1 /*
2 * lws-api-test-gencrypto - lws-genaes
3 *
4 * Written in 2010-2018 by Andy Green <andy@warmcat.com>
5 *
6 * This file is made available under the Creative Commons CC0 1.0
7 * Universal Public Domain Dedication.
8 */
9
10 #include <libwebsockets.h>
11
12
13 #if (defined(LWS_WITH_MBEDTLS) && (!defined(MBEDTLS_CONFIG_H) || defined(MBEDTLS_CIPHER_MODE_CBC))) || \
14 (!defined(LWS_WITH_MBEDTLS) && defined(LWS_HAVE_EVP_aes_128_cbc))
15
16 static const uint8_t
17 /*
18 * produced with (plaintext.txt contains "test plaintext\0\0")
19 *
20 * openssl enc -aes256 \
21 * -K "0123456789abcdeffedcba98765432100123456789abcdeffedcba9876543210" \
22 * -iv "0123456789abcdeffedcba9876543210"
23 * -in plaintext.txt -out out.enc
24 *
25 */
26 *cbc256 = (uint8_t *)"test plaintext\0\0",
27 cbc256_enc[] = {
28 0x2b, 0x5d, 0xb2, 0xa8, 0x5a, 0x5a, 0xf4, 0x2e,
29 0xf7, 0xf9, 0xc5, 0x3c, 0x73, 0xef, 0x40, 0x88,
30 }, cbc256_iv[] = {
31 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
32 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
33 }, cbc256_key[] = {
34 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
35 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
36 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
37 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
38 }
39 ;
40
41 static int
test_genaes_cbc(void)42 test_genaes_cbc(void)
43 {
44 struct lws_genaes_ctx ctx;
45 struct lws_gencrypto_keyelem e;
46 uint8_t res[32], res1[32];
47
48 /*
49 * As part of a jwk, these are allocated. But here we just use one as
50 * a wrapper on a static binary key.
51 */
52 e.buf = (uint8_t *)cbc256_key;
53 e.len = sizeof(cbc256_key);
54
55 if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_CBC, &e, 0, NULL)) {
56 lwsl_err("%s: lws_genaes_create failed\n", __func__);
57 return 1;
58 }
59
60 if (lws_genaes_crypt(&ctx, cbc256, 16, res, (uint8_t *)cbc256_iv,
61 NULL, NULL, 0)) {
62 lwsl_err("%s: lws_genaes_crypt failed\n", __func__);
63 goto bail;
64 }
65
66 if (lws_genaes_destroy(&ctx, NULL, 0)) {
67 lwsl_err("%s: lws_genaes_destroy enc failed\n", __func__);
68 return -1;
69 }
70
71 if (lws_timingsafe_bcmp(cbc256_enc, res, 16)) {
72 lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__);
73 lwsl_hexdump_notice(res, 16);
74 return -1;
75 }
76
77
78 if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_CBC, &e, 0, NULL)) {
79 lwsl_err("%s: lws_genaes_create dec failed\n", __func__);
80 return -1;
81 }
82
83 if (lws_genaes_crypt(&ctx, res, 16, res1, (uint8_t *)cbc256_iv,
84 NULL, NULL, 0)) {
85 lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__);
86 goto bail;
87 }
88
89 if (lws_genaes_destroy(&ctx, NULL, 0)) {
90 lwsl_err("%s: lws_genaes_destroy dec failed\n", __func__);
91 lwsl_hexdump_notice(res1, 16);
92 return -1;
93 }
94
95 if (lws_timingsafe_bcmp(cbc256, res1, 16)) {
96 lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__);
97 lwsl_hexdump_notice(res, 16);
98 return -1;
99 }
100
101 return 0;
102
103 bail:
104 lws_genaes_destroy(&ctx, NULL, 0);
105
