X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=fips%2Faes%2Ffips_gcmtest.c;h=9f50857fb9075ed4cd67021d78dd2601af43655e;hp=856a0ddea1554fbdf6176005878bc51940e65854;hb=afdf3669218cfcfbcb83b070d35dfa71ea73f819;hpb=949c6f8ccf76be7367de4638ae948266179f696e diff --git a/fips/aes/fips_gcmtest.c b/fips/aes/fips_gcmtest.c index 856a0ddea1..9f50857fb9 100644 --- a/fips/aes/fips_gcmtest.c +++ b/fips/aes/fips_gcmtest.c @@ -75,7 +75,7 @@ int main(int argc, char **argv) #include "fips_utl.h" -static void gcmtest(int encrypt) +static void gcmtest(FILE *in, FILE *out, int encrypt) { char buf[2048]; char lbuf[2048]; @@ -89,9 +89,9 @@ static void gcmtest(int encrypt) const EVP_CIPHER *gcm = NULL; FIPS_cipher_ctx_init(&ctx); - while(fgets(buf,sizeof buf,stdin) != NULL) + while(fgets(buf,sizeof buf,in) != NULL) { - fputs(buf,stdout); + fputs(buf,out); if (!parse_line(&keyword, &value, lbuf, buf)) continue; if(!strcmp(keyword,"[Keylen")) @@ -194,7 +194,7 @@ static void gcmtest(int encrypt) fprintf(stderr, "IV gen error\n"); exit(1); } - OutputValue("IV", iv, ivlen, stdout, 0); + OutputValue("IV", iv, ivlen, out, 0); } else FIPS_cipherinit(&ctx, NULL, key, iv, 1); @@ -210,8 +210,8 @@ static void gcmtest(int encrypt) FIPS_cipher(&ctx, NULL, NULL, 0); FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, taglen, tag); - OutputValue("CT", ct, ptlen, stdout, 0); - OutputValue("Tag", tag, taglen, stdout, 0); + OutputValue("CT", ct, ptlen, out, 0); + OutputValue("Tag", tag, taglen, out, 0); if (iv) OPENSSL_free(iv); if (aad) @@ -243,9 +243,9 @@ static void gcmtest(int encrypt) } rv = FIPS_cipher(&ctx, NULL, NULL, 0); if (rv < 0) - printf("FAIL\n"); + fprintf(out, "FAIL" RESP_EOL); else - OutputValue("PT", pt, ptlen, stdout, 0); + OutputValue("PT", pt, ptlen, out, 0); if (iv) OPENSSL_free(iv); if (aad) @@ -261,32 +261,309 @@ static void gcmtest(int encrypt) iv = aad = ct = pt = key = tag = NULL; } } + FIPS_cipher_ctx_cleanup(&ctx); } -int main(int argc,char **argv) +static void xtstest(FILE *in, FILE *out) + { + char buf[204800]; + char lbuf[204800]; + char *keyword, *value; + int inlen = 0; + int encrypt = 0; + long l; + unsigned char *key = NULL, *iv = NULL; + unsigned char *inbuf = NULL, *outbuf = NULL; + EVP_CIPHER_CTX ctx; + const EVP_CIPHER *xts = NULL; + FIPS_cipher_ctx_init(&ctx); + + while(fgets(buf,sizeof buf,in) != NULL) + { + fputs(buf,out); + if (buf[0] == '[' && strlen(buf) >= 9) + { + if(!strncmp(buf,"[ENCRYPT]", 9)) + encrypt = 1; + else if(!strncmp(buf,"[DECRYPT]", 9)) + encrypt = 0; + } + if (!parse_line(&keyword, &value, lbuf, buf)) + continue; + else if(!strcmp(keyword,"Key")) + { + key = hex2bin_m(value, &l); + if (l == 32) + xts = EVP_aes_128_xts(); + else if (l == 64) + xts = EVP_aes_256_xts(); + else + { + fprintf(stderr, "Inconsistent Key length\n"); + exit(1); + } + } + else if(!strcmp(keyword,"i")) + { + iv = hex2bin_m(value, &l); + if (l != 16) + { + fprintf(stderr, "Inconsistent i length\n"); + exit(1); + } + } + else if(encrypt && !strcmp(keyword,"PT")) + { + inbuf = hex2bin_m(value, &l); + inlen = l; + } + else if(!encrypt && !strcmp(keyword,"CT")) + { + inbuf = hex2bin_m(value, &l); + inlen = l; + } + if (inbuf) + { + FIPS_cipherinit(&ctx, xts, key, iv, encrypt); + outbuf = OPENSSL_malloc(inlen); + FIPS_cipher(&ctx, outbuf, inbuf, inlen); + OutputValue(encrypt ? "CT":"PT", outbuf, inlen, out, 0); + OPENSSL_free(inbuf); + OPENSSL_free(outbuf); + OPENSSL_free(key); + OPENSSL_free(iv); + iv = key = inbuf = outbuf = NULL; + } + } + FIPS_cipher_ctx_cleanup(&ctx); + } + +static void ccmtest(FILE *in, FILE *out) + { + char buf[200048]; + char lbuf[200048]; + char *keyword, *value; + long l; + unsigned char *Key = NULL, *Nonce = NULL; + unsigned char *Adata = NULL, *Payload = NULL; + unsigned char *CT = NULL; + int Plen = -1, Nlen = -1, Tlen = -1, Alen = -1; + int decr = 0; + EVP_CIPHER_CTX ctx; + const EVP_CIPHER *ccm = NULL; + FIPS_cipher_ctx_init(&ctx); + + while(fgets(buf,sizeof buf,in) != NULL) + { + char *p; + fputs(buf,out); + redo: + if (!parse_line(&keyword, &value, lbuf, buf)) + continue; + + /* If surrounded by square brackets