1 /*
2 * lws-api-test-gencrypto - lws-genaes
3 *
4 * Written in 2010-2018 by Andy Green <andy@warmcat.com>
5 *
6 * This file is made available under the Creative Commons CC0 1.0
7 * Universal Public Domain Dedication.
8 */
9
10 #include <libwebsockets.h>
11
12 static const uint8_t
13 /*
14 * produced with (plaintext.txt contains "test plaintext\0\0")
15 *
16 * openssl enc -aes256 \
17 * -K "0123456789abcdeffedcba98765432100123456789abcdeffedcba9876543210" \
18 * -iv "0123456789abcdeffedcba9876543210"
19 * -in plaintext.txt -out out.enc
20 *
21 */
22 *cbc256 = (uint8_t *)"test plaintext\0\0",
23 cbc256_enc[] = {
24 0x2b, 0x5d, 0xb2, 0xa8, 0x5a, 0x5a, 0xf4, 0x2e,
25 0xf7, 0xf9, 0xc5, 0x3c, 0x73, 0xef, 0x40, 0x88,
26 }, cbc256_iv[] = {
27 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
28 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
29 }, cbc256_key[] = {
30 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
31 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
32 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
33 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
34 }
35 ;
36
37 static int
test_genaes_cbc(void)38 test_genaes_cbc(void)
39 {
40 struct lws_genaes_ctx ctx;
41 struct lws_gencrypto_keyelem e;
42 uint8_t res[32], res1[32];
43
44 /*
45 * As part of a jwk, these are allocated. But here we just use one as
46 * a wrapper on a static binary key.
47 */
48 e.buf = (uint8_t *)cbc256_key;
49 e.len = sizeof(cbc256_key);
50
51 if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_CBC, &e, 0, NULL)) {
52 lwsl_err("%s: lws_genaes_create failed\n", __func__);
53 return 1;
54 }
55
56 if (lws_genaes_crypt(&ctx, cbc256, 16, res, (uint8_t *)cbc256_iv,
57 NULL, NULL, 0)) {
58 lwsl_err("%s: lws_genaes_crypt failed\n", __func__);
59 goto bail;
60 }
61
62 if (lws_genaes_destroy(&ctx, NULL, 0)) {
63 lwsl_err("%s: lws_genaes_destroy enc failed\n", __func__);
64 return -1;
65 }
66
67 if (lws_timingsafe_bcmp(cbc256_enc, res, 16)) {
68 lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__);
69 lwsl_hexdump_notice(res, 16);
70 return -1;
71 }
72
73
74 if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_CBC, &e, 0, NULL)) {
75 lwsl_err("%s: lws_genaes_create dec failed\n", __func__);
76 return -1;
77 }
78
79 if (lws_genaes_crypt(&ctx, res, 16, res1, (uint8_t *)cbc256_iv,
80 NULL, NULL, 0)) {
81 lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__);
82 goto bail;
83 }
84
85 if (lws_genaes_destroy(&ctx, NULL, 0)) {
86 lwsl_err("%s: lws_genaes_destroy dec failed\n", __func__);
87 lwsl_hexdump_notice(res1, 16);
88 return -1;
89 }
90
91 if (lws_timingsafe_bcmp(cbc256, res1, 16)) {
92 lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__);
93 lwsl_hexdump_notice(res, 16);
94 return -1;
95 }
96
97 return 0;
98
99 bail:
100 lws_genaes_destroy(&ctx, NULL, 0);
101
102 return -1;
103 }
104
105 static const uint8_t
106 /*
107 * produced with (plaintext.txt contains "test plaintext\0\0")
108 *
109 * openssl enc -aes-128-cfb \
110 * -K "0123456789abcdeffedcba9876543210" \
111 * -iv "0123456789abcdeffedcba9876543210"
112 * -in plaintext.txt -out out.enc
113 *
114 */
115 *cfb128 = (uint8_t *)"test plaintext\0\0",
116 cfb128_enc[] = {
117 0xd2, 0x11, 0x86, 0xd7, 0xa9, 0x55, 0x59, 0x04,
118 0x4f, 0x63, 0x7c, 0xb9, 0xc6, 0xa1, 0xc9, 0x71
119 }, cfb128_iv[] = {
120 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
121 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
122 }, cfb128_key[] = {
123 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
124 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
125 };
126
127 static int
test_genaes_cfb128(void)128 test_genaes_cfb128(void)
129 {
130 struct lws_genaes_ctx ctx;
131 struct lws_gencrypto_keyelem e;
132 uint8_t res[32], res1[32];
133 size_t iv_off = 0;
134
135 e.buf = (uint8_t *)cfb128_key;
136 e.len = sizeof(cfb128_key);
137
138 if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_CFB128, &e, 0, NULL)) {
139 lwsl_err("%s: lws_genaes_create failed\n", __func__);
140 return 1;
141 }
142
