kris
/
boringssl
1
0
Форк 0
Код Проблеми 0 Запити на злиття 0 Релізи 0 Вікі Активність
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
528 Коміти
12 Гілки
38 MiB
 
 
 
 
 
 
Дерево: f4b4952719
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з 'f4b4952719'
${ noResults }
boringssl/crypto/cipher/aead_test.c

311 рядки
8.6 KiB
Неформатований Звинувачення Історія 

  1. /* Copyright (c) 2014, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #include <stdint.h>

  16. #include <stdio.h>

  17. #include <stdlib.h>

  18. #include <string.h>

  19. 

  20. #include <openssl/aead.h>

  21. #include <openssl/crypto.h>

  22. 

  23. /* This program tests an AEAD against a series of test vectors from a file. The

  24.  * test vector file consists of key-value lines where the key and value are

  25.  * separated by a colon and optional whitespace. The keys are listed in

  26.  * |NAMES|, below. The values are hex-encoded data.

  27.  *

  28.  * After a number of key-value lines, a blank line or EOF indicates the end of

  29.  * the test case.

  30.  *

  31.  * For example, here's a valid test case:

  32.  *

  33.  *   KEY: 5a19f3173586b4c42f8412f4d5a786531b3231753e9e00998aec12fda8df10e4

  34.  *   NONCE: 978105dfce667bf4

  35.  *   IN: 6a4583908d

  36.  *   AD: b654574932

  37.  *   CT: 5294265a60

  38.  *   TAG: 1d45758621762e061368e68868e2f929

  39.  */

  40. 

  41. #define BUF_MAX 512

  42. 

  43. /* These are the different types of line that are found in the input file. */

  44. enum {

  45.   KEY = 0, /* hex encoded key. */

  46.   NONCE,   /* hex encoded nonce. */

  47.   IN,      /* hex encoded plaintext. */

  48.   AD,      /* hex encoded additional data. */

  49.   CT,      /* hex encoded ciphertext (not including the authenticator,

  50.               which is next). */

  51.   TAG,     /* hex encoded authenticator. */

  52.   NUM_TYPES,

  53. };

  54. 

  55. static const char NAMES[6][NUM_TYPES] = {

  56.     "KEY", "NONCE", "IN", "AD", "CT", "TAG",

  57. };

  58. 

  59. static unsigned char hex_digit(char h) {

  60.   if (h >= '0' && h <= '9') {

  61.     return h - '0';

  62.   } else if (h >= 'a' && h <= 'f') {

  63.     return h - 'a' + 10;

  64.   } else if (h >= 'A' && h <= 'F') {

  65.     return h - 'A' + 10;

  66.   } else {

  67.     return 16;

  68.   }

  69. }

  70. 

  71. static int run_test_case(const EVP_AEAD *aead,

  72.                          unsigned char bufs[NUM_TYPES][BUF_MAX],

  73.                          const unsigned int lengths[NUM_TYPES],

  74.                          unsigned int line_no) {

  75.   EVP_AEAD_CTX ctx;

  76.   size_t ciphertext_len, plaintext_len;

  77.   unsigned char out[BUF_MAX + EVP_AEAD_MAX_OVERHEAD], out2[BUF_MAX];

  78. 

  79.   if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY], lengths[TAG],

  80.                          NULL)) {

  81.     fprintf(stderr, "Failed to init AEAD on line %u\n", line_no);

  82.     return 0;

  83.   }

  84. 

  85.   if (!EVP_AEAD_CTX_seal(&ctx, out, &ciphertext_len, sizeof(out), bufs[NONCE],

  86.                          lengths[NONCE], bufs[IN], lengths[IN], bufs[AD],

  87.                          lengths[AD])) {

  88.     fprintf(stderr, "Failed to run AEAD on line %u\n", line_no);

  89.     return 0;

  90.   }

  91. 

  92.   if (ciphertext_len != lengths[CT] + lengths[TAG]) {

  93.     fprintf(stderr, "Bad output length on line %u: %u vs %u\n", line_no,

  94.             (unsigned)ciphertext_len, (unsigned)(lengths[CT] + lengths[TAG]));

  95.     return 0;

  96.   }

  97. 

