1 /* ====================================================================
2 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ==================================================================== */
48
49 /* Per C99, various stdint.h and inttypes.h macros (the latter used by
50 * internal.h) are unavailable in C++ unless some macros are defined. C++11
51 * overruled this decision, but older Android NDKs still require it. */
52 #if !defined(__STDC_CONSTANT_MACROS)
53 #define __STDC_CONSTANT_MACROS
54 #endif
55
56 #include <stdio.h>
57 #include <string.h>
58
59 #include <openssl/aes.h>
60 #include <openssl/crypto.h>
61 #include <openssl/mem.h>
62
63 #include "internal.h"
64 #include "../test/test_util.h"
65
66
67 struct test_case {
68 const char *key;
69 const char *plaintext;
70 const char *additional_data;
71 const char *nonce;
72 const char *ciphertext;
73 const char *tag;
74 };
75
76 static const struct test_case test_cases[] = {
77 {
78 "00000000000000000000000000000000",
79 NULL,
80 NULL,
81 "000000000000000000000000",
82 NULL,
83 "58e2fccefa7e3061367f1d57a4e7455a",
84 },
85 {
86 "00000000000000000000000000000000",
87 "00000000000000000000000000000000",
88 NULL,
89 "000000000000000000000000",
90 "0388dace60b6a392f328c2b971b2fe78",
91 "ab6e47d42cec13bdf53a67b21257bddf",
92 },
93 {
94 "feffe9928665731c6d6a8f9467308308",
95 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
96 NULL,
97 "cafebabefacedbaddecaf888",
98 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
99 "4d5c2af327cd64a62cf35abd2ba6fab4",
100 },
101 {
102 "feffe9928665731c6d6a8f9467308308",
103 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
104 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
105 "cafebabefacedbaddecaf888",
106 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
107 "5bc94fbc3221a5db94fae95ae7121a47",
108 },
109 {
110 "feffe9928665731c6d6a8f9467308308",
111 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
112 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
113 "cafebabefacedbad",
114 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
115 "3612d2e79e3b0785561be14aaca2fccb",
116 },
117 {
118 "feffe9928665731c6d6a8f9467308308",
119 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
120 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
121 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
122 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
123 "619cc5aefffe0bfa462af43c1699d050",
124 },
125 {
126 "000000000000000000000000000000000000000000000000",
127 NULL,
128 NULL,
129 "000000000000000000000000",
130 NULL,
131 "cd33b28ac773f74ba00ed1f312572435",
132 },
133 {
134 "000000000000000000000000000000000000000000000000",
135 "00000000000000000000000000000000",
136 NULL,
137 "000000000000000000000000",
138 "98e7247c07f0fe411c267e4384b0f600",
139 "2ff58d80033927ab8ef4d4587514f0fb",
140 },
141 {
142 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
143 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
144 NULL,
145 "cafebabefacedbaddecaf888",
146 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
147 "9924a7c8587336bfb118024db8674a14",
148 },
149 {
150 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
151 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
152 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
153 "cafebabefacedbaddecaf888",
154 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
155 "2519498e80f1478f37ba55bd6d27618c",
156 },
157 {
158 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
159 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
160 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
161 "cafebabefacedbad",
162 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
163 "65dcc57fcf623a24094fcca40d3533f8",
164 },
165 {
166 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
167 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
168 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
169 "cafebabefacedbad",