143 if (lws_genaes_crypt(&ctx, cfb128, 16, res, (uint8_t *)cfb128_iv,
144 NULL, &iv_off, 0)) {
145 lwsl_err("%s: lws_genaes_crypt failed\n", __func__);
146 goto bail;
147 }
148
149 if (lws_genaes_destroy(&ctx, NULL, 0)) {
150 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
151 return -1;
152 }
153
154 if (lws_timingsafe_bcmp(cfb128_enc, res, 16)) {
155 lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__);
156 lwsl_hexdump_notice(res, 16);
157 return -1;
158 }
159
160 iv_off = 0;
161
162 if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_CFB128, &e, 0, NULL)) {
163 lwsl_err("%s: lws_genaes_create dec failed\n", __func__);
164 return -1;
165 }
166
167 if (lws_genaes_crypt(&ctx, res, 16, res1, (uint8_t *)cfb128_iv,
168 NULL, &iv_off, 0)) {
169 lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__);
170 goto bail;
171 }
172
173 if (lws_genaes_destroy(&ctx, NULL, 0)) {
174 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
175 return -1;
176 }
177
178 if (lws_timingsafe_bcmp(cfb128, res1, 16)) {
179 lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__);
180 lwsl_hexdump_notice(res1, 16);
181 return -1;
182 }
183
184 return 0;
185
186 bail:
187 lws_genaes_destroy(&ctx, NULL, 0);
188
189 return -1;
190 }
191
192 static const uint8_t
193 /*
194 * produced with (plaintext.txt contains "test plaintext\0\0")
195 *
196 * openssl enc -aes-128-cfb8 \
197 * -K "0123456789abcdeffedcba9876543210" \
198 * -iv "0123456789abcdeffedcba9876543210"
199 * -in plaintext.txt -out out.enc
200 *
201 */
202 *cfb8 = (uint8_t *)"test plaintext\0\0",
203 cfb8_enc[] = {
204 0xd2, 0x91, 0x06, 0x2d, 0x1b, 0x1e, 0x9b, 0x39,
205 0xa6, 0x65, 0x8e, 0xbe, 0x68, 0x32, 0x3d, 0xab
206 }, cfb8_iv[] = {
207 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
208 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
209 }, cfb8_key[] = {
210 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
211 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
212 };
213
214 static int
test_genaes_cfb8(void)215 test_genaes_cfb8(void)
216 {
217 struct lws_genaes_ctx ctx;
218 struct lws_gencrypto_keyelem e;
219 uint8_t res[32], res1[32];
220
221 e.buf = (uint8_t *)cfb8_key;
222 e.len = sizeof(cfb8_key);
223
224 if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_CFB8, &e, 0, NULL)) {
225 lwsl_err("%s: lws_genaes_create failed\n", __func__);
226 return 1;
227 }
228
229 if (lws_genaes_crypt(&ctx, cfb8, 16, res, (uint8_t *)cfb8_iv,
230 NULL, NULL, 0)) {
231 lwsl_err("%s: lws_genaes_crypt failed\n", __func__);
232 goto bail;
233 }
234
235 if (lws_genaes_destroy(&ctx, NULL, 0)) {
236 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
237 return -1;
238 }
239
240 if (lws_timingsafe_bcmp(cfb8_enc, res, 16)) {
241 lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__);
242 lwsl_hexdump_notice(res, 16);
243 return -1;
244 }
245
246 if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_CFB8, &e, 0, NULL)) {
247 lwsl_err("%s: lws_genaes_create dec failed\n", __func__);
248 return -1;
249 }
250
251 if (lws_genaes_crypt(&ctx, res, 16, res1, (uint8_t *)cfb8_iv,
252 NULL, NULL, 0)) {
253 lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__);
254 goto bail;
255 }
256
257 if (lws_genaes_destroy(&ctx, NULL, 0)) {
258 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
259 return -1;
260 }
261
262 if (lws_timingsafe_bcmp(cfb8, res1, 16)) {
263 lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__);
264 lwsl_hexdump_notice(res1, 16);
265 return -1;
266 }
267
268 return 0;
269
270 bail:
271 lws_genaes_destroy(&ctx, NULL, 0);
272
273 return -1;
274 }
275
276 static const uint8_t
277 /*
278 * produced with (plaintext.txt contains "test plaintext\0\0")
279 *
280 * openssl enc -aes-128-ctr \
281 * -K "0123456789abcdeffedcba9876543210" \
282 * -iv "0123456789abcdeffedcba9876543210"
283 * -in plaintext.txt -out out.enc
284 *
285 */
286 *ctr = (uint8_t *)"test plaintext\0\0",
287 ctr_enc[] = {
288 0xd2, 0x11, 0x86, 0xd7, 0xa9, 0x55, 0x59, 0x04,
289 0x4f, 0x63, 0x7c, 0xb9, 0xc6, 0xa1, 0xc9, 0x71
