Experimental incomplete AES GCM algorithm test program.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 8 Feb 2011 18:15:59 +0000 (18:15 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 8 Feb 2011 18:15:59 +0000 (18:15 +0000)
fips/aes/Makefile
fips/aes/fips_gcmtest.c [new file with mode: 0644]
fips/fips_utl.h
test/Makefile

index 7b8b3a2..2d53e3d 100644 (file)
@@ -21,7 +21,7 @@ AFLAGS= $(ASFLAGS)
 CFLAGS= $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile
-TEST=fips_aesavs.c
+TEST=fips_aesavs.c fips_gcmtest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
diff --git a/fips/aes/fips_gcmtest.c b/fips/aes/fips_gcmtest.c
new file mode 100644 (file)
index 0000000..9a10e18
--- /dev/null
@@ -0,0 +1,228 @@
+/* fips/aes/fips_gcmtest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+
+#define OPENSSL_FIPSAPI
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_FIPS
+#include <stdio.h>
+
+int main(int argc, char **argv)
+{
+    printf("No FIPS GCM support\n");
+    return(0);
+}
+#else
+
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <string.h>
+#include <ctype.h>
+
+#include "fips_utl.h"
+
+static void gcmtest(int encrypt)
+       {
+       char buf[2048];
+       char lbuf[2048];
+       char *keyword, *value;
+       int keylen = -1, ivlen = -1, aadlen = -1, taglen = -1, ptlen = -1;
+       int rv;
+       long l;
+       unsigned char *key = NULL, *iv = NULL, *aad = NULL, *tag = NULL;
+       unsigned char *ct = NULL, *pt = NULL;
+       EVP_CIPHER_CTX ctx;
+       const EVP_CIPHER *gcm;
+       EVP_CIPHER_CTX_init(&ctx);
+
+       while(fgets(buf,sizeof buf,stdin) != NULL)
+               {
+               fputs(buf,stdout);
+               if (!parse_line(&keyword, &value, lbuf, buf))
+                       continue;
+               if(!strcmp(keyword,"[Keylen"))
+                       {
+                       keylen = atoi(value);
+                       if (keylen == 128)
+                               gcm = EVP_aes_128_gcm();
+                       else if (keylen == 192)
+                               gcm = EVP_aes_192_gcm();
+                       else if (keylen == 256)
+                               gcm = EVP_aes_256_gcm();
+                       else 
+                               {
+                               fprintf(stderr, "Unsupported keylen %d\n",
+                                                       keylen);
+                               }
+                       keylen >>= 3;
+                       }
+               else if (!strcmp(keyword, "[IVlen"))
+                       ivlen = atoi(value) >> 3;
+               else if (!strcmp(keyword, "[AADlen"))
+                       aadlen = atoi(value) >> 3;
+               else if (!strcmp(keyword, "[Taglen"))
+                       taglen = atoi(value) >> 3;
+               else if (!strcmp(keyword, "[PTlen"))
+                       ptlen = atoi(value) >> 3;
+               else if(!strcmp(keyword,"Key"))
+                       {
+                       key = hex2bin_m(value, &l);
+                       if (l != keylen)
+                               {
+                               fprintf(stderr, "Inconsistent Key length\n");
+                               exit(1);
+                               }
+                       }
+               else if(!strcmp(keyword,"IV"))
+                       {
+                       iv = hex2bin_m(value, &l);
+                       if (l != ivlen)
+                               {
+                               fprintf(stderr, "Inconsistent IV length\n");
+                               exit(1);
+                               }
+                       }
+               else if(!strcmp(keyword,"CT"))
+                       {
+                       ct = hex2bin_m(value, &l);
+                       if (l != ptlen)
+                               {
+                               fprintf(stderr, "Inconsistent CT length\n");
+                               exit(1);
+                               }
+                       }
+               else if(!strcmp(keyword,"AAD"))
+                       {
+                       aad = hex2bin_m(value, &l);
+                       if (l != aadlen)
+                               {
+                               fprintf(stderr, "Inconsistent AAD length\n");
+                               exit(1);
+                               }
+                       }
+               else if(!strcmp(keyword,"Tag"))
+                       {
+                       tag = hex2bin_m(value, &l);
+                       if (l != taglen)
+                               {
+                               fprintf(stderr, "Inconsistent Tag length\n");
+                               exit(1);
+                               }
+                       if (encrypt)
+                               {
+                               fprintf(stderr, "Parse Error for Encrypt\n");
+                               exit(1);
+                               }
+                       EVP_CipherInit_ex(&ctx, gcm, NULL, NULL, NULL, 0);
+                       EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
+                       EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, 0);
+                       EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag);
+                       if (aadlen)
+                               EVP_Cipher(&ctx, NULL, aad, aadlen);
+                       if (ptlen)
+                               {
+                               pt = OPENSSL_malloc(ptlen);
+                               rv = EVP_Cipher(&ctx, pt, ct, ptlen);
+                               }
+                       rv = EVP_Cipher(&ctx, NULL, NULL, 0);
+                       if (rv < 0)
+                               printf("FAIL\n");
+                       else
+                               OutputValue("PT", pt, ptlen, stdout, 0);
+                       if (iv)
+                               OPENSSL_free(iv);
+                       if (aad)
+                               OPENSSL_free(aad);
+                       if (ct)
+                               OPENSSL_free(ct);
+                       if (pt)
+                               OPENSSL_free(pt);
+                       if (key)
+                               OPENSSL_free(key);
+                       if (tag)
+                               OPENSSL_free(tag);
+                       }
+               }
+       }
+
+int main(int argc,char **argv)
+       {
+       int encrypt;
+       if(argc != 2)
+               {
+               fprintf(stderr,"%s [-encrypt|-decrypt]\n",argv[0]);
+               exit(1);
+               }
+       fips_set_error_print();
+       if(!FIPS_mode_set(1))
+               exit(1);
+       if(!strcmp(argv[1],"-encrypt"))
+               encrypt = 1;
+       else if(!strcmp(argv[1],"-decrypt"))
+               encrypt = 0;
+       else
+               {
+               fprintf(stderr,"Don't know how to %s.\n",argv[1]);
+               exit(1);
+               }
+
+       gcmtest(encrypt);
+
+       return 0;
+}
+
+#endif
index eccc8dd..7ead612 100644 (file)
@@ -134,6 +134,11 @@ int hex2bin(const char *in, unsigned char *out)
 unsigned char *hex2bin_m(const char *in, long *plen)
        {
        unsigned char *p;
+       if (strlen(in) == 0)
+               {
+               *plen = 0;
+               return OPENSSL_malloc(1);
+               }
        p = OPENSSL_malloc((strlen(in) + 1)/2);
        *plen = hex2bin(in, p);
        return p;
index 98acae2..4cbbf72 100644 (file)
@@ -66,6 +66,7 @@ FIPS_SHATEST= fips_shatest
 FIPS_DESTEST=  fips_desmovs
 FIPS_RANDTEST= fips_randtest
 FIPS_AESTEST=  fips_aesavs
+FIPS_GCMTEST=  fips_gcmtest
 FIPS_HMACTEST= fips_hmactest
 FIPS_RSAVTEST= fips_rsavtest
 FIPS_RSASTEST= fips_rsastest
@@ -90,7 +91,8 @@ EXE=  $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT)  $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)
        $(FIPS_HMACTEST)$(EXE_EXT) $(FIPS_RSAVTEST)$(EXE_EXT) \
        $(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT) \
        $(FIPS_DSSVS)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) \
-       $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) 
+       $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT)  \
+       $(FIPS_GCMTEST)$(EXE_EXT) 
 
