crypto/evp/aeadtest.c

   1 /* ====================================================================
   2  * Copyright (c) 2011-2013 The OpenSSL Project.  All rights reserved.
   3  *
   4  * Redistribution and use in source and binary forms, with or without
   5  * modification, are permitted provided that the following conditions
   6  * are met:
   7  *
   8  * 1. Redistributions of source code must retain the above copyright
   9  *    notice, this list of conditions and the following disclaimer.
  10  *
  11  * 2. Redistributions in binary form must reproduce the above copyright
  12  *    notice, this list of conditions and the following disclaimer in
  13  *    the documentation and/or other materials provided with the
  14  *    distribution.
  15  *
  16  * 3. All advertising materials mentioning features or use of this
  17  *    software must display the following acknowledgment:
  18  *    "This product includes software developed by the OpenSSL Project
  19  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  20  *
  21  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  22  *    endorse or promote products derived from this software without
  23  *    prior written permission. For written permission, please contact
  24  *    licensing@OpenSSL.org.
  25  *
  26  * 5. Products derived from this software may not be called "OpenSSL"
  27  *    nor may "OpenSSL" appear in their names without prior written
  28  *    permission of the OpenSSL Project.
  29  *
  30  * 6. Redistributions of any form whatsoever must retain the following
  31  *    acknowledgment:
  32  *    "This product includes software developed by the OpenSSL Project
  33  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  34  *
  35  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  36  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  37  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  38  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  39  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  40  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  41  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  42  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  43  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  44  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  45  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  46  * OF THE POSSIBILITY OF SUCH DAMAGE.
  47  * ====================================================================
  48  */
  49
  50 #include <stdio.h>
  51 #include <stdlib.h>
  52 #include <string.h>
  53 #include <stdint.h>
  54
  55 #include <openssl/evp.h>
  56
  57 /* This program tests an AEAD against a series of test vectors from a file. The
  58  * test vector file consists of key-value lines where the key and value are
  59  * separated by a colon and optional whitespace. The keys are listed in
  60  * |NAMES|, below. The values are hex-encoded data.
  61  *
  62  * After a number of key-value lines, a blank line or EOF indicates the end of
  63  * the test case.
  64  *
  65  * For example, here's a valid test case:
  66  *
  67  *   KEY: 5a19f3173586b4c42f8412f4d5a786531b3231753e9e00998aec12fda8df10e4
  68  *   NONCE: 978105dfce667bf4
  69  *   IN: 6a4583908d
  70  *   AD: b654574932
  71  *   CT: 5294265a60
  72  *   TAG: 1d45758621762e061368e68868e2f929
  73  */
  74
  75 #define BUF_MAX 512
  76
  77 /* These are the different types of line that are found in the input file. */
  78 enum
  79         {
  80         KEY = 0,  /* hex encoded key. */
  81         NONCE,    /* hex encoded nonce. */
  82         IN,       /* hex encoded plaintext. */
  83         AD,       /* hex encoded additional data. */
  84         CT,       /* hex encoded ciphertext (not including the authenticator,
  85                      which is next. */
  86         TAG,      /* hex encoded authenticator. */
  87         NUM_TYPES,
  88         };
  89
  90 static const char NAMES[6][NUM_TYPES] =
  91         {
  92         "KEY",
  93         "NONCE",
  94         "IN",
  95         "AD",
  96         "CT",
  97         "TAG",
  98         };
  99
 100 static unsigned char hex_digit(char h)
 101         {
 102         if (h >= '0' && h <= '9')
 103                 return h - '0';
 104         else if (h >= 'a' && h <= 'f')
 105                 return h - 'a' + 10;
 106         else if (h >= 'A' && h <= 'F')
 107                 return h - 'A' + 10;
 108         else
 109                 return 16;
 110         }
 111
 112 static int run_test_case(const EVP_AEAD* aead,
 113                          unsigned char bufs[NUM_TYPES][BUF_MAX],
 114                          const unsigned int lengths[NUM_TYPES],
 115                          unsigned int line_no)
 116         {
 117         EVP_AEAD_CTX ctx;
 118         ssize_t n;
 119         size_t un;
 120         unsigned char out[BUF_MAX+EVP_AEAD_MAX_TAG_LENGTH], out2[BUF_MAX];
 121
 122         if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY],