106 return -1;
107 }
108 #endif
109
110 #if (defined(LWS_WITH_MBEDTLS) && (!defined(MBEDTLS_CONFIG_H) || defined(MBEDTLS_CIPHER_MODE_CFB))) || \
111 (!defined(LWS_WITH_MBEDTLS) && defined(LWS_HAVE_EVP_aes_128_cfb128))
112 static const uint8_t
113 /*
114 * produced with (plaintext.txt contains "test plaintext\0\0")
115 *
116 * openssl enc -aes-128-cfb \
117 * -K "0123456789abcdeffedcba9876543210" \
118 * -iv "0123456789abcdeffedcba9876543210"
119 * -in plaintext.txt -out out.enc
120 *
121 */
122 *cfb128 = (uint8_t *)"test plaintext\0\0",
123 cfb128_enc[] = {
124 0xd2, 0x11, 0x86, 0xd7, 0xa9, 0x55, 0x59, 0x04,
125 0x4f, 0x63, 0x7c, 0xb9, 0xc6, 0xa1, 0xc9, 0x71
126 }, cfb128_iv[] = {
127 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
128 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
129 }, cfb128_key[] = {
130 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
131 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
132 };
133
134 static int
test_genaes_cfb128(void)135 test_genaes_cfb128(void)
136 {
137 struct lws_genaes_ctx ctx;
138 struct lws_gencrypto_keyelem e;
139 uint8_t res[32], res1[32];
140 size_t iv_off = 0;
141
142 e.buf = (uint8_t *)cfb128_key;
143 e.len = sizeof(cfb128_key);
144
145 if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_CFB128, &e, 0, NULL)) {
146 lwsl_err("%s: lws_genaes_create failed\n", __func__);
147 return 1;
148 }
149
150 if (lws_genaes_crypt(&ctx, cfb128, 16, res, (uint8_t *)cfb128_iv,
151 NULL, &iv_off, 0)) {
152 lwsl_err("%s: lws_genaes_crypt failed\n", __func__);
153 goto bail;
154 }
155
156 if (lws_genaes_destroy(&ctx, NULL, 0)) {
157 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
158 return -1;
159 }
160
161 if (lws_timingsafe_bcmp(cfb128_enc, res, 16)) {
162 lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__);
163 lwsl_hexdump_notice(res, 16);
164 return -1;
165 }
166
167 iv_off = 0;
168
169 if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_CFB128, &e, 0, NULL)) {
170 lwsl_err("%s: lws_genaes_create dec failed\n", __func__);
171 return -1;
172 }
173
174 if (lws_genaes_crypt(&ctx, res, 16, res1, (uint8_t *)cfb128_iv,
175 NULL, &iv_off, 0)) {
176 lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__);
177 goto bail;
178 }
179
180 if (lws_genaes_destroy(&ctx, NULL, 0)) {
181 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
182 return -1;
183 }
184
185 if (lws_timingsafe_bcmp(cfb128, res1, 16)) {
186 lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__);
187 lwsl_hexdump_notice(res1, 16);
188 return -1;
189 }
190
191 return 0;
192
193 bail:
194 lws_genaes_destroy(&ctx, NULL, 0);
195
196 return -1;
197 }
198 #endif
199
200 #if (defined(LWS_WITH_MBEDTLS) && (!defined(MBEDTLS_CONFIG_H) || defined(MBEDTLS_CIPHER_MODE_CFB))) || \
201 (!defined(LWS_WITH_MBEDTLS) && defined(LWS_HAVE_EVP_aes_128_cfb8))
202
203 static const uint8_t
204 /*
205 * produced with (plaintext.txt contains "test plaintext\0\0")
206 *
207 * openssl enc -aes-128-cfb8 \
208 * -K "0123456789abcdeffedcba9876543210" \
