Blame - crypto/cipher/cipher_test.cc - boringssl.googlesource.com/boringssl

blob: 97a84e09b58c827a7ced0dd5914f2bf973a640e3 [file] [log] [blame]

David Benjamin	4690bb5	2015-05-10 03:10:07 -0400	[diff] [blame^]	1	/*
				2	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
				3	* project.
				4	*/
				5	/* ====================================================================
				6	* Copyright (c) 2015 The OpenSSL Project. All rights reserved.
				7	*
				8	* Redistribution and use in source and binary forms, with or without
				9	* modification, are permitted provided that the following conditions
				10	* are met:
				11	*
				12	* 1. Redistributions of source code must retain the above copyright
				13	* notice, this list of conditions and the following disclaimer.
				14	*
				15	* 2. Redistributions in binary form must reproduce the above copyright
				16	* notice, this list of conditions and the following disclaimer in
				17	* the documentation and/or other materials provided with the
				18	* distribution.
				19	*
				20	* 3. All advertising materials mentioning features or use of this
				21	* software must display the following acknowledgment:
				22	* "This product includes software developed by the OpenSSL Project
				23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
				24	*
				25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
				26	* endorse or promote products derived from this software without
				27	* prior written permission. For written permission, please contact
				28	* licensing@OpenSSL.org.
				29	*
				30	* 5. Products derived from this software may not be called "OpenSSL"
				31	* nor may "OpenSSL" appear in their names without prior written
				32	* permission of the OpenSSL Project.
				33	*
				34	* 6. Redistributions of any form whatsoever must retain the following
				35	* acknowledgment:
				36	* "This product includes software developed by the OpenSSL Project
				37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
				38	*
				39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
				40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
				41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
				42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
				43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
				44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
				46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
				47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
				48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
				49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
				50	* OF THE POSSIBILITY OF SUCH DAMAGE.
				51	* ====================================================================
				52	*/
				53
				54	#include <stdlib.h>
				55	#include <string.h>
				56
				57	#include <string>
				58	#include <vector>
				59
				60	#include <openssl/cipher.h>
				61	#include <openssl/crypto.h>
				62	#include <openssl/err.h>
				63
				64	#include "../test/file_test.h"
				65	#include "../test/scoped_types.h"
				66	#include "../test/stl_compat.h"
				67
				68
				69	static const EVP_CIPHER *GetCipher(const std::string &name) {
				70	if (name == "DES-CBC") {
				71	return EVP_des_cbc();
				72	} else if (name == "DES-EDE3-CBC") {
				73	return EVP_des_ede3_cbc();
				74	} else if (name == "RC4") {
				75	return EVP_rc4();
				76	} else if (name == "AES-128-ECB") {
				77	return EVP_aes_128_ecb();
				78	} else if (name == "AES-256-ECB") {
				79	return EVP_aes_256_ecb();
				80	} else if (name == "AES-128-CBC") {
				81	return EVP_aes_128_cbc();
				82	} else if (name == "AES-128-GCM") {
				83	return EVP_aes_128_gcm();
				84	} else if (name == "AES-128-OFB") {
				85	return EVP_aes_128_ofb();
				86	} else if (name == "AES-192-CBC") {
				87	return EVP_aes_192_cbc();
				88	} else if (name == "AES-192-ECB") {
				89	return EVP_aes_192_ecb();
				90	} else if (name == "AES-256-CBC") {
				91	return EVP_aes_256_cbc();
				92	} else if (name == "AES-128-CTR") {
				93	return EVP_aes_128_ctr();
				94	} else if (name == "AES-256-CTR") {
				95	return EVP_aes_256_ctr();
				96	} else if (name == "AES-256-GCM") {
				97	return EVP_aes_256_gcm();
				98	} else if (name == "AES-256-OFB") {
				99	return EVP_aes_256_ofb();
				100	}
				101	return nullptr;
				102	}
				103
				104	static bool TestOperation(FileTest *t,
				105	const EVP_CIPHER *cipher,
				106	bool encrypt,
				107	const std::vector<uint8_t> &key,
				108	const std::vector<uint8_t> &iv,
				109	const std::vector<uint8_t> &plaintext,
				110	const std::vector<uint8_t> &ciphertext,
				111	const std::vector<uint8_t> &aad,
				112	const std::vector<uint8_t> &tag) {
				113	const std::vector<uint8_t> in, out;
				114	if (encrypt) {
				115	in = &plaintext;
				116	out = &ciphertext;
				117	} else {
				118	in = &ciphertext;
				119	out = &plaintext;
				120	}
				121
				122	bool is_aead = EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE;
				123
				124	ScopedEVP_CIPHER_CTX ctx;
				125	if (!EVP_CipherInit_ex(ctx.get(), cipher, nullptr, nullptr, nullptr,
				126	encrypt ? 1 : 0)) {
				127	return false;
				128	}
				129	if (t->HasAttribute("IV")) {
				130	if (is_aead) {
				131	if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_IVLEN,
				132	iv.size(), 0)) {
				133	return false;
				134	}
				135	} else if (iv.size() != (size_t)EVP_CIPHER_CTX_iv_length(ctx.get())) {
				136	t->PrintLine("Bad IV length.");
				137	return false;
				138	}
				139	}
				140	if (is_aead && !encrypt &&
				141	!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_TAG, tag.size(),
				142	const_cast<uint8_t*>(bssl::vector_data(&tag)))) {
				143	return false;
				144	}
				145	// The ciphers are run with no padding. For each of the ciphers we test, the
				146	// output size matches the input size.