 123                                lengths[TAG], NULL))
 124                 {
 125                 fprintf(stderr, "Failed to init AEAD on line %u\n", line_no);
 126                 return 0;
 127                 }
 128
 129         n = EVP_AEAD_CTX_seal(
 130                 &ctx, out, sizeof(out),
 131                 bufs[NONCE], lengths[NONCE],
 132                 bufs[IN], lengths[IN],
 133                 bufs[AD], lengths[AD]);
 134
 135         if (n < 0)
 136                 {
 137                 fprintf(stderr, "Failed to run AEAD on line %u\n",
 138                         line_no);
 139                 return 0;
 140                 }
 141
 142         un = (size_t) n;
 143
 144         if (un != lengths[CT] + lengths[TAG])
 145                 {
 146                 fprintf(stderr, "Bad output length on line %u: %u vs %u\n",
 147                         line_no, (unsigned) un,
 148                         (unsigned)(lengths[CT] + lengths[TAG]));
 149                 return 0;
 150                 }
 151
 152         if (memcmp(out, bufs[CT], lengths[CT]) != 0)
 153                 {
 154                 fprintf(stderr, "Bad output on line %u\n", line_no);
 155                 return 0;
 156                 }
 157
 158         if (memcmp(out + lengths[CT], bufs[TAG], lengths[TAG]) != 0)
 159                 {
 160                 fprintf(stderr, "Bad tag on line %u\n", line_no);
 161                 return 0;
 162                 }
 163
 164         n = EVP_AEAD_CTX_open(&ctx, out2, lengths[IN],
 165                       bufs[NONCE], lengths[NONCE],
 166                       out, un,
 167                       bufs[AD], lengths[AD]);
 168         if (n < 0)
 169                 {
 170                 fprintf(stderr, "Failed to decrypt on line %u\n", line_no);
 171                 return 0;
 172                 }
 173
 174         if ((size_t) n != lengths[IN])
 175                 {
 176                 fprintf(stderr, "Bad decrypt on line %u: %u\n", line_no,
 177                         (unsigned) n);
 178                 return 0;
 179                 }
 180
 181         out[0] ^= 0x80;
 182         n = EVP_AEAD_CTX_open(&ctx, out2, lengths[IN],
 183                       bufs[NONCE], lengths[NONCE],
 184                       out, un,
 185                       bufs[AD], lengths[AD]);
 186         if (n >= 0)
 187                 {
 188                 fprintf(stderr, "Decrypted bad data on line %u\n", line_no);
 189                 return 0;
 190                 }
 191
 192         EVP_AEAD_CTX_cleanup(&ctx);
 193         return 1;
 194         }
 195
 196 int main(int argc, char **argv)
 197         {
 198         FILE *f;
 199         const EVP_AEAD *aead = NULL;
 200         unsigned int line_no = 0, num_tests = 0, j;
 201
 202         unsigned char bufs[NUM_TYPES][BUF_MAX];
 203         unsigned int lengths[NUM_TYPES];
 204
 205         if (argc != 3)
 206                 {
 207                 fprintf(stderr, "%s <aead> <test file.txt>\n", argv[0]);
 208                 return 1;
 209                 }
 210
 211         if (strcmp(argv[1], "chacha20-poly1305") == 0)
 212                 {
 213 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
 214                 aead = EVP_aead_chacha20_poly1305();
 215 #else
 216                 fprintf(stderr, "No chacha20-poly1305 support. Skipping test.\n");
 217                 return 0;
 218 #endif
 219                 }
 220         else if (strcmp(argv[1], "aes-128-gcm") == 0)
 221                 {
 222 #ifndef OPENSSL_NO_AES
 223                 aead = EVP_aead_aes_128_gcm();
 224 #else
 225                 fprintf(stderr, "No AES support. Skipping test.\n");
 226                 return 0;
 227 #endif
 228                 }
 229         else if (strcmp(argv[1], "aes-256-gcm") == 0)
 230                 {
 231 #ifndef OPENSSL_NO_AES
 232                 aead = EVP_aead_aes_256_gcm();
 233 #else
 234                 fprintf(stderr, "No AES support. Skipping test.\n");
 235                 return 0;
 236 #endif
 237                 }
 238         else
 239                 {
 240                 fprintf(stderr, "Unknown AEAD: %s\n", argv[1]);
 241                 return 2;
 242                 }
 243
 244         f = fopen(argv[2], "r");
 245         if (f == NULL)
 246                 {
 247                 perror("failed to open input");
 248                 return 1;
 249                 }
 250
 251         for (j = 0; j < NUM_TYPES; j++)
 252                 lengths[j] = 0;
 253
 254         for (;;)
 255                 {
 256                 char line[4096];
 257                 unsigned int i, type_len = 0;
 258
 259                 unsigned char *buf = NULL;
 260                 unsigned int *buf_len;
 261
 262                 if (!fgets(line, sizeof(line), f))
 263                         break;
 264
 265                 line_no++;
 266                 if (line[0] == '#')
 267                         continue;
 268
 269                 if (line[0] == '\n' || line[0] == 0)
