fips/aes/fips_gcmtest.c

   1 /* fips/aes/fips_gcmtest.c */
   2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
   3  * project.
   4  */
   5 /* ====================================================================
   6  * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  *
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  *
  15  * 2. Redistributions in binary form must reproduce the above copyright
  16  *    notice, this list of conditions and the following disclaimer in
  17  *    the documentation and/or other materials provided with the
  18  *    distribution.
  19  *
  20  * 3. All advertising materials mentioning features or use of this
  21  *    software must display the following acknowledgment:
  22  *    "This product includes software developed by the OpenSSL Project
  23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  24  *
  25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26  *    endorse or promote products derived from this software without
  27  *    prior written permission. For written permission, please contact
  28  *    licensing@OpenSSL.org.
  29  *
  30  * 5. Products derived from this software may not be called "OpenSSL"
  31  *    nor may "OpenSSL" appear in their names without prior written
  32  *    permission of the OpenSSL Project.
  33  *
  34  * 6. Redistributions of any form whatsoever must retain the following
  35  *    acknowledgment:
  36  *    "This product includes software developed by the OpenSSL Project
  37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  38  *
  39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50  * OF THE POSSIBILITY OF SUCH DAMAGE.
  51  * ====================================================================
  52  */
  53
  54
  55 #define OPENSSL_FIPSAPI
  56 #include <openssl/opensslconf.h>
  57
  58 #ifndef OPENSSL_FIPS
  59 #include <stdio.h>
  60
  61 int main(int argc, char **argv)
  62 {
  63     printf("No FIPS GCM support\n");
  64     return(0);
  65 }
  66 #else
  67
  68 #include <openssl/bn.h>
  69 #include <openssl/dsa.h>
  70 #include <openssl/fips.h>
  71 #include <openssl/err.h>
  72 #include <openssl/evp.h>
  73 #include <string.h>
  74 #include <ctype.h>
  75
  76 #include "fips_utl.h"
  77
  78 static void gcmtest(int encrypt)
  79         {
  80         char buf[2048];
  81         char lbuf[2048];
  82         char *keyword, *value;
  83         int keylen = -1, ivlen = -1, aadlen = -1, taglen = -1, ptlen = -1;
  84         int rv;
  85         long l;
  86         unsigned char *key = NULL, *iv = NULL, *aad = NULL, *tag = NULL;
  87         unsigned char *ct = NULL, *pt = NULL;
  88         EVP_CIPHER_CTX ctx;
  89         const EVP_CIPHER *gcm;
  90         EVP_CIPHER_CTX_init(&ctx);
  91
  92         while(fgets(buf,sizeof buf,stdin) != NULL)
  93                 {
  94                 fputs(buf,stdout);
  95                 if (!parse_line(&keyword, &value, lbuf, buf))
  96                         continue;
  97                 if(!strcmp(keyword,"[Keylen"))
  98                         {
  99                         keylen = atoi(value);
 100                         if (keylen == 128)
 101                                 gcm = EVP_aes_128_gcm();
 102                         else if (keylen == 192)
 103                                 gcm = EVP_aes_192_gcm();
 104                         else if (keylen == 256)
 105                                 gcm = EVP_aes_256_gcm();
 106                         else
 107                                 {
 108                                 fprintf(stderr, "Unsupported keylen %d\n",
 109                                                         keylen);
 110                                 }
 111                         keylen >>= 3;
 112                         }
 113                 else if (!strcmp(keyword, "[IVlen"))
 114                         ivlen = atoi(value) >> 3;
 115                 else if (!strcmp(keyword, "[AADlen"))
 116                         aadlen = atoi(value) >> 3;
 117                 else if (!strcmp(keyword, "[Taglen"))
 118                         taglen = atoi(value) >> 3;
 119                 else if (!strcmp(keyword, "[PTlen"))
 120                         ptlen = atoi(value) >> 3;
 121                 else if(!strcmp(keyword,"Key"))
 122                         {
 123                         key = hex2bin_m(value, &l);
 124                         if (l != keylen)
 125                                 {
 126                                 fprintf(stderr, "Inconsistent Key length\n");
 127                                 exit(1);
 128                                 }
 129                         }
 130                 else if(!strcmp(keyword,"IV"))
 131                         {
 132                         iv = hex2bin_m(value, &l);
 133                         if (l != ivlen)
 134                                 {
 135                                 fprintf(stderr, "Inconsistent IV length\n");
 136                                 exit(1);
 137                                 }
 138                         }
 139                 else if(!strcmp(keyword,"CT"))
 140                         {
 141                         ct = hex2bin_m(value, &l);
 142                         if (l != ptlen)
 143                                 {
 144                                 fprintf(stderr, "Inconsistent CT length\n");
 145                                 exit(1);
 146                                 }
 147                         }
 148                 else if(!strcmp(keyword,"AAD"))
 149                         {
 150                         aad = hex2bin_m(value, &l);
 151                         if (l != aadlen)
 152                                 {
 153                                 fprintf(stderr, "Inconsistent AAD length\n");
 154                                 exit(1);
 155                                 }
 156                         }
 157                 else if(!strcmp(keyword,"Tag"))
 158                         {
 159                         tag = hex2bin_m(value, &l);
 160                         if (l != taglen)
 161                                 {
 162                                 fprintf(stderr, "Inconsistent Tag length\n");
 163                                 exit(1);
 164                                 }
 165                         if (encrypt)
 166                                 {
 167                                 fprintf(stderr, "Parse Error for Encrypt\n");
 168                                 exit(1);
 169                                 }
 170                         EVP_CipherInit_ex(&ctx, gcm, NULL, NULL, NULL, 0);
 171                         EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
 172                         EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, 0);
 173                         EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag);
 174                         if (aadlen)
 175                                 EVP_Cipher(&ctx, NULL, aad, aadlen);
 176                         if (ptlen)
 177                                 {
 178                                 pt = OPENSSL_malloc(ptlen);
 179                                 rv = EVP_Cipher(&ctx, pt, ct, ptlen);
 180                                 }
 181                         rv = EVP_Cipher(&ctx, NULL, NULL, 0);
 182                         if (rv < 0)
 183                                 printf("FAIL\n");
 184                         else
 185                                 OutputValue("PT", pt, ptlen, stdout, 0);
 186                         if (iv)
 187                                 OPENSSL_free(iv);
 188                         if (aad)
 189                                 OPENSSL_free(aad);
 190                         if (ct)
 191                                 OPENSSL_free(ct);
 192                         if (pt)
 193                                 OPENSSL_free(pt);
 194                         if (key)
 195                                 OPENSSL_free(key);
 196                         if (tag)
 197                                 OPENSSL_free(tag);
 198                         iv = aad = ct = pt = key = tag = NULL;
 199                         }
 200                 }
 201         }
 202
 203 int main(int argc,char **argv)
 204         {
 205         int encrypt;
 206         if(argc != 2)
 207                 {
 208                 fprintf(stderr,"%s [-encrypt|-decrypt]\n",argv[0]);
 209                 exit(1);
 210                 }
 211         fips_set_error_print();
 212         if(!FIPS_mode_set(1))
 213                 exit(1);
 214         if(!strcmp(argv[1],"-encrypt"))
 215                 encrypt = 1;
 216         else if(!strcmp(argv[1],"-decrypt"))
 217                 encrypt = 0;
 218         else
 219                 {
 220                 fprintf(stderr,"Don't know how to %s.\n",argv[1]);
 221                 exit(1);
 222                 }
 223
 224         gcmtest(encrypt);
 225
 226         return 0;
 227 }
 228
 229 #endif