209 * -iv "0123456789abcdeffedcba9876543210"
210 * -in plaintext.txt -out out.enc
211 *
212 */
213 *cfb8 = (uint8_t *)"test plaintext\0\0",
214 cfb8_enc[] = {
215 0xd2, 0x91, 0x06, 0x2d, 0x1b, 0x1e, 0x9b, 0x39,
216 0xa6, 0x65, 0x8e, 0xbe, 0x68, 0x32, 0x3d, 0xab
217 }, cfb8_iv[] = {
218 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
219 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
220 }, cfb8_key[] = {
221 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
222 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
223 };
224
225 static int
test_genaes_cfb8(void)226 test_genaes_cfb8(void)
227 {
228 struct lws_genaes_ctx ctx;
229 struct lws_gencrypto_keyelem e;
230 uint8_t res[32], res1[32];
231
232 e.buf = (uint8_t *)cfb8_key;
233 e.len = sizeof(cfb8_key);
234
235 if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_CFB8, &e, 0, NULL)) {
236 lwsl_err("%s: lws_genaes_create failed\n", __func__);
237 return 1;
238 }
239
240 if (lws_genaes_crypt(&ctx, cfb8, 16, res, (uint8_t *)cfb8_iv,
241 NULL, NULL, 0)) {
242 lwsl_err("%s: lws_genaes_crypt failed\n", __func__);
243 goto bail;
244 }
245
246 if (lws_genaes_destroy(&ctx, NULL, 0)) {
247 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
248 return -1;
249 }
250
251 if (lws_timingsafe_bcmp(cfb8_enc, res, 16)) {
252 lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__);
253 lwsl_hexdump_notice(res, 16);
254 return -1;
255 }
256
257 if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_CFB8, &e, 0, NULL)) {
258 lwsl_err("%s: lws_genaes_create dec failed\n", __func__);
259 return -1;
260 }
261
262 if (lws_genaes_crypt(&ctx, res, 16, res1, (uint8_t *)cfb8_iv,
263 NULL, NULL, 0)) {
264 lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__);
265 goto bail;
266 }
267
268 if (lws_genaes_destroy(&ctx, NULL, 0)) {
269 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
270 return -1;
271 }
272
273 if (lws_timingsafe_bcmp(cfb8, res1, 16)) {
274 lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__);
275 lwsl_hexdump_notice(res1, 16);
276 return -1;
277 }
278
279 return 0;
280
281 bail:
282 lws_genaes_destroy(&ctx, NULL, 0);
283
284 return -1;
285 }
286 #endif
287
288 #if (defined(LWS_WITH_MBEDTLS) && (!defined(MBEDTLS_CONFIG_H) || defined(MBEDTLS_CIPHER_MODE_CTR))) || \
289 (!defined(LWS_WITH_MBEDTLS) && defined(LWS_HAVE_EVP_aes_128_ctr))
290 static const uint8_t
291 /*
292 * produced with (plaintext.txt contains "test plaintext\0\0")
293 *
294 * openssl enc -aes-128-ctr \
295 * -K "0123456789abcdeffedcba9876543210" \
296 * -iv "0123456789abcdeffedcba9876543210"
297 * -in plaintext.txt -out out.enc
298 *
299 */
300 *ctr = (uint8_t *)"test plaintext\0\0",
301 ctr_enc[] = {
302 0xd2, 0x11, 0x86, 0xd7, 0xa9, 0x55, 0x59, 0x04,
303 0x4f, 0x63, 0x7c, 0xb9, 0xc6, 0xa1, 0xc9, 0x71
304 }, ctr_iv[] = {
305 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
306 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
307 }, ctr_key[] = {
308 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