170 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
171 "65dcc57fcf623a24094fcca40d3533f8",
172 },
173 {
174 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
175 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
176 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
177 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
178 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
179 "dcf566ff291c25bbb8568fc3d376a6d9",
180 },
181 {
182 "0000000000000000000000000000000000000000000000000000000000000000",
183 NULL,
184 NULL,
185 "000000000000000000000000",
186 NULL,
187 "530f8afbc74536b9a963b4f1c4cb738b",
188 },
189 {
190 "0000000000000000000000000000000000000000000000000000000000000000",
191 "00000000000000000000000000000000",
192 NULL,
193 "000000000000000000000000",
194 "cea7403d4d606b6e074ec5d3baf39d18",
195 "d0d1c8a799996bf0265b98b5d48ab919",
196 },
197 {
198 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
199 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
200 NULL,
201 "cafebabefacedbaddecaf888",
202 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
203 "b094dac5d93471bdec1a502270e3cc6c",
204 },
205 {
206 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
207 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
208 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
209 "cafebabefacedbaddecaf888",
210 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
211 "76fc6ece0f4e1768cddf8853bb2d551b",
212 },
213 {
214 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
215 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
216 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
217 "cafebabefacedbad",
218 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
219 "3a337dbf46a792c45e454913fe2ea8f2",
220 },
221 {
222 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
223 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
224 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
225 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
226 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
227 "a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
228 },
229 {
230 "00000000000000000000000000000000",
231 NULL,
232 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
233 "000000000000000000000000",
234 NULL,
235 "5fea793a2d6f974d37e68e0cb8ff9492",
236 },
237 {
238 "00000000000000000000000000000000",
239 "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
240 NULL,
241 /* This nonce results in 0xfff in counter LSB. */
242 "ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
243 "56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606872ca10dee15b3249b1a1b958f23134c4bccb7d03200bce420a2f8eb66dcf3644d1423c1b5699003c13ecef4bf38a3b60eedc34033bac1902783dc6d89e2e774188a439c7ebcc0672dbda4ddcfb2794613b0be41315ef778708a70ee7d75165c",
244 "8b307f6b33286d0ab026a9ed3fe1e85f",
245 },
246 };
247
from_hex(uint8_t * out,char in)248 static int from_hex(uint8_t *out, char in) {
249 if (in >= '0' && in <= '9') {
250 *out = in - '0';
251 return 1;
252 }
253 if (in >= 'a' && in <= 'f') {
254 *out = in - 'a' + 10;
255 return 1;
256 }
257 if (in >= 'A' && in <= 'F') {
258 *out = in - 'A' + 10;
259 return 1;
260 }
261
262 return 0;
263 }
264
decode_hex(uint8_t ** out,size_t * out_len,const char * in,unsigned test_num,const char * description)265 static int decode_hex(uint8_t **out, size_t *out_len, const char *in,
266 unsigned test_num, const char *description) {
267 if (in == NULL) {
268 *out = NULL;
269 *out_len = 0;
270 return 1;
271 }
272
273 size_t len = strlen(in);
274 if (len & 1) {
275 fprintf(stderr, "%u: Odd-length %s input.\n", test_num, description);
276 return 0;
277 }
278
279 uint8_t *buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len / 2));
280 if (buf == NULL) {
281 fprintf(stderr, "%u: malloc failure.\n", test_num);
282 goto err;
283 }
284
285 for (size_t i = 0; i < len; i += 2) {
286 uint8_t v, v2;
287 if (!from_hex(&v, in[i]) ||
288 !from_hex(&v2, in[i+1])) {