 270                         {
 271                         /* Run a test, if possible. */
 272                         char any_values_set = 0;
 273                         for (j = 0; j < NUM_TYPES; j++)
 274                                 {
 275                                 if (lengths[j] != 0)
 276                                         {
 277                                         any_values_set = 1;
 278                                         break;
 279                                         }
 280                                 }
 281
 282                         if (!any_values_set)
 283                                 continue;
 284
 285                         if (!run_test_case(aead, bufs, lengths, line_no))
 286                                 return 4;
 287
 288                         for (j = 0; j < NUM_TYPES; j++)
 289                                 lengths[j] = 0;
 290
 291                         num_tests++;
 292                         continue;
 293                         }
 294
 295                 /* Each line looks like:
 296                  *   TYPE: 0123abc
 297                  * Where "TYPE" is the type of the data on the line,
 298                  * e.g. "KEY". */
 299                 for (i = 0; line[i] != 0 && line[i] != '\n'; i++)
 300                         {
 301                         if (line[i] == ':')
 302                                 {
 303                                 type_len = i;
 304                                 break;
 305                                 }
 306                         }
 307                 i++;
 308
 309                 if (type_len == 0)
 310                         {
 311                         fprintf(stderr, "Parse error on line %u\n",
 312                                 line_no);
 313                         return 3;
 314                         }
 315
 316                 /* After the colon, there's optional whitespace. */
 317                 for (; line[i] != 0 && line[i] != '\n'; i++)
 318                         {
 319                         if (line[i] != ' ' && line[i] != '\t')
 320                                 break;
 321                         }
 322
 323                 line[type_len] = 0;
 324                 for (j = 0; j < NUM_TYPES; j++)
 325                         {
 326                         if (strcmp(line, NAMES[j]) != 0)
 327                                 continue;
 328                         if (lengths[j] != 0)
 329                                 {
 330                                 fprintf(stderr, "Duplicate value on line %u\n",
 331                                         line_no);
 332                                 return 3;
 333                                 }
 334                         buf = bufs[j];
 335                         buf_len = &lengths[j];
 336                         }
 337
 338                 if (buf == NULL)
 339                         {
 340                         fprintf(stderr, "Unknown line type on line %u\n",
 341                                 line_no);
 342                         return 3;
 343                         }
 344
 345                 j = 0;
 346                 for (; line[i] != 0 && line[i] != '\n'; i++)
 347                         {
 348                         unsigned char v, v2;
 349                         v = hex_digit(line[i++]);
 350                         if (line[i] == 0 || line[i] == '\n')
 351                                 {
 352                                 fprintf(stderr, "Odd-length hex data"
 353                                                 " on line %u\n",
 354                                         line_no);
 355                                 return 3;
 356                                 }
 357                         v2 = hex_digit(line[i]);
 358                         if (v > 15 || v2 > 15)
 359                                 {
 360                                 fprintf(stderr, "Invalid hex char"
 361                                                 " on line %u\n",
 362                                         line_no);
 363                                 return 3;
 364                                 }
 365                         v <<= 4;
 366                         v |= v2;
 367
 368                         if (j == BUF_MAX)
 369                                 {
 370                                 fprintf(stderr, "Too much hex data"
 371                                                 " on line %u (max is"
 372                                                 " %u bytes)\n",
 373                                         line_no, (unsigned) BUF_MAX);
 374                                 return 3;
 375                                 }
 376                         buf[j++] = v;
 377                         *buf_len = *buf_len + 1;
 378                         }
 379                 }
 380
 381         printf("Completed %u test cases\n", num_tests);
 382         printf("PASS\n");
 383         fclose(f);
 384
 385         return 0;
 386         }