				147	std::vector<uint8_t> result(in->size());
				148	if (in->size() != out->size()) {
				149	t->PrintLine("Input/output size mismatch (%u vs %u).", (unsigned)in->size(),
				150	(unsigned)out->size());
				151	return false;
				152	}
				153	// Note: the deprecated \|EVP_CIPHER\|-based AES-GCM API is sensitive to whether
				154	// parameters are NULL, so it is important to skip the \|in\| and \|aad\|
				155	// \|EVP_CipherUpdate\| calls when empty.
				156	int unused, result_len1 = 0, result_len2;
				157	if (!EVP_CIPHER_CTX_set_key_length(ctx.get(), key.size()) \|\|
				158	!EVP_CipherInit_ex(ctx.get(), nullptr, nullptr, bssl::vector_data(&key),
				159	bssl::vector_data(&iv), -1) \|\|
				160	(!aad.empty() &&
				161	!EVP_CipherUpdate(ctx.get(), nullptr, &unused, bssl::vector_data(&aad),
				162	aad.size())) \|\|
				163	!EVP_CIPHER_CTX_set_padding(ctx.get(), 0) \|\|
				164	(!in->empty() &&
				165	!EVP_CipherUpdate(ctx.get(), bssl::vector_data(&result), &result_len1,
				166	bssl::vector_data(in), in->size())) \|\|
				167	!EVP_CipherFinal_ex(ctx.get(), bssl::vector_data(&result) + result_len1,
				168	&result_len2)) {
				169	t->PrintLine("Operation failed.");
				170	return false;
				171	}
				172	result.resize(result_len1 + result_len2);
				173	if (!t->ExpectBytesEqual(bssl::vector_data(out), out->size(),
				174	bssl::vector_data(&result), result.size())) {
				175	return false;
				176	}
				177	if (encrypt && is_aead) {
				178	uint8_t rtag[16];
				179	if (tag.size() > sizeof(rtag)) {
				180	t->PrintLine("Bad tag length.");
				181	return false;
				182	}
				183	if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_GET_TAG, tag.size(),
				184	rtag) \|\|
				185	!t->ExpectBytesEqual(bssl::vector_data(&tag), tag.size(), rtag,
				186	tag.size())) {
				187	return false;
				188	}
				189	}
				190	return true;
				191	}
				192
				193	static bool TestCipher(FileTest t, void arg) {
				194	std::string cipher_str;
				195	if (!t->GetAttribute(&cipher_str, "Cipher")) {
				196	return false;
				197	}
				198	const EVP_CIPHER *cipher = GetCipher(cipher_str);
				199	if (cipher == nullptr) {
				200	t->PrintLine("Unknown cipher: '%s'.", cipher_str.c_str());
				201	return false;
				202	}
				203
				204	std::vector<uint8_t> key, iv, plaintext, ciphertext, aad, tag;
				205	if (!t->GetBytes(&key, "Key") \|\|
				206	!t->GetBytes(&plaintext, "Plaintext") \|\|
				207	!t->GetBytes(&ciphertext, "Ciphertext")) {
				208	return false;
				209	}
				210	if (EVP_CIPHER_iv_length(cipher) > 0 &&
				211	!t->GetBytes(&iv, "IV")) {
				212	return false;
				213	}
				214	if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) {
				215	if (!t->GetBytes(&aad, "AAD") \|\|
				216	!t->GetBytes(&tag, "Tag")) {
				217	return false;
				218	}
				219	}
				220
				221	enum {
				222	kEncrypt,
				223	kDecrypt,
				224	kBoth,
				225	} operation = kBoth;
				226	if (t->HasAttribute("Operation")) {
				227	const std::string &str = t->GetAttributeOrDie("Operation");
				228	if (str == "ENCRYPT") {
				229	operation = kEncrypt;
				230	} else if (str == "DECRYPT") {
				231	operation = kDecrypt;
				232	} else {
				233	t->PrintLine("Unknown operation: '%s'.", str.c_str());
				234	return false;
				235	}
				236	}
				237
				238	// By default, both directions are run, unless overridden by the operation.
				239	if (operation != kDecrypt &&
				240	!TestOperation(t, cipher, true /* encrypt */, key, iv, plaintext,
				241	ciphertext, aad, tag)) {
				242	return false;
				243	}
				244	if (operation != kEncrypt &&
				245	!TestOperation(t, cipher, false /* decrypt */, key, iv, plaintext,
				246	ciphertext, aad, tag)) {
				247	return false;
				248	}
				249
				250	return true;
				251	}
				252
				253	int main(int argc, char **argv) {
				254	CRYPTO_library_init();
				255
				256	if (argc != 2) {
				257	fprintf(stderr, "%s <test file>\n", argv[0]);
				258	return 1;
				259	}
				260
				261	return FileTestMain(TestCipher, nullptr, argv[1]);
				262	}