309 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
310 };
311
312 static int
test_genaes_ctr(void)313 test_genaes_ctr(void)
314 {
315 uint8_t nonce_counter[16], sb[16];
316 struct lws_genaes_ctx ctx;
317 struct lws_gencrypto_keyelem e;
318 uint8_t res[32], res1[32];
319 size_t nc_off = 0;
320
321 e.buf = (uint8_t *)ctr_key;
322 e.len = sizeof(ctr_key);
323
324 memset(sb, 0, sizeof(nonce_counter));
325 memcpy(nonce_counter, ctr_iv, sizeof(ctr_iv));
326
327 if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_CTR, &e, 0, NULL)) {
328 lwsl_err("%s: lws_genaes_create failed\n", __func__);
329 return 1;
330 }
331
332 if (lws_genaes_crypt(&ctx, ctr, 16, res, nonce_counter, sb, &nc_off, 0)) {
333 lwsl_err("%s: lws_genaes_crypt failed\n", __func__);
334 goto bail;
335 }
336
337 if (lws_genaes_destroy(&ctx, NULL, 0)) {
338 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
339 return -1;
340 }
341
342 if (lws_timingsafe_bcmp(ctr_enc, res, 16)) {
343 lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__);
344 lwsl_hexdump_notice(res, 16);
345 return -1;
346 }
347
348 nc_off = 0;
349 memset(sb , 0, sizeof(nonce_counter));
350 memcpy(nonce_counter, ctr_iv, sizeof(ctr_iv));
351
352 if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_CTR, &e, 0, NULL)) {
353 lwsl_err("%s: lws_genaes_create dec failed\n", __func__);
354 return -1;
355 }
356
357 if (lws_genaes_crypt(&ctx, res, 16, res1, nonce_counter, sb, &nc_off, 0)) {
358 lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__);
359 goto bail;
360 }
361
362 if (lws_genaes_destroy(&ctx, NULL, 0)) {
363 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
364 return -1;
365 }
366
367 if (lws_timingsafe_bcmp(ctr, res1, 16)) {
368 lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__);
369 lwsl_hexdump_notice(res1, 16);
370 return -1;
371 }
372
373 lws_explicit_bzero(sb, sizeof(sb));
374
375 return 0;
376
377 bail:
378 lws_genaes_destroy(&ctx, NULL, 0);
379
380 return -1;
381 }
382 #endif
383
384 #if (defined(LWS_WITH_MBEDTLS)) || \
385 (!defined(LWS_WITH_MBEDTLS) && defined(LWS_HAVE_EVP_aes_128_ecb))
386 static const uint8_t
387 /*
388 * produced with (plaintext.txt contains "test plaintext\0\0")
389 *
390 * openssl enc -aes-128-ecb \
391 * -K "0123456789abcdeffedcba9876543210" \
392 * -in plaintext.txt -out out.enc
393 *
394 */
395 *ecb = (uint8_t *)"test plaintext\0\0",
396 ecb_enc[] = {
397 0xf3, 0xe5, 0x6c, 0x80, 0x3a, 0xf1, 0xc4, 0xa0,
398 0x7e, 0xdf, 0x86, 0x0f, 0x6d, 0xca, 0x5d, 0x36,
399 0x17, 0x22, 0x37, 0x42, 0x47, 0x41, 0x67, 0x7d,
400 0x99, 0x25, 0x02, 0x6b, 0x6b, 0x8f, 0x9c, 0x7f
401 }, ecb_key[] = {
402 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
403 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
404 };
405
406 static int
test_genaes_ecb(void)407 test_genaes_ecb(void)
408 {
409 struct lws_genaes_ctx ctx;
410 struct lws_gencrypto_keyelem e;
411 uint8_t res[32], res1[32];
412
413 /*
414 * As part of a jwk, these are allocated. But here we just use one as
415 * a wrapper on a static binary key.