zap them */ + if (keyword[0] == '[') + { + keyword++; + p = strchr(value, ']'); + if (p) + *p = 0; + } + /* See if we have a comma separated list of parameters + * if so copy rest of line back to buffer and redo later. + */ + p = strchr(value, ','); + if (p) + { + *p = 0; + strcpy(buf, p + 1); + strcat(buf, "\n"); + decr = 1; + } + if (!strcmp(keyword,"Plen")) + Plen = atoi(value); + else if (!strcmp(keyword,"Nlen")) + Nlen = atoi(value); + else if (!strcmp(keyword,"Tlen")) + Tlen = atoi(value); + else if (!strcmp(keyword,"Alen")) + Alen = atoi(value); + if (p) + goto redo; + if (!strcmp(keyword,"Key")) + { + if (Key) + OPENSSL_free(Key); + Key = hex2bin_m(value, &l); + if (l == 16) + ccm = EVP_aes_128_ccm(); + else if (l == 24) + ccm = EVP_aes_192_ccm(); + else if (l == 32) + ccm = EVP_aes_256_ccm(); + else + { + fprintf(stderr, "Inconsistent Key length\n"); + exit(1); + } + } + else if (!strcmp(keyword,"Nonce")) + { + if (Nonce) + OPENSSL_free(Nonce); + Nonce = hex2bin_m(value, &l); + if (l != Nlen) + { + fprintf(stderr, "Inconsistent nonce length\n"); + exit(1); + } + } + else if (!strcmp(keyword,"Payload") && !decr) + { + Payload = hex2bin_m(value, &l); + if (Plen && l != Plen) + { + fprintf(stderr, "Inconsistent Payload length\n"); + exit(1); + } + } + else if (!strcmp(keyword,"Adata")) + { + if (Adata) + OPENSSL_free(Adata); + Adata = hex2bin_m(value, &l); + if (Alen && l != Alen) + { + fprintf(stderr, "Inconsistent Payload length\n"); + exit(1); + } + } + else if (!strcmp(keyword,"CT") && decr) + { + CT = hex2bin_m(value, &l); + if (l != (Plen + Tlen)) + { + fprintf(stderr, "Inconsistent CT length\n"); + exit(1); + } + } + if (Payload) + { + FIPS_cipherinit(&ctx, ccm, NULL, NULL, 1); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, Tlen, 0); + FIPS_cipherinit(&ctx, NULL, Key, Nonce, 1); + + FIPS_cipher(&ctx, NULL, NULL, Plen); + FIPS_cipher(&ctx, NULL, Adata, Alen); + CT = OPENSSL_malloc(Plen + Tlen); + FIPS_cipher(&ctx, CT, Payload, Plen); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, Tlen, + CT + Plen); + OutputValue("CT", CT, Plen + Tlen, out, 0); + OPENSSL_free(CT); + OPENSSL_free(Payload); + CT = Payload = NULL; + } + if (CT) + { + int rv; + int len = Plen == 0 ? 1: Plen; + FIPS_cipherinit(&ctx, ccm, NULL, NULL, 0); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, + Tlen, CT + Plen); + FIPS_cipherinit(&ctx, NULL, Key, Nonce, 0); + FIPS_cipher(&ctx, NULL, NULL, Plen); + FIPS_cipher(&ctx, NULL, Adata, Alen); + Payload = OPENSSL_malloc(len); + rv = FIPS_cipher(&ctx, Payload, CT, Plen); + if (rv >= 0) + { + if (rv == 0) + Payload[0] = 0; + fputs("Result = Pass" RESP_EOL, out); + OutputValue("Payload", Payload, len, out, 0); + } + else + fputs("Result = Fail" RESP_EOL, out); + OPENSSL_free(CT); + OPENSSL_free(Payload); + CT = Payload = NULL; + } + } + if (Key) + OPENSSL_free(Key); + if (Nonce) + OPENSSL_free(Nonce); + if (Adata) + OPENSSL_free(Adata); + FIPS_cipher_ctx_cleanup(&ctx); + } + +#ifdef FIPS_ALGVS +int fips_gcmtest_main(int argc, char **argv) +#else +int main(int argc, char **argv) +#endif { int encrypt; - if(argc != 2) + int xts = 0, ccm = 0; + FILE *in, *out; + if (argc == 4) + { + in = fopen(argv[2], "r"); + if (!in) + { + fprintf(stderr, "Error opening input file\n"); + exit(1); + } + out = fopen(argv[3], "w"); + if (!out) + { + fprintf(stderr, "Error opening output file\n"); + exit(1); + } + } + else if (argc == 2) + { + in = stdin; + out = stdout; + } + else { fprintf(stderr,"%s [-encrypt|-decrypt]\n",argv[0]); exit(1); } - fips_set_error_print(); - if(!FIPS_mode_set(1)) - exit(1); + fips_algtest_init(); if(!strcmp(argv[1],"-encrypt")) encrypt = 1; else if(!strcmp(argv[1],"-encryptIVext")) encrypt = 2; else if(!strcmp(argv[1],"-decrypt")) encrypt = 0; + else if(!strcmp(argv[1],"-ccm")) + ccm = 1; + else if(!strcmp(argv[1],"-xts")) + xts = 1; else { fprintf(stderr,"Don't know how to %s.\n",argv[1]); exit(1); } - gcmtest(encrypt); + if (ccm) + ccmtest(in, out); + else if (xts) + xtstest(in, out); + else + gcmtest(in, out, encrypt); + + if (argc == 4) + { + fclose(in); + fclose(out); + } return 0; }