1 /* Copyright (c) 2015, Google Inc.
2  *
3  * Permission to use, copy, modify, and/or distribute this software for any
4  * purpose with or without fee is hereby granted, provided that the above
5  * copyright notice and this permission notice appear in all copies.
6  *
7  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14 
15 #include <stdio.h>
16 #include <string.h>
17 
18 #include <memory>
19 #include <vector>
20 
21 #include <openssl/aes.h>
22 #include <openssl/crypto.h>
23 
24 #include "../internal.h"
25 #include "../test/file_test.h"
26 
27 
TestRaw(FileTest * t)28 static bool TestRaw(FileTest *t) {
29   std::vector<uint8_t> key, plaintext, ciphertext;
30   if (!t->GetBytes(&key, "Key") ||
31       !t->GetBytes(&plaintext, "Plaintext") ||
32       !t->GetBytes(&ciphertext, "Ciphertext")) {
33     return false;
34   }
35 
36   if (plaintext.size() != AES_BLOCK_SIZE ||
37       ciphertext.size() != AES_BLOCK_SIZE) {
38     t->PrintLine("Plaintext or Ciphertext not a block size.");
39     return false;
40   }
41 
42   AES_KEY aes_key;
43   if (AES_set_encrypt_key(key.data(), 8 * key.size(), &aes_key) != 0) {
44     t->PrintLine("AES_set_encrypt_key failed.");
45     return false;
46   }
47 
48   // Test encryption.
49   uint8_t block[AES_BLOCK_SIZE];
50   AES_encrypt(plaintext.data(), block, &aes_key);
51   if (!t->ExpectBytesEqual(block, AES_BLOCK_SIZE, ciphertext.data(),
52                            ciphertext.size())) {
53     t->PrintLine("AES_encrypt gave the wrong output.");
54     return false;
55   }
56 
57   // Test in-place encryption.
58   OPENSSL_memcpy(block, plaintext.data(), AES_BLOCK_SIZE);
59   AES_encrypt(block, block, &aes_key);
60   if (!t->ExpectBytesEqual(block, AES_BLOCK_SIZE, ciphertext.data(),
61                            ciphertext.size())) {
62     t->PrintLine("In-place AES_encrypt gave the wrong output.");
63     return false;
64   }
65 
66   if (AES_set_decrypt_key(key.data(), 8 * key.size(), &aes_key) != 0) {
67     t->PrintLine("AES_set_decrypt_key failed.");
68     return false;
69   }
70 
71   // Test decryption.
72   AES_decrypt(ciphertext.data(), block, &aes_key);
73   if (!t->ExpectBytesEqual(block, AES_BLOCK_SIZE, plaintext.data(),
74                            plaintext.size())) {
75     t->PrintLine("AES_decrypt gave the wrong output.");
76     return false;
77   }
78 
79   // Test in-place decryption.
80   OPENSSL_memcpy(block, ciphertext.data(), AES_BLOCK_SIZE);
81   AES_decrypt(block, block, &aes_key);
82   if (!t->ExpectBytesEqual(block, AES_BLOCK_SIZE, plaintext.data(),
83                            plaintext.size())) {
84     t->PrintLine("In-place AES_decrypt gave the wrong output.");
85     return false;
86   }
87 
88   return true;
89 }
90 
TestKeyWrap(FileTest * t)91 static bool TestKeyWrap(FileTest *t) {
92   // All test vectors use the default IV, so test both with implicit and
93   // explicit IV.
94   //
95   // TODO(davidben): Find test vectors that use a different IV.
96   static const uint8_t kDefaultIV[] = {
97       0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6,
98   };
99 
100   std::vector<uint8_t> key, plaintext, ciphertext;
101   if (!t->GetBytes(&key, "Key") ||
102       !t->GetBytes(&plaintext, "Plaintext") ||
103       !t->GetBytes(&ciphertext, "Ciphertext")) {
104     return false;
105   }
106 
107   if (plaintext.size() + 8 != ciphertext.size()) {
108     t->PrintLine("Invalid Plaintext and Ciphertext lengths.");
109     return false;
110   }
111 
112   AES_KEY aes_key;
113   if (AES_set_encrypt_key(key.data(), 8 * key.size(), &aes_key) != 0) {
114     t->PrintLine("AES_set_encrypt_key failed.");
115     return false;
116   }
117 
118   std::unique_ptr<uint8_t[]> buf(new uint8_t[ciphertext.size()]);
119   if (AES_wrap_key(&aes_key, nullptr /* iv */, buf.get(), plaintext.data(),
120                    plaintext.size()) != static_cast<int>(ciphertext.size()) ||
121       !t->ExpectBytesEqual(buf.get(), ciphertext.size(), ciphertext.data(),
122                            ciphertext.size())) {
123     t->PrintLine("AES_wrap_key with implicit IV failed.");
124     return false;
125   }
126 
127   OPENSSL_memset(buf.get(), 0, ciphertext.size());
128   if (AES_wrap_key(&aes_key, kDefaultIV, buf.get(), plaintext.data(),
129                    plaintext.size()) != static_cast<int>(ciphertext.size()) ||
130       !t->ExpectBytesEqual(buf.get(), ciphertext.size(), ciphertext.data(),
131                            ciphertext.size())) {
132     t->PrintLine("AES_wrap_key with explicit IV failed.");
133     return false;
134   }
135 
136   if (AES_set_decrypt_key(key.data(), 8 * key.size(), &aes_key) != 0) {
137     t->PrintLine("AES_set_decrypt_key failed.");
138     return false;
139   }
140 
141   buf.reset(new uint8_t[plaintext.size()]);
142   if (AES_unwrap_key(&aes_key, nullptr /* iv */, buf.get(), ciphertext.data(),
143                      ciphertext.size()) != static_cast<int>(plaintext.size()) ||
144       !t->ExpectBytesEqual(buf.get(), plaintext.size(), plaintext.data(),
145                            plaintext.size())) {
146     t->PrintLine("AES_unwrap_key with implicit IV failed.");
147     return false;
148   }
149 
150   OPENSSL_memset(buf.get(), 0, plaintext.size());
151   if (AES_unwrap_key(&aes_key, kDefaultIV, buf.get(), ciphertext.data(),
152                      ciphertext.size()) != static_cast<int>(plaintext.size()) ||
153       !t->ExpectBytesEqual(buf.get(), plaintext.size(), plaintext.data(),
154                            plaintext.size())) {
155     t->PrintLine("AES_unwrap_key with explicit IV failed.");
156     return false;
157   }
158 
159   ciphertext[0] ^= 1;
160   if (AES_unwrap_key(&aes_key, nullptr /* iv */, buf.get(), ciphertext.data(),
161                      ciphertext.size()) != -1) {
162     t->PrintLine("AES_unwrap_key with bad input unexpectedly succeeded.");
163     return false;
164   }
165 
166   return true;
167 }
168 
TestAES(FileTest * t,void * arg)169 static bool TestAES(FileTest *t, void *arg) {
170   if (t->GetParameter() == "Raw") {
171     return TestRaw(t);
172   }
173   if (t->GetParameter() == "KeyWrap") {
174     return TestKeyWrap(t);
175   }
176 
177   t->PrintLine("Unknown mode '%s'.", t->GetParameter().c_str());
178   return false;
179 }
180 
main(int argc,char ** argv)181 int main(int argc, char **argv) {
182   CRYPTO_library_init();
183 
184   if (argc != 2) {
185     fprintf(stderr, "%s <test file.txt>\n", argv[0]);
186     return 1;
187   }
188 
189   return FileTestMain(TestAES, nullptr, argv[1]);
190 }
191