1 /* ==================================================================== 2 * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in 13 * the documentation and/or other materials provided with the 14 * distribution. 15 * 16 * 3. All advertising materials mentioning features or use of this 17 * software must display the following acknowledgment: 18 * "This product includes software developed by the OpenSSL Project 19 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 20 * 21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 22 * endorse or promote products derived from this software without 23 * prior written permission. For written permission, please contact 24 * licensing@OpenSSL.org. 25 * 26 * 5. Products derived from this software may not be called "OpenSSL" 27 * nor may "OpenSSL" appear in their names without prior written 28 * permission of the OpenSSL Project. 29 * 30 * 6. Redistributions of any form whatsoever must retain the following 31 * acknowledgment: 32 * "This product includes software developed by the OpenSSL Project 33 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 34 * 35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 46 * OF THE POSSIBILITY OF SUCH DAMAGE. 47 * ==================================================================== 48 */ 49 50 #include <stdio.h> 51 #include <stdlib.h> 52 #include <string.h> 53 #include <stdint.h> 54 55 #include <openssl/evp.h> 56 57 /* This program tests an AEAD against a series of test vectors from a file. The 58 * test vector file consists of key-value lines where the key and value are 59 * separated by a colon and optional whitespace. The keys are listed in 60 * NAMES, below. The values are hex-encoded data. 61 * 62 * After a number of key-value lines, a blank line indicates the end of the 63 * test case. 64 * 65 * For example, here's a valid test case: 66 * 67 * AEAD: chacha20-poly1305 68 * KEY: bcb2639bf989c6251b29bf38d39a9bdce7c55f4b2ac12a39c8a37b5d0a5cc2b5 69 * NONCE: 1e8b4c510f5ca083 70 * IN: 8c8419bc27 71 * AD: 34ab88c265 72 * CT: 1a7c2f33f5 73 * TAG: 2875c659d0f2808de3a40027feff91a4 74 */ 75 76 #define BUF_MAX 1024 77 78 /* These are the different types of line that are found in the input file. */ 79 enum { 80 AEAD = 0, /* name of the AEAD algorithm. */ 81 KEY, /* hex encoded key. */ 82 NONCE, /* hex encoded nonce. */ 83 IN, /* hex encoded plaintext. */ 84 AD, /* hex encoded additional data. */ 85 CT, /* hex encoded ciphertext (not including the 86 * authenticator, which is next. */ 87 TAG, /* hex encoded authenticator. */ 88 NUM_TYPES 89 }; 90 91 static const char NAMES[NUM_TYPES][6] = { 92 "AEAD", 93 "KEY", 94 "NONCE", 95 "IN", 96 "AD", 97 "CT", 98 "TAG", 99 }; 100 101 static unsigned char 102 hex_digit(char h) 103 { 104 if (h >= '0' && h <= '9') 105 return h - '0'; 106 else if (h >= 'a' && h <= 'f') 107 return h - 'a' + 10; 108 else if (h >= 'A' && h <= 'F') 109 return h - 'A' + 10; 110 else 111 return 16; 112 } 113 114 static int 115 aead_from_name(const EVP_AEAD **aead, const char *name) 116 { 117 *aead = NULL; 118 119 if (strcmp(name, "aes-128-gcm") == 0) { 120 #ifndef OPENSSL_NO_AES 121 *aead = EVP_aead_aes_128_gcm(); 122 #else 123 fprintf(stderr, "No AES support.\n"); 124 #endif 125 } else if (strcmp(name, "aes-256-gcm") == 0) { 126 #ifndef OPENSSL_NO_AES 127 *aead = EVP_aead_aes_256_gcm(); 128 #else 129 fprintf(stderr, "No AES support.\n"); 130 #endif 131 } else if (strcmp(name, "chacha20-poly1305") == 0) { 132 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 133 *aead = EVP_aead_chacha20_poly1305(); 134 #else 135 fprintf(stderr, "No chacha20-poly1305 support.\n"); 136 #endif 137 } else { 138 fprintf(stderr, "Unknown AEAD: %s\n", name); 139 return -1; 140 } 141 142 if (*aead == NULL) 143 return 0; 144 145 return 1; 146 } 147 148 static int 149 run_test_case(const EVP_AEAD* aead, unsigned char bufs[NUM_TYPES][BUF_MAX], 150 const unsigned int lengths[NUM_TYPES], unsigned int line_no) 151 { 152 EVP_AEAD_CTX ctx; 153 unsigned char out[BUF_MAX + EVP_AEAD_MAX_TAG_LENGTH], out2[BUF_MAX]; 154 size_t out_len, out_len2; 155 156 if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY], 157 lengths[TAG], NULL)) { 158 fprintf(stderr, "Failed to init AEAD on line %u\n", line_no); 159 return 0; 160 } 161 162 if (!EVP_AEAD_CTX_seal(&ctx, out, &out_len, sizeof(out), bufs[NONCE], 163 lengths[NONCE], bufs[IN], lengths[IN], bufs[AD], lengths[AD])) { 164 fprintf(stderr, "Failed to run AEAD on line %u\n", line_no); 165 return 0; 166 } 167 168 if (out_len != lengths[CT] + lengths[TAG]) { 169 fprintf(stderr, "Bad output length on line %u: %zu vs %u\n", 170 line_no, out_len, (unsigned)(lengths[CT] + lengths[TAG])); 171 return 0; 172 } 173 174 if (memcmp(out, bufs[CT], lengths[CT]) != 0) { 175 fprintf(stderr, "Bad output on line %u\n", line_no); 176 return 0; 177 } 178 179 if (memcmp(out + lengths[CT], bufs[TAG], lengths[TAG]) != 0) { 180 fprintf(stderr, "Bad tag on line %u\n", line_no); 181 return 0; 182 } 183 184 if (!EVP_AEAD_CTX_open(&ctx, out2, &out_len2, lengths[IN], bufs[NONCE], 185 lengths[NONCE], out, out_len, bufs[AD], lengths[AD])) { 186 fprintf(stderr, "Failed to decrypt on line %u\n", line_no); 187 return 0; 188 } 189 190 if (out_len2 != lengths[IN]) { 191 fprintf(stderr, "Bad decrypt on line %u: %zu\n", 192 line_no, out_len2); 193 return 0; 194 } 195 196 out[0] ^= 0x80; 197 if (EVP_AEAD_CTX_open(&ctx, out2, &out_len2, lengths[IN], bufs[NONCE], 198 lengths[NONCE], out, out_len, bufs[AD], lengths[AD])) { 199 fprintf(stderr, "Decrypted bad data on line %u\n", line_no); 200 return 0; 201 } 202 203 EVP_AEAD_CTX_cleanup(&ctx); 204 return 1; 205 } 206 207 int 208 main(int argc, char **argv) 209 { 210 FILE *f; 211 const EVP_AEAD *aead = NULL; 212 unsigned int line_no = 0, num_tests = 0, j; 213 214 unsigned char bufs[NUM_TYPES][BUF_MAX]; 215 unsigned int lengths[NUM_TYPES]; 216 217 if (argc != 2) { 218 fprintf(stderr, "%s <test file.txt>\n", argv[0]); 219 return 1; 220 } 221 222 f = fopen(argv[1], "r"); 223 if (f == NULL) { 224 perror("failed to open input"); 225 return 1; 226 } 227 228 for (j = 0; j < NUM_TYPES; j++) 229 lengths[j] = 0; 230 231 for (;;) { 232 char line[4096]; 233 unsigned int i, type_len = 0; 234 235 unsigned char *buf = NULL; 236 unsigned int *buf_len = NULL; 237 238 if (!fgets(line, sizeof(line), f)) 239 break; 240 241 line_no++; 242 if (line[0] == '#') 243 continue; 244 245 if (line[0] == '\n' || line[0] == 0) { 246 /* Run a test, if possible. */ 247 char any_values_set = 0; 248 for (j = 0; j < NUM_TYPES; j++) { 249 if (lengths[j] != 0) { 250 any_values_set = 1; 251 break; 252 } 253 } 254 255 if (!any_values_set) 256 continue; 257 258 switch (aead_from_name(&aead, bufs[AEAD])) { 259 case 0: 260 fprintf(stderr, "Skipping test...\n"); 261 continue; 262 case -1: 263 fprintf(stderr, "Aborting...\n"); 264 return 4; 265 } 266 267 if (!run_test_case(aead, bufs, lengths, line_no)) 268 return 4; 269 270 for (j = 0; j < NUM_TYPES; j++) 271 lengths[j] = 0; 272 273 num_tests++; 274 continue; 275 } 276 277 /* Each line looks like: 278 * TYPE: 0123abc 279 * Where "TYPE" is the type of the data on the line, 280 * e.g. "KEY". */ 281 for (i = 0; line[i] != 0 && line[i] != '\n'; i++) { 282 if (line[i] == ':') { 283 type_len = i; 284 break; 285 } 286 } 287 i++; 288 289 if (type_len == 0) { 290 fprintf(stderr, "Parse error on line %u\n", line_no); 291 return 3; 292 } 293 294 /* After the colon, there's optional whitespace. */ 295 for (; line[i] != 0 && line[i] != '\n'; i++) { 296 if (line[i] != ' ' && line[i] != '\t') 297 break; 298 } 299 300 line[type_len] = 0; 301 for (j = 0; j < NUM_TYPES; j++) { 302 if (strcmp(line, NAMES[j]) != 0) 303 continue; 304 if (lengths[j] != 0) { 305 fprintf(stderr, "Duplicate value on line %u\n", 306 line_no); 307 return 3; 308 } 309 buf = bufs[j]; 310 buf_len = &lengths[j]; 311 break; 312 } 313 314 if (buf == NULL) { 315 fprintf(stderr, "Unknown line type on line %u\n", 316 line_no); 317 return 3; 318 } 319 320 if (j == AEAD) { 321 *buf_len = strlcpy(buf, line + i, BUF_MAX); 322 for (j = 0; j < BUF_MAX; j++) { 323 if (buf[j] == '\n') 324 buf[j] = '\0'; 325 } 326 continue; 327 } 328 329 for (j = 0; line[i] != 0 && line[i] != '\n'; i++) { 330 unsigned char v, v2; 331 v = hex_digit(line[i++]); 332 if (line[i] == 0 || line[i] == '\n') { 333 fprintf(stderr, "Odd-length hex data on " 334 "line %u\n", line_no); 335 return 3; 336 } 337 v2 = hex_digit(line[i]); 338 if (v > 15 || v2 > 15) { 339 fprintf(stderr, "Invalid hex char on line %u\n", 340 line_no); 341 return 3; 342 } 343 v <<= 4; 344 v |= v2; 345 346 if (j == BUF_MAX) { 347 fprintf(stderr, "Too much hex data on line %u " 348 "(max is %u bytes)\n", 349 line_no, (unsigned) BUF_MAX); 350 return 3; 351 } 352 buf[j++] = v; 353 *buf_len = *buf_len + 1; 354 } 355 } 356 357 printf("Completed %u test cases\n", num_tests); 358 printf("PASS\n"); 359 fclose(f); 360 361 return 0; 362 } 363