416 */
417 e.buf = (uint8_t *)ecb_key;
418 e.len = sizeof(ecb_key);
419
420 if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_ECB, &e, 0, NULL)) {
421 lwsl_err("%s: lws_genaes_create failed\n", __func__);
422 return 1;
423 }
424
425 if (lws_genaes_crypt(&ctx, ecb, 16, res, NULL, NULL, NULL, 0)) {
426 lwsl_err("%s: lws_genaes_crypt failed\n", __func__);
427 goto bail;
428 }
429
430 if (lws_genaes_destroy(&ctx, NULL, 0)) {
431 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
432 return -1;
433 }
434
435 if (lws_timingsafe_bcmp(ecb_enc, res, 16)) {
436 lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__);
437 lwsl_hexdump_notice(res, 16);
438 return -1;
439 }
440
441 if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_ECB, &e, 0, NULL)) {
442 lwsl_err("%s: lws_genaes_create dec failed\n", __func__);
443 return -1;
444 }
445
446 if (lws_genaes_crypt(&ctx, res, 16, res1, NULL, NULL, NULL, 0)) {
447 lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__);
448 goto bail;
449 }
450
451 if (lws_genaes_destroy(&ctx, NULL, 0)) {
452 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
453 return -1;
454 }
455
456 if (lws_timingsafe_bcmp(ecb, res1, 16)) {
457 lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__);
458 lwsl_hexdump_notice(res, 16);
459 return -1;
460 }
461
462 return 0;
463
464 bail:
465 lws_genaes_destroy(&ctx, NULL, 0);
466
467 return -1;
468 }
469 #endif
470
471 #if (defined(LWS_WITH_MBEDTLS) && (!defined(MBEDTLS_CONFIG_H) || defined(MBEDTLS_CIPHER_MODE_OFB))) || \
472 (!defined(LWS_WITH_MBEDTLS) && defined(LWS_HAVE_EVP_aes_128_ofb))
473 static const uint8_t
474 /*
475 * produced with (plaintext.txt contains "test plaintext\0\0")
476 *
477 * openssl enc -aes-128-ofb \
478 * -K "0123456789abcdeffedcba98765432100123456789abcdeffedcba9876543210" \
479 * -iv "0123456789abcdeffedcba9876543210"
480 * -in plaintext.txt -out out.enc
481 *
482 */
483 *ofb = (uint8_t *)"test plaintext\0\0",
484 ofb_enc[] = {
485 /* !!! ugh... openssl app produces this... */
486 // 0xd2, 0x11, 0x86, 0xd7, 0xa9, 0x55, 0x59, 0x04,
487 // 0x4f, 0x63, 0x7c, 0xb9, 0xc6, 0xa1, 0xc9, 0x71,
488 /* but both OpenSSL and mbedTLS produce this */
489 0x11, 0x33, 0x6D, 0xFC, 0x88, 0x4C, 0x28, 0xBA,
490 0xD0, 0xF2, 0x6C, 0xBC, 0xDE, 0x4A, 0x56, 0x20
491 }, ofb_iv[] = {
492 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
493 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
494 }, ofb_key[] = {
495 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
496 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
497 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
498 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
499 }
500 ;
501 static int
test_genaes_ofb(void)502 test_genaes_ofb(void)
503 {
504 struct lws_genaes_ctx ctx;
505 struct lws_gencrypto_keyelem e;
506 uint8_t res[32], res1[32];
507 size_t iv_off = 0;
508
509 e.buf = (uint8_t *)ofb_key;
510 e.len = sizeof(ofb_key);
511
512 if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_OFB, &e, 0, NULL)) {
513 lwsl_err("%s: lws_genaes_create failed\n", __func__);
514 return 1;
515 }
516