289 fprintf(stderr, "%u: invalid hex digit in %s around offset %zu.\n",
290 test_num, description, i);
291 goto err;
292 }
293 buf[i/2] = (v << 4) | v2;
294 }
295
296 *out = buf;
297 *out_len = len/2;
298 return 1;
299
300 err:
301 OPENSSL_free(buf);
302 return 0;
303 }
304
run_test_case(unsigned test_num,const struct test_case * test)305 static int run_test_case(unsigned test_num, const struct test_case *test) {
306 size_t key_len, plaintext_len, additional_data_len, nonce_len, ciphertext_len,
307 tag_len;
308 uint8_t *key = NULL, *plaintext = NULL, *additional_data = NULL,
309 *nonce = NULL, *ciphertext = NULL, *tag = NULL, *out = NULL;
310 int ret = 0;
311 AES_KEY aes_key;
312 GCM128_CONTEXT ctx;
313
314 if (!decode_hex(&key, &key_len, test->key, test_num, "key") ||
315 !decode_hex(&plaintext, &plaintext_len, test->plaintext, test_num,
316 "plaintext") ||
317 !decode_hex(&additional_data, &additional_data_len, test->additional_data,
318 test_num, "additional_data") ||
319 !decode_hex(&nonce, &nonce_len, test->nonce, test_num, "nonce") ||
320 !decode_hex(&ciphertext, &ciphertext_len, test->ciphertext, test_num,
321 "ciphertext") ||
322 !decode_hex(&tag, &tag_len, test->tag, test_num, "tag")) {
323 goto out;
324 }
325
326 if (plaintext_len != ciphertext_len) {
327 fprintf(stderr, "%u: plaintext and ciphertext have differing lengths.\n",
328 test_num);
329 goto out;
330 }
331
332 if (key_len != 16 && key_len != 24 && key_len != 32) {
333 fprintf(stderr, "%u: bad key length.\n", test_num);
334 goto out;
335 }
336
337 if (tag_len != 16) {
338 fprintf(stderr, "%u: bad tag length.\n", test_num);
339 goto out;
340 }
341
342 out = reinterpret_cast<uint8_t *>(OPENSSL_malloc(plaintext_len));
343 if (plaintext_len != 0 && out == NULL) {
344 goto out;
345 }
346 if (AES_set_encrypt_key(key, key_len*8, &aes_key)) {
347 fprintf(stderr, "%u: AES_set_encrypt_key failed.\n", test_num);
348 goto out;
349 }
350
351 CRYPTO_gcm128_init(&ctx, &aes_key, (block128_f) AES_encrypt);
352 CRYPTO_gcm128_setiv(&ctx, &aes_key, nonce, nonce_len);
353 OPENSSL_memset(out, 0, plaintext_len);
354 if (additional_data) {
355 CRYPTO_gcm128_aad(&ctx, additional_data, additional_data_len);
356 }
357 if (plaintext) {
358 CRYPTO_gcm128_encrypt(&ctx, &aes_key, plaintext, out, plaintext_len);
359 }
360 if (!CRYPTO_gcm128_finish(&ctx, tag, tag_len) ||
361 (ciphertext && OPENSSL_memcmp(out, ciphertext, plaintext_len) != 0)) {
362 fprintf(stderr, "%u: encrypt failed.\n", test_num);
363 hexdump(stderr, "got :", out, plaintext_len);
364 hexdump(stderr, "want:", ciphertext, plaintext_len);
365 goto out;
366 }
367
368 CRYPTO_gcm128_setiv(&ctx, &aes_key, nonce, nonce_len);
369 OPENSSL_memset(out, 0, plaintext_len);
370 if (additional_data) {
371 CRYPTO_gcm128_aad(&ctx, additional_data, additional_data_len);
372 }
373 if (ciphertext) {
374 CRYPTO_gcm128_decrypt(&ctx, &aes_key, ciphertext, out, plaintext_len);
375 }
376 if (!CRYPTO_gcm128_finish(&ctx, tag, tag_len)) {
377 fprintf(stderr, "%u: decrypt failed.\n", test_num);
378 goto out;
379 }
380 if (plaintext && OPENSSL_memcmp(out, plaintext, plaintext_len)) {
381 fprintf(stderr, "%u: plaintext doesn't match.\n", test_num);
382 goto out;
383 }
384
385 ret = 1;
386
387 out:
388 OPENSSL_free(key);
389 OPENSSL_free(plaintext);
390 OPENSSL_free(additional_data);
391 OPENSSL_free(nonce);
392 OPENSSL_free(ciphertext);
393 OPENSSL_free(tag);
394 OPENSSL_free(out);
395 return ret;
396 }
397
TestByteSwap()398 static bool TestByteSwap() {
399 return CRYPTO_bswap4(0x01020304) == 0x04030201 &&
400 CRYPTO_bswap8(UINT64_C(0x0102030405060708)) ==
401 UINT64_C(0x0807060504030201);
402 }
403
main(void)404 int main(void) {
405 int ret = 0;
406 unsigned i;
407
408 CRYPTO_library_init();
409
410 if (!TestByteSwap()) {
411 ret = 1;
412 }
413
414 for (i = 0; i < sizeof(test_cases) / sizeof(struct test_case); i++) {
415 if (!run_test_case(i, &test_cases[i])) {
416 ret = 1;
417 }
418 }
419
420 if (ret == 0) {
421 printf("PASS\n");
422 }
423
424 return ret;
425 }
426