1 /* $OpenBSD: aeadtest.c,v 1.12 2019/01/22 00:59:21 dlg Exp $ */
2 /* ====================================================================
3 * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 */
50
51 #include <stdio.h>
52 #include <stdlib.h>
53 #include <string.h>
54 #include <stdint.h>
55 #include <unistd.h>
56 #include <ctype.h>
57
58 #include <openssl/evp.h>
59 #include <openssl/err.h>
60
61 /* This program tests an AEAD against a series of test vectors from a file. The
62 * test vector file consists of key-value lines where the key and value are
63 * separated by a colon and optional whitespace. The keys are listed in
64 * NAMES, below. The values are hex-encoded data.
65 *
66 * After a number of key-value lines, a blank line indicates the end of the
67 * test case.
68 *
69 * For example, here's a valid test case:
70 *
71 * AEAD: chacha20-poly1305
72 * KEY: bcb2639bf989c6251b29bf38d39a9bdce7c55f4b2ac12a39c8a37b5d0a5cc2b5
73 * NONCE: 1e8b4c510f5ca083
74 * IN: 8c8419bc27
75 * AD: 34ab88c265
76 * CT: 1a7c2f33f5
77 * TAG: 2875c659d0f2808de3a40027feff91a4
78 */
79
80 #define BUF_MAX 1024
81
82 #ifdef _MSC_VER
83 #ifdef IN
84 #undef IN
85 #endif
86 #endif
87
88 /* These are the different types of line that are found in the input file. */
89 enum {
90 AEAD = 0, /* name of the AEAD algorithm. */
91 KEY, /* hex encoded key. */
92 NONCE, /* hex encoded nonce. */
93 IN, /* hex encoded plaintext. */
94 AD, /* hex encoded additional data. */
95 CT, /* hex encoded ciphertext (not including the
96 * authenticator, which is next. */
97 TAG, /* hex encoded authenticator. */
98 NUM_TYPES
99 };
100
101 static const char NAMES[NUM_TYPES][6] = {
102 "AEAD",
103 "KEY",
104 "NONCE",
105 "IN",
106 "AD",
107 "CT",
108 "TAG",
109 };
110
111 static unsigned char
hex_digit(char h)112 hex_digit(char h)
113 {
114 if (h >= '0' && h <= '9')
115 return h - '0';
116 else if (h >= 'a' && h <= 'f')
117 return h - 'a' + 10;
118 else if (h >= 'A' && h <= 'F')
119 return h - 'A' + 10;
120 else
121 return 16;
122 }
123
124 static int
aead_from_name(const EVP_AEAD ** aead,const char * name)125 aead_from_name(const EVP_AEAD **aead, const char *name)
126 {
127 *aead = NULL;
128
129 if (strcmp(name, "aes-128-gcm") == 0) {
130 #ifndef OPENSSL_NO_AES
131 *aead = EVP_aead_aes_128_gcm();
132 #else
133 fprintf(stderr, "No AES support.\n");
134 #endif
135 } else if (strcmp(name, "aes-256-gcm") == 0) {
136 #ifndef OPENSSL_NO_AES
137 *aead = EVP_aead_aes_256_gcm();
138 #else
139 fprintf(stderr, "No AES support.\n");
140 #endif
141 } else if (strcmp(name, "chacha20-poly1305") == 0) {
142 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
143 *aead = EVP_aead_chacha20_poly1305();
144 #else
145 fprintf(stderr, "No chacha20-poly1305 support.\n");
146 #endif
147 } else if (strcmp(name, "xchacha20-poly1305") == 0) {
148 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
149 *aead = EVP_aead_xchacha20_poly1305();
150 #else
151 fprintf(stderr, "No xchacha20-poly1305 support.\n");
152 #endif
153 } else {
154 fprintf(stderr, "Unknown AEAD: %s\n", name);
155 return -1;
156 }
157
158 if (*aead == NULL)
159 return 0;
160
161 return 1;
162 }
163
164 static int
run_test_case(const EVP_AEAD * aead,unsigned char bufs[NUM_TYPES][BUF_MAX],const unsigned int lengths[NUM_TYPES],unsigned int line_no)165 run_test_case(const EVP_AEAD* aead, unsigned char bufs[NUM_TYPES][BUF_MAX],
166 const unsigned int lengths[NUM_TYPES], unsigned int line_no)
167 {
168 EVP_AEAD_CTX ctx;
169 unsigned char out[BUF_MAX + EVP_AEAD_MAX_TAG_LENGTH], out2[BUF_MAX];
170 size_t out_len, out_len2;
171
172 if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY],
173 lengths[TAG], NULL)) {
174 fprintf(stderr, "Failed to init AEAD on line %u\n", line_no);
175 return 0;
176 }
177
178 if (!EVP_AEAD_CTX_seal(&ctx, out, &out_len, sizeof(out), bufs[NONCE],
179 lengths[NONCE], bufs[IN], lengths[IN], bufs[AD], lengths[AD])) {
180 fprintf(stderr, "Failed to run AEAD on line %u\n", line_no);
181 return 0;
182 }
183
184 if (out_len != lengths[CT] + lengths[TAG]) {
185 fprintf(stderr, "Bad output length on line %u: %zu vs %u\n",
186 line_no, out_len, (unsigned)(lengths[CT] + lengths[TAG]));
187 return 0;
188 }
189
190 if (memcmp(out, bufs[CT], lengths[CT]) != 0) {
191 fprintf(stderr, "Bad output on line %u\n", line_no);