517 if (lws_genaes_crypt(&ctx, ofb, 16, res, (uint8_t *)ofb_iv, NULL,
518 &iv_off, 0)) {
519 lwsl_err("%s: lws_genaes_crypt failed\n", __func__);
520 goto bail;
521 }
522
523 if (lws_genaes_destroy(&ctx, NULL, 0)) {
524 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
525 return -1;
526 }
527
528 if (lws_timingsafe_bcmp(ofb_enc, res, 16)) {
529 lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__);
530 lwsl_hexdump_notice(res, 16);
531 return -1;
532 }
533
534 iv_off = 0;
535
536 if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_OFB, &e, 0, NULL)) {
537 lwsl_err("%s: lws_genaes_create dec failed\n", __func__);
538 return -1;
539 }
540
541 if (lws_genaes_crypt(&ctx, res, 16, res1, (uint8_t *)ofb_iv, NULL,
542 &iv_off, 0)) {
543 lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__);
544 goto bail;
545 }
546
547 if (lws_genaes_destroy(&ctx, NULL, 0)) {
548 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
549 return -1;
550 }
551
552 if (lws_timingsafe_bcmp(ofb, res1, 16)) {
553 lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__);
554 lwsl_hexdump_notice(res, 16);
555 return -1;
556 }
557
558 return 0;
559
560 bail:
561 lws_genaes_destroy(&ctx, NULL, 0);
562
563 return -1;
564 }
565
566 #endif
567
568 #if (defined(LWS_WITH_MBEDTLS) && (!defined(MBEDTLS_CONFIG_H) || defined(MBEDTLS_CIPHER_MODE_XTS))) || \
569 (!defined(LWS_WITH_MBEDTLS) && defined(LWS_HAVE_EVP_aes_128_xts))
570
571 static const uint8_t
572 /*
573 * Fedora openssl tool doesn't support xts... this data produced
574 * by testing on mbedtls + OpenSSL and getting the same result
575 *
576 * NOTICE that xts requires a double-length key... OpenSSL now checks
577 * the key for duplication so we use a random key
578 */
579 *xts = (uint8_t *)"test plaintext\0\0",
580 xts_enc[] = {
581 0x87, 0x83, 0x20, 0x8B, 0x15, 0x89, 0xA1, 0x13,
582 0xDC, 0xEA, 0x82, 0xB6, 0xFF, 0x8D, 0x76, 0x3A
583 }, xts_key[] = {
584 0xa4, 0xd6, 0xa2, 0x1a, 0x3b, 0x34, 0x34, 0x43,
585 0x9a, 0xe2, 0x6a, 0x01, 0x1c, 0x73, 0x80, 0x3b,
586 0xdd, 0xf6, 0xd4, 0x37, 0x5e, 0x0e, 0x1c, 0x72,
587 0x8e, 0xe5, 0x18, 0x69, 0xfd, 0x08, 0x40, 0x2b,
588 0x98, 0xf9, 0x75, 0xa8, 0x36, 0xd5, 0x0f, 0xa2,
589 0x20, 0x04, 0x43, 0xa7, 0x3a, 0xa6, 0x4a, 0xdc,
590 0xe9, 0x54, 0x50, 0xfa, 0x38, 0xad, 0x6d, 0x96,
591 0x5f, 0x31, 0x9e, 0xcd, 0x33, 0x08, 0xa0, 0x44
592 }
593 ;
594 static int
test_genaes_xts(void)595 test_genaes_xts(void)
596 {
597
598 struct lws_genaes_ctx ctx;
599 struct lws_gencrypto_keyelem e;
600 uint8_t res[32], res1[32], data_unit[16];
601
602 memset(data_unit, 0, sizeof(data_unit));
603
604 e.buf = (uint8_t *)xts_key;
605 e.len = sizeof(xts_key);
606
607 if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_XTS, &e, 0, NULL)) {
608 lwsl_err("%s: lws_genaes_create failed\n", __func__);
609 return 1;
610 }
611
612 if (lws_genaes_crypt(&ctx, xts, 16, res, data_unit, NULL, NULL, 0)) {
613 lwsl_err("%s: lws_genaes_crypt failed\n", __func__);
614 goto bail;
615 }
616
617 if (lws_genaes_destroy(&ctx, NULL, 0)) {
618 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
619 return -1;
620 }
621
