *f;

  153.   const EVP_AEAD *aead = NULL;

  154.   unsigned int line_no = 0, num_tests = 0, j;

  155. 

  156.   unsigned char bufs[NUM_TYPES][BUF_MAX];

  157.   unsigned int lengths[NUM_TYPES];

  158. 

  159.   CRYPTO_library_init();

  160. 

  161.   if (argc != 3) {

  162.     fprintf(stderr, "%s <aead> <test file.txt>\n", argv[0]);

  163.     return 1;

  164.   }

  165. 

  166.   if (strcmp(argv[1], "aes-128-gcm") == 0) {

  167.     aead = EVP_aead_aes_128_gcm();

  168.   } else if (strcmp(argv[1], "aes-256-gcm") == 0) {

  169.     aead = EVP_aead_aes_256_gcm();

  170.   } else if (strcmp(argv[1], "chacha20-poly1305") == 0) {

  171.     aead = EVP_aead_chacha20_poly1305();

  172.   } else if (strcmp(argv[1], "rc4-md5") == 0) {

  173.     aead = EVP_aead_rc4_md5_tls();

  174.   } else if (strcmp(argv[1], "aes-128-key-wrap") == 0) {

  175.     aead = EVP_aead_aes_128_key_wrap();

  176.   } else if (strcmp(argv[1], "aes-256-key-wrap") == 0) {

  177.     aead = EVP_aead_aes_256_key_wrap();

  178.   } else {

  179.     fprintf(stderr, "Unknown AEAD: %s\n", argv[1]);

  180.     return 2;

  181.   }

  182. 

  183.   f = fopen(argv[2], "r");

  184.   if (f == NULL) {

  185.     perror("failed to open input");

  186.     return 1;

  187.   }

  188. 

  189.   for (j = 0; j < NUM_TYPES; j++) {

  190.     lengths[j] = 0;

  191.   }

  192. 

  193.   for (;;) {

  194.     char line[4096];

  195.     unsigned int i, type_len = 0;

  196. 

  197.     unsigned char *buf = NULL;

  198.     unsigned int *buf_len = NULL;

  199. 

  200.     if (!fgets(line, sizeof(line), f)) {

  201.       line[0] = 0;

  202.     }

  203. 

  204.     line_no++;

  205.     if (line[0] == '#') {

  206.       continue;

  207.     }

  208. 

  209.     if (line[0] == '\n' || line[0] == 0) {

  210.       /* Run a test, if possible. */

  211.       char any_values_set = 0;

  212.       for (j = 0; j < NUM_TYPES; j++) {

  213.         if (lengths[j] != 0) {

  214.           any_values_set = 1;

  215.           break;

  216.         }

  217.       }

  218. 

  219.       if (any_values_set) {

  220.         if (!run_test_case(aead, bufs, lengths, line_no)) {

  221.           return 4;

  222.         }

  223. 

  224.         for (j = 0; j < NUM_TYPES; j++) {

  225.           lengths[j] = 0;

  226.         }

  227. 

  228.         num_tests++;

  229.       }

  230. 

  231.       if (line[0] == 0) {

  232.         break;

  233.       }

  234.       continue;

  235.     }

  236. 

  237.     /* Each line looks like:

  238.      *   TYPE: 0123abc

  239.      * Where "TYPE" is the type of the data on the line,

  240.      * e.g. "KEY". */

  241.     for (i = 0; line[i] != 0 && line[i] != '\n'; i++) {

  242.       if (line[i] == ':') {

  243.         type_len = i;

  244.         break;

  245.       }

  246.     }

  247.     i++;

  248. 

  249.     if (type_len == 0) {

  250.       fprintf(stderr, "Parse error on line %u\n", line_no);

  251.       return 3;

  252.     }

  253. 

  254.     /* After the colon, there's optional whitespace. */

  255.     for (; line[i] != 0 && line[i] != '\n'; i++) {

  256.       if (line[i] != ' ' && line[i] != '\t') {

  257.         break;

  258.       }

  259.     }

  260. 

  261.     line[type_len] = 0;

  262.     for (j = 0; j < NUM_TYPES; j++) {

  263.       if (strcmp(line, NAMES[j]) != 0) {

  264.         continue;

  265.       }

  266.       if (lengths[j] != 0) {

  267.         fprintf(stderr, "Duplicate value on line %u\n", line_no);

  268.         return 3;

  269.       }

  270.       buf = bufs[j];

  271.       buf_len = &lengths[j];

  272.     }

  273. 

  274.     if (buf == NULL) {

  275.       fprintf(stderr, "Unknown line type on line %u\n", line_no);

  276.       return 3;

  277.     }

  278. 

  279.     j = 0;

  280.     for (; line[i] != 0 && line[i] != '\n'; i++) {

  281.       unsigned char v, v2;

  282.       v = hex_digit(line[i++]);

  283.       if (line[i] == 0 || line[i] == '\n') {

  284.         fprintf(stderr, "Odd-length hex data on line %u\n", line_no);

  285.         return 3;

  286.       }

  287.       v2 = hex_digit(line[i]);

  288.       if (v > 15 || v2 > 15) {

  289.         fprintf(stderr, "Invalid hex char on line %u\n", line_no);

  290.         return 3;

  291.       }

  292.       v <<= 4;

  293.       v |= v2;

  294. 

  295.       if (j == BUF_MAX) {

  296.         fprintf(stderr, "Too much hex data on line %u (max is %u bytes)\n",

  297.                 line_no, (unsigned)BUF_MAX);

  298.         return 3;

  299.       }

  300.       buf[j++] = v;

  301.       *buf_len = *buf_len + 1;

  302.     }

  303.   }

  304. 

  305.   printf("Completed %u test cases\n", num_tests);

  306.   printf("PASS\n");

  307.   fclose(f);

  308. 

  309.   return 0;

  310. }