From: Dr. Stephen Henson Date: Mon, 18 Apr 2011 16:31:11 +0000 (+0000) Subject: CCM encrypt algorithm test support. X-Git-Tag: OpenSSL-fips-2_0-rc1~537 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=b3a45e7db53a71c17a214c60909a430daeff3ac1 CCM encrypt algorithm test support. --- diff --git a/fips/aes/fips_gcmtest.c b/fips/aes/fips_gcmtest.c index cfd8647405..cb81f3eb59 100644 --- a/fips/aes/fips_gcmtest.c +++ b/fips/aes/fips_gcmtest.c @@ -288,7 +288,7 @@ static void xtstest(FILE *in, FILE *out) else if(!strncmp(buf,"[DECRYPT]", 9)) encrypt = 0; } - if (!parse_line(&keyword, &value, lbuf, buf)) + if (!parse_line(&keyword, &value, lbuf, buf)) continue; else if(!strcmp(keyword,"Key")) { @@ -337,10 +337,120 @@ static void xtstest(FILE *in, FILE *out) } } +static void ccmencrypt(FILE *in, FILE *out) + { + char buf[2048]; + char lbuf[2048]; + char *keyword, *value; + long l; + unsigned char *Key = NULL, *Nonce = NULL; + unsigned char *Adata = NULL, *Payload = NULL; + unsigned char *CT = NULL; + int Plen = -1, Nlen = -1, Tlen = -1, Alen = -1; + EVP_CIPHER_CTX ctx; + const EVP_CIPHER *ccm = NULL; + FIPS_cipher_ctx_init(&ctx); + + while(fgets(buf,sizeof buf,in) != NULL) + { + fputs(buf,out); + if (!parse_line(&keyword, &value, lbuf, buf)) + continue; + + /* If surrounded by square brackets zap them */ + if (keyword[0] == '[') + { + char *p; + keyword++; + p = strchr(value, ']'); + if (p) + *p = 0; + } + + if (!strcmp(keyword,"Plen")) + Plen = atoi(value); + else if (!strcmp(keyword,"Nlen")) + Nlen = atoi(value); + else if (!strcmp(keyword,"Tlen")) + Tlen = atoi(value); + else if (!strcmp(keyword,"Alen")) + Alen = atoi(value); + else if (!strcmp(keyword,"Key")) + { + if (Key) + OPENSSL_free(Key); + Key = hex2bin_m(value, &l); + if (l == 16) + ccm = EVP_aes_128_ccm(); + else if (l == 24) + ccm = EVP_aes_192_ccm(); + else if (l == 32) + ccm = EVP_aes_256_ccm(); + else + { + fprintf(stderr, "Inconsistent Key length\n"); + exit(1); + } + } + else if (!strcmp(keyword,"Nonce")) + { + if (Nonce) + OPENSSL_free(Nonce); + Nonce = hex2bin_m(value, &l); + if (l != Nlen) + { + fprintf(stderr, "Inconsistent nonce length\n"); + exit(1); + } + } + else if (!strcmp(keyword,"Payload")) + { + Payload = hex2bin_m(value, &l); + if (Plen && l != Plen) + { + fprintf(stderr, "Inconsistent Payload length\n"); + exit(1); + } + } + else if (!strcmp(keyword,"Adata")) + { + Adata = hex2bin_m(value, &l); + if (Alen && l != Alen) + { + fprintf(stderr, "Inconsistent Payload length\n"); + exit(1); + } + } + if (Payload) + { + FIPS_cipherinit(&ctx, ccm, NULL, NULL, 1); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, Tlen, 0); + FIPS_cipherinit(&ctx, NULL, Key, Nonce, 1); + + FIPS_cipher(&ctx, NULL, NULL, Plen); + FIPS_cipher(&ctx, NULL, Adata, Alen); + CT = OPENSSL_malloc(Plen + Tlen); + FIPS_cipher(&ctx, CT, Payload, Plen); + FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, Tlen, + CT + Plen); + OutputValue("CT", CT, Plen + Tlen, out, 0); + OPENSSL_free(CT); + OPENSSL_free(Payload); + CT = Payload = NULL; + } + } + if (Key) + OPENSSL_free(Key); + if (Nonce) + OPENSSL_free(Nonce); + FIPS_cipher_ctx_cleanup(&ctx); + } + int main(int argc,char **argv) { int encrypt; - int xts = 0; + int xts = 0, ccmenc = 0; FILE *in, *out; if (argc == 4) { @@ -374,6 +484,8 @@ int main(int argc,char **argv) encrypt = 2; else if(!strcmp(argv[1],"-decrypt")) encrypt = 0; + else if(!strcmp(argv[1],"-ccmencrypt")) + ccmenc = 1; else if(!strcmp(argv[1],"-xts")) xts = 1; else @@ -382,7 +494,9 @@ int main(int argc,char **argv) exit(1); } - if (xts) + if (ccmenc) + ccmencrypt(in, out); + else if (xts) xtstest(in, out); else gcmtest(in, out, encrypt);