622 if (lws_timingsafe_bcmp(xts_enc, res, 16)) {
623 lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__);
624 lwsl_hexdump_notice(res, 16);
625 return -1;
626 }
627
628 if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_XTS, &e, 0, NULL)) {
629 lwsl_err("%s: lws_genaes_create dec failed\n", __func__);
630 return -1;
631 }
632
633 if (lws_genaes_crypt(&ctx, res, 16, res1, data_unit, NULL, NULL, 0)) {
634 lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__);
635 goto bail;
636 }
637
638 if (lws_genaes_destroy(&ctx, NULL, 0)) {
639 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
640 return -1;
641 }
642
643 if (lws_timingsafe_bcmp(xts, res1, 16)) {
644 lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__);
645 lwsl_hexdump_notice(res, 16);
646 return -1;
647 }
648
649 return 0;
650
651 bail:
652 lws_genaes_destroy(&ctx, NULL, 0);
653
654 return -1;
655 }
656 #endif
657
658 static const uint8_t
659 /*
660 * https://csrc.nist.gov/CSRC/media/Projects/
661 * Cryptographic-Algorithm-Validation-Program/
662 * documents/mac/gcmtestvectors.zip
663 */
664
665 gcm_ct[] = {
666 0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c,
667 0xd5, 0x36, 0x86, 0x7e, 0xb9, 0xf2, 0x17, 0x36
668 }, gcm_iv[] = {
669 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0,
670 0xee, 0xd0, 0x66, 0x84
671 }, gcm_key[] = {
672 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92,
673 0x1c, 0x04, 0x65, 0x66, 0x5f, 0x8a, 0xe6, 0xd1,
674 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
675 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f
676 }, gcm_pt[] = {
677 0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e,
678 0xeb, 0x31, 0xb2, 0xea, 0xcc, 0x2b, 0xf2, 0xa5
679 }, gcm_aad[] = {
680 0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b,
681 0xdb, 0x37, 0x0c, 0x43, 0x7f, 0xec, 0x78, 0xde
682 }, gcm_tag[] = {
683 0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87,
684 0xd7, 0x37, 0xee, 0x62, 0x98, 0xf7, 0x7e, 0x0c
685 };
686
687 static int
test_genaes_gcm(void)688 test_genaes_gcm(void)
689 {
690 uint8_t res[sizeof(gcm_ct)], tag[sizeof(gcm_tag)];
691 struct lws_genaes_ctx ctx;
692 struct lws_gencrypto_keyelem e;
693 size_t iv_off = 0;
694
695 e.buf = (uint8_t *)gcm_key;
696 e.len = sizeof(gcm_key);
697
698 /* Encrypt */
699
700 if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_GCM, &e, 0, NULL)) {
701 lwsl_err("%s: lws_genaes_create failed\n", __func__);
702 return 1;
703 }
704
705 /* first we set the iv and aad */
706
707 iv_off = sizeof(gcm_iv);
708 if (lws_genaes_crypt(&ctx, gcm_aad, sizeof(gcm_aad), NULL,
709 (uint8_t *)gcm_iv, (uint8_t *)gcm_tag,
710 &iv_off, sizeof(gcm_tag))) {
711 lwsl_err("%s: lws_genaes_crypt 1 failed\n", __func__);
712 goto bail;
713 }
714
715 if (lws_genaes_crypt(&ctx, gcm_pt, sizeof(gcm_pt), res,
716 NULL, NULL, NULL, 0)) {
717 lwsl_err("%s: lws_genaes_crypt 2 failed\n", __func__);
718 goto bail;
719 }
720
721 if (lws_genaes_destroy(&ctx, tag, sizeof(tag))) {
722 lwsl_err("%s: lws_genaes_destroy enc failed\n", __func__);
723 return -1;
724 }
725
726 if (lws_timingsafe_bcmp(gcm_ct, res, sizeof(gcm_ct))) {