  98.   if (memcmp(out, bufs[CT], lengths[CT]) != 0) {

  99.     fprintf(stderr, "Bad output on line %u\n", line_no);

  100.     return 0;

  101.   }

  102. 

  103.   if (memcmp(out + lengths[CT], bufs[TAG], lengths[TAG]) != 0) {

  104.     fprintf(stderr, "Bad tag on line %u\n", line_no);

  105.     return 0;

  106.   }

  107. 

  108.   /* The "stateful" AEADs for implementing pre-AEAD cipher suites need to be

  109.    * reset after each operation. */

  110.   EVP_AEAD_CTX_cleanup(&ctx);

  111.   if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY], lengths[TAG],

  112.                          NULL)) {

  113.     fprintf(stderr, "Failed to init AEAD on line %u\n", line_no);

  114.     return 0;

  115.   }

  116. 

  117.   if (!EVP_AEAD_CTX_open(&ctx, out2, &plaintext_len, lengths[IN], bufs[NONCE],

  118.                          lengths[NONCE], out, ciphertext_len, bufs[AD],

  119.                          lengths[AD])) {

  120.     fprintf(stderr, "Failed to decrypt on line %u\n", line_no);

  121.     return 0;

  122.   }

  123. 

  124.   if (plaintext_len != lengths[IN]) {

  125.     fprintf(stderr, "Bad decrypt on line %u: %u\n", line_no,

  126.             (unsigned)ciphertext_len);

  127.     return 0;

  128.   }

  129. 

  130.   /* The "stateful" AEADs for implementing pre-AEAD cipher suites need to be

  131.    * reset after each operation. */

  132.   EVP_AEAD_CTX_cleanup(&ctx);

  133.   if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY], lengths[TAG],

  134.                          NULL)) {

  135.     fprintf(stderr, "Failed to init AEAD on line %u\n", line_no);

  136.     return 0;

  137.   }

  138. 

  139.   out[0] ^= 0x80;

  140.   if (EVP_AEAD_CTX_open(&ctx, out2, &plaintext_len, lengths[IN], bufs[NONCE],

  141.                         lengths[NONCE], out, ciphertext_len, bufs[AD],

  142.                         lengths[AD])) {

  143.     fprintf(stderr, "Decrypted bad data on line %u\n", line_no);

  144.     return 0;

  145.   }

  146. 

  147.   EVP_AEAD_CTX_cleanup(&ctx);

  148.   return 1;

  149. }

  150. 

  151. int main(int argc, char **argv) {

  152.   FILE *f;

  153.   const EVP_AEAD *aead = NULL;

  154.   unsigned int line_no = 0, num_tests = 0, j;

  155. 

  156.   unsigned char bufs[NUM_TYPES][BUF_MAX];

  157.   unsigned int lengths[NUM_TYPES];

  158. 

  159.   CRYPTO_library_init();

  160. 

  161.   if (argc != 3) {

  162.     fprintf(stderr, "%s <aead> <test file.txt>\n", argv[0]);

  163.     return 1;

  164.   }

  165. 

  166.   if (strcmp(argv[1], "aes-128-gcm") == 0) {

  167.     aead = EVP_aead_aes_128_gcm();

  168.   } else if (strcmp(argv[1], "aes-256-gcm") == 0) {

  169.     aead = EVP_aead_aes_256_gcm();

  170.   } else if (strcmp(argv[1], "chacha20-poly1305") == 0) {

  171.     aead = EVP_aead_chacha20_poly1305();

  172.   } else if (strcmp(argv[1], "rc4-md5") == 0) {

  173.     aead = EVP_aead_rc4_md5_tls();

  174.   } else if (strcmp(argv[1], "aes-128-key-wrap") == 0) {

  175.     aead = EVP_aead_aes_128_key_wrap();

  176.   } else if (strcmp(argv[1], "aes-256-key-wrap") == 0) {

  177.     aead = EVP_aead_aes_256_key_wrap();

  178.   } else {

  179.     fprintf(stderr, "Unknown AEAD: %s\n", argv[1]);

  180.     return 2;

  181.   }

  182. 

  183.   f = fopen(argv[2], "r");

  184.   if (f == NULL) {

  185.     perror("failed to open input");

  186.     return 1;

  187.   }

  188. 