192 return 0;
193 }
194
195 if (memcmp(out + lengths[CT], bufs[TAG], lengths[TAG]) != 0) {
196 fprintf(stderr, "Bad tag on line %u\n", line_no);
197 return 0;
198 }
199
200 if (!EVP_AEAD_CTX_open(&ctx, out2, &out_len2, lengths[IN], bufs[NONCE],
201 lengths[NONCE], out, out_len, bufs[AD], lengths[AD])) {
202 fprintf(stderr, "Failed to decrypt on line %u\n", line_no);
203 return 0;
204 }
205
206 if (out_len2 != lengths[IN]) {
207 fprintf(stderr, "Bad decrypt on line %u: %zu\n",
208 line_no, out_len2);
209 return 0;
210 }
211
212 if (memcmp(out2, bufs[IN], out_len2) != 0) {
213 fprintf(stderr, "Plaintext mismatch on line %u\n", line_no);
214 return 0;
215 }
216
217 out[0] ^= 0x80;
218 if (EVP_AEAD_CTX_open(&ctx, out2, &out_len2, lengths[IN], bufs[NONCE],
219 lengths[NONCE], out, out_len, bufs[AD], lengths[AD])) {
220 fprintf(stderr, "Decrypted bad data on line %u\n", line_no);
221 return 0;
222 }
223
224 EVP_AEAD_CTX_cleanup(&ctx);
225 return 1;
226 }
227
228 int
main(int argc,char ** argv)229 main(int argc, char **argv)
230 {
231 FILE *f;
232 const EVP_AEAD *aead = NULL;
233 unsigned int line_no = 0, num_tests = 0, j;
234
235 unsigned char bufs[NUM_TYPES][BUF_MAX];
236 unsigned int lengths[NUM_TYPES];
237
238 if (argc != 2) {
239 fprintf(stderr, "%s <test file.txt>\n", argv[0]);
240 return 1;
241 }
242
243 f = fopen(argv[1], "r");
244 if (f == NULL) {
245 perror("failed to open input");
246 return 1;
247 }
248
249 for (j = 0; j < NUM_TYPES; j++)
250 lengths[j] = 0;
251
252 for (;;) {
253 char line[4096];
254 unsigned int i, type_len = 0;
255
256 unsigned char *buf = NULL;
257 unsigned int *buf_len = NULL;
258
259 if (!fgets(line, sizeof(line), f))
260 break;
261
262 line_no++;
263 if (line[0] == '#')
264 continue;
265
266 if (line[0] == '\n' || line[0] == 0) {
267 /* Run a test, if possible. */
268 char any_values_set = 0;
269 for (j = 0; j < NUM_TYPES; j++) {
270 if (lengths[j] != 0) {
271 any_values_set = 1;
272 break;
273 }
274 }
275
276 if (!any_values_set)
277 continue;
278
279 switch (aead_from_name(&aead, bufs[AEAD])) {
280 case 0:
281 fprintf(stderr, "Skipping test...\n");
282 continue;
283 case -1:
284 fprintf(stderr, "Aborting...\n");
285 return 4;
286 }
287
288 if (!run_test_case(aead, bufs, lengths, line_no))
289 return 4;
290
291 for (j = 0; j < NUM_TYPES; j++)
292 lengths[j] = 0;
293
294 num_tests++;
295 continue;
296 }
297
298 /* Each line looks like:
299 * TYPE: 0123abc
300 * Where "TYPE" is the type of the data on the line,
301 * e.g. "KEY". */
302 for (i = 0; line[i] != 0 && line[i] != '\n'; i++) {
303 if (line[i] == ':') {
304 type_len = i;
305 break;
306 }
307 }
308 i++;
309
310 if (type_len == 0) {
311 fprintf(stderr, "Parse error on line %u\n", line_no);
312 return 3;
313 }
314
315 /* After the colon, there's optional whitespace. */
316 for (; line[i] != 0 && line[i] != '\n'; i++) {
317 if (line[i] != ' ' && line[i] != '\t')
318 break;
319 }
320
321 line[type_len] = 0;
322 for (j = 0; j < NUM_TYPES; j++) {
323 if (strcmp(line, NAMES[j]) != 0)
324 continue;
325 if (lengths[j] != 0) {
326 fprintf(stderr, "Duplicate value on line %u\n",
327 line_no);
328 return 3;
329 }
330 buf = bufs[j];
331 buf_len = &lengths[j];
332 break;
333 }
334
335 if (buf == NULL) {
336 fprintf(stderr, "Unknown line type on line %u\n",
337 line_no);
338 return 3;
339 }
340
341 if (j == AEAD) {
342 *buf_len = strlcpy(buf, line + i, BUF_MAX);
343 for (j = 0; j < BUF_MAX; j++) {
344 if (buf[j] == '\n')
345 buf[j] = '\0';
346 }
347 continue;
348 }
349
350 for (j = 0; line[i] != 0 && line[i] != '\n'; i++) {
351 unsigned char v, v2;
352 v = hex_digit(line[i++]);
353 if (line[i] == 0 || line[i] == '\n') {
354 fprintf(stderr, "Odd-length hex data on "
355 "line %u\n", line_no);
356 return 3;
357 }
358 v2 = hex_digit(line[i]);
359 if (v > 15 || v2 > 15) {
360 fprintf(stderr, "Invalid hex char on line %u\n",
361 line_no);
362 return 3;
363 }
364 v <<= 4;
365 v |= v2;
366
367 if (j == BUF_MAX) {
368 fprintf(stderr, "Too much hex data on line %u "
369 "(max is %u bytes)\n",
370 line_no, (unsigned) BUF_MAX);
371 return 3;
372 }
373 buf[j++] = v;
374 *buf_len = *buf_len + 1;
375 }
376 }
377
378 printf("Completed %u test cases\n", num_tests);
379 printf("PASS\n");
380 fclose(f);
381
382 return 0;
383 }
384