 # $(METHTEST)$(EXE_EXT)
 
@@ -104,7 +106,7 @@ OBJ=        $(BNTEST).o $(ECTEST).o  $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \
        $(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o $(RSATEST).o \
        $(FIPS_SHATEST).o $(FIPS_DESTEST).o $(FIPS_RANDTEST).o \
        $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \
-       $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o \
+       $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o $(FIPS_GCMTEST).o \
        $(FIPS_DSSVS).o $(FIPS_DSATEST).o $(FIPS_RNGVS).o $(FIPS_TEST_SUITE).o \
        $(EVPTEST).o $(IGETEST).o $(JPAKETEST).o
 SRC=   $(BNTEST).c $(ECTEST).c  $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
@@ -116,7 +118,7 @@ SRC=        $(BNTEST).c $(ECTEST).c  $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
        $(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c $(RSATEST).c \
        $(FIPS_SHATEST).c $(FIPS_DESTEST).c $(FIPS_RANDTEST).c \
        $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \
-       $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c \
+       $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c $(FIPS_GCMTEST).c \
        $(FIPS_DSSVS).c $(FIPS_DSATEST).c $(FIPS_RNGVS).c $(FIPS_TEST_SUITE).c \
        $(EVPTEST).c $(IGETEST).c $(JPAKETEST).c
 
@@ -434,6 +436,9 @@ $(FIPS_SHATEST)$(EXE_EXT): $(FIPS_SHATEST).o $(DLIBCRYPTO)
 $(FIPS_AESTEST)$(EXE_EXT): $(FIPS_AESTEST).o $(DLIBCRYPTO)
        @target=$(FIPS_AESTEST); $(FIPS_BUILD_CMD)
 
+$(FIPS_GCMTEST)$(EXE_EXT): $(FIPS_GCMTEST).o $(DLIBCRYPTO)
+       @target=$(FIPS_GCMTEST); $(FIPS_BUILD_CMD)
+
 $(FIPS_DESTEST)$(EXE_EXT): $(FIPS_DESTEST).o $(DLIBCRYPTO)
        @target=$(FIPS_DESTEST); $(FIPS_BUILD_CMD)