  189.   for (j = 0; j < NUM_TYPES; j++) {

  190.     lengths[j] = 0;

  191.   }

  192. 

  193.   for (;;) {

  194.     char line[4096];

  195.     unsigned int i, type_len = 0;

  196. 

  197.     unsigned char *buf = NULL;

  198.     unsigned int *buf_len = NULL;

  199. 

  200.     if (!fgets(line, sizeof(line), f)) {

  201.       line[0] = 0;

  202.     }

  203. 

  204.     line_no++;

  205.     if (line[0] == '#') {

  206.       continue;

  207.     }

  208. 

  209.     if (line[0] == '\n' || line[0] == 0) {

  210.       /* Run a test, if possible. */

  211.       char any_values_set = 0;

  212.       for (j = 0; j < NUM_TYPES; j++) {

  213.         if (lengths[j] != 0) {

  214.           any_values_set = 1;

  215.           break;

  216.         }

  217.       }

  218. 

  219.       if (any_values_set) {

  220.         if (!run_test_case(aead, bufs, lengths, line_no)) {

  221.           return 4;

  222.         }

  223. 

  224.         for (j = 0; j < NUM_TYPES; j++) {

  225.           lengths[j] = 0;

  226.         }

  227. 

  228.         num_tests++;

  229.       }

  230. 

  231.       if (line[0] == 0) {

  232.         break;

  233.       }

  234.       continue;

  235.     }

  236. 

  237.     /* Each line looks like:

  238.      *   TYPE: 0123abc

  239.      * Where "TYPE" is the type of the data on the line,

  240.      * e.g. "KEY". */

  241.     for (i = 0; line[i] != 0 && line[i] != '\n'; i++) {

  242.       if (line[i] == ':') {

  243.         type_len = i;

  244.         break;

  245.       }

  246.     }

  247.     i++;

  248. 

  249.     if (type_len == 0) {

  250.       fprintf(stderr, "Parse error on line %u\n", line_no);

  251.       return 3;

  252.     }

  253. 

  254.     /* After the colon, there's optional whitespace. */

  255.     for (; line[i] != 0 && line[i] != '\n'; i++) {

  256.       if (line[i] != ' ' && line[i] != '\t') {

  257.         break;

  258.       }

  259.     }

  260. 

  261.     line[type_len] = 0;

  262.     for (j = 0; j < NUM_TYPES; j++) {

  263.       if (strcmp(line, NAMES[j]) != 0) {

  264.         continue;

  265.       }

  266.       if (lengths[j] != 0) {

  267.         fprintf(stderr, "Duplicate value on line %u\n", line_no);

  268.         return 3;

  269.       }

  270.       buf = bufs[j];

  271.       buf_len = &lengths[j];

  272.     }

  273. 

  274.     if (buf == NULL) {

  275.       fprintf(stderr, "Unknown line type on line %u\n", line_no);

  276.       return 3;

  277.     }

  278. 

  279.     j = 0;

  280.     for (; line[i] != 0 && line[i] != '\n'; i++) {

  281.       unsigned char v, v2;

  282.       v = hex_digit(line[i++]);

  283.       if (line[i] == 0 || line[i] == '\n') {

  284.         fprintf(stderr, "Odd-length hex data on line %u\n", line_no);

  285.         return 3;

  286.       }

  287.       v2 = hex_digit(line[i]);

  288.       if (v > 15 || v2 > 15) {

  289.         fprintf(stderr, "Invalid hex char on line %u\n", line_no);

  290.         return 3;

  291.       }

  292.       v <<= 4;

  293.       v |= v2;

  294. 

  295.       if (j == BUF_MAX) {

  296.         fprintf(stderr, "Too much hex data on line %u (max is %u bytes)\n",

  297.                 line_no, (unsigned)BUF_MAX);

  298.         return 3;

  299.       }

  300.       buf[j++] = v;

  301.       *buf_len = *buf_len + 1;

  302.     }

  303.   }

  304. 

  305.   printf("Completed %u test cases\n", num_tests);

  306.   printf("PASS\n");

  307.   fclose(f);

  308. 

  309.   return 0;

  310. }