727 lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__);
728 lwsl_hexdump_notice(res, sizeof(gcm_ct));
729 return -1;
730 }
731
732
733 /* Decrypt */
734
735 if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_GCM, &e, 0, NULL)) {
736 lwsl_err("%s: lws_genaes_create failed\n", __func__);
737 return 1;
738 }
739
740 iv_off = sizeof(gcm_iv); /* initial call sets iv + aad + tag */
741 if (lws_genaes_crypt(&ctx, gcm_aad, sizeof(gcm_aad), NULL,
742 (uint8_t *)gcm_iv, (uint8_t *)gcm_tag,
743 &iv_off, sizeof(gcm_tag))) {
744 lwsl_err("%s: lws_genaes_crypt 1 failed\n", __func__);
745 goto bail;
746 }
747
748 if (lws_genaes_crypt(&ctx, gcm_ct, sizeof(gcm_ct), res,
749 NULL, NULL, NULL, 0)) {
750 lwsl_err("%s: lws_genaes_crypt 2 failed\n", __func__);
751 goto bail;
752 }
753
754 if (lws_genaes_destroy(&ctx, tag, sizeof(tag))) {
755 lwsl_err("%s: lws_genaes_destroy dec failed\n", __func__);
756 return -1;
757 }
758
759 if (lws_timingsafe_bcmp(gcm_pt, res, sizeof(gcm_pt))) {
760 lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__);
761 lwsl_hexdump_notice(res, sizeof(gcm_ct));
762 return -1;
763 }
764
765 return 0;
766
767 bail:
768 lws_genaes_destroy(&ctx, NULL, 0);
769
770 return -1;
771 }
772
773 int
test_genaes(struct lws_context * context)774 test_genaes(struct lws_context *context)
775 {
776 #if (defined(LWS_WITH_MBEDTLS) && (!defined(MBEDTLS_CONFIG_H) || defined(MBEDTLS_CIPHER_MODE_CBC))) || \
777 (!defined(LWS_WITH_MBEDTLS) && defined(LWS_HAVE_EVP_aes_128_cbc))
778 if (test_genaes_cbc())
779 goto bail;
780 #endif
781 #if (defined(LWS_WITH_MBEDTLS) && (!defined(MBEDTLS_CONFIG_H) || defined(MBEDTLS_CIPHER_MODE_CFB))) || \
782 (!defined(LWS_WITH_MBEDTLS) && defined(LWS_HAVE_EVP_aes_128_cfb128))
783 if (test_genaes_cfb128())
784 goto bail;
785 #endif
786 #if (defined(LWS_WITH_MBEDTLS) && (!defined(MBEDTLS_CONFIG_H) || defined(MBEDTLS_CIPHER_MODE_CFB))) || \
787 (!defined(LWS_WITH_MBEDTLS) && defined(LWS_HAVE_EVP_aes_128_cfb8))
788 if (test_genaes_cfb8())
789 goto bail;
790 #endif
791 #if (defined(LWS_WITH_MBEDTLS) && (!defined(MBEDTLS_CONFIG_H) || defined(MBEDTLS_CIPHER_MODE_CTR))) || \
792 (!defined(LWS_WITH_MBEDTLS) && defined(LWS_HAVE_EVP_aes_128_ctr))
793 if (test_genaes_ctr())
794 goto bail;
795 #endif
796 #if (defined(LWS_WITH_MBEDTLS)) || \
797 (!defined(LWS_WITH_MBEDTLS) && defined(LWS_HAVE_EVP_aes_128_ecb))
798 if (test_genaes_ecb())
799 goto bail;
800 #endif
801 #if (defined(LWS_WITH_MBEDTLS) && (!defined(MBEDTLS_CONFIG_H) || defined(MBEDTLS_CIPHER_MODE_OFB))) || \
802 (!defined(LWS_WITH_MBEDTLS) && defined(LWS_HAVE_EVP_aes_128_ofb))
803 if (test_genaes_ofb())
804 goto bail;
805 #endif
806 #if (defined(LWS_WITH_MBEDTLS) && (!defined(MBEDTLS_CONFIG_H) || defined(MBEDTLS_CIPHER_MODE_XTS))) || \
807 (!defined(LWS_WITH_MBEDTLS) && defined(LWS_HAVE_EVP_aes_128_xts))
808 if (test_genaes_xts())
809 goto bail;
810 #endif
811
812 if (test_genaes_gcm())
813 goto bail;
814
815 /* end */
816
817 lwsl_notice("%s: selftest OK\n", __func__);
818
819 return 0;
820
821 bail:
822 lwsl_err("%s: selftest failed ++++++++++++++++++++\n", __func__);
823
824 return 1;
825 }
826