290 }, ctr_iv[] = {
291 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
292 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
293 }, ctr_key[] = {
294 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
295 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
296 };
297
298 static int
test_genaes_ctr(void)299 test_genaes_ctr(void)
300 {
301 uint8_t nonce_counter[16], sb[16];
302 struct lws_genaes_ctx ctx;
303 struct lws_gencrypto_keyelem e;
304 uint8_t res[32], res1[32];
305 size_t nc_off = 0;
306
307 e.buf = (uint8_t *)ctr_key;
308 e.len = sizeof(ctr_key);
309
310 memset(sb, 0, sizeof(nonce_counter));
311 memcpy(nonce_counter, ctr_iv, sizeof(ctr_iv));
312
313 if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_CTR, &e, 0, NULL)) {
314 lwsl_err("%s: lws_genaes_create failed\n", __func__);
315 return 1;
316 }
317
318 if (lws_genaes_crypt(&ctx, ctr, 16, res, nonce_counter, sb, &nc_off, 0)) {
319 lwsl_err("%s: lws_genaes_crypt failed\n", __func__);
320 goto bail;
321 }
322
323 if (lws_genaes_destroy(&ctx, NULL, 0)) {
324 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
325 return -1;
326 }
327
328 if (lws_timingsafe_bcmp(ctr_enc, res, 16)) {
329 lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__);
330 lwsl_hexdump_notice(res, 16);
331 return -1;
332 }
333
334 nc_off = 0;
335 memset(sb , 0, sizeof(nonce_counter));
336 memcpy(nonce_counter, ctr_iv, sizeof(ctr_iv));
337
338 if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_CTR, &e, 0, NULL)) {
339 lwsl_err("%s: lws_genaes_create dec failed\n", __func__);
340 return -1;
341 }
342
343 if (lws_genaes_crypt(&ctx, res, 16, res1, nonce_counter, sb, &nc_off, 0)) {
344 lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__);
345 goto bail;
346 }
347
348 if (lws_genaes_destroy(&ctx, NULL, 0)) {
349 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
350 return -1;
351 }
352
353 if (lws_timingsafe_bcmp(ctr, res1, 16)) {
354 lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__);
355 lwsl_hexdump_notice(res1, 16);
356 return -1;
357 }
358
359 lws_explicit_bzero(sb, sizeof(sb));
360
361 return 0;
362
363 bail:
364 lws_genaes_destroy(&ctx, NULL, 0);
365
366 return -1;
367 }
368
369 static const uint8_t
370 /*
371 * produced with (plaintext.txt contains "test plaintext\0\0")
372 *
373 * openssl enc -aes-128-ecb \
374 * -K "0123456789abcdeffedcba9876543210" \
375 * -in plaintext.txt -out out.enc
376 *
377 */
378 *ecb = (uint8_t *)"test plaintext\0\0",
379 ecb_enc[] = {
380 0xf3, 0xe5, 0x6c, 0x80, 0x3a, 0xf1, 0xc4, 0xa0,
381 0x7e, 0xdf, 0x86, 0x0f, 0x6d, 0xca, 0x5d, 0x36,
382 0x17, 0x22, 0x37, 0x42, 0x47, 0x41, 0x67, 0x7d,
383 0x99, 0x25, 0x02, 0x6b, 0x6b, 0x8f, 0x9c, 0x7f
384 }, ecb_key[] = {
385 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
386 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
387 };
388
389 static int
test_genaes_ecb(void)390 test_genaes_ecb(void)
391 {
392 struct lws_genaes_ctx ctx;
393 struct lws_gencrypto_keyelem e;
394 uint8_t res[32], res1[32];
395
396 /*
397 * As part of a jwk, these are allocated. But here we just use one as
398 * a wrapper on a static binary key.
399 */
400 e.buf = (uint8_t *)ecb_key;
401 e.len = sizeof(ecb_key);
402
403 if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_ECB, &e, 0, NULL)) {
404 lwsl_err("%s: lws_genaes_create failed\n", __func__);
405 return 1;
406 }
407
408 if (lws_genaes_crypt(&ctx, ecb, 16, res, NULL, NULL, NULL, 0)) {
409 lwsl_err("%s: lws_genaes_crypt failed\n", __func__);
410 goto bail;
411 }
412
413 if (lws_genaes_destroy(&ctx, NULL, 0)) {
414 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
415 return -1;
416 }
417
418 if (lws_timingsafe_bcmp(ecb_enc, res, 16)) {
419 lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__);
420 lwsl_hexdump_notice(res, 16);
421 return -1;
422 }
423
424 if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_ECB, &e, 0, NULL)) {
425 lwsl_err("%s: lws_genaes_create dec failed\n", __func__);
426 return -1;
427 }
428
429 if (lws_genaes_crypt(&ctx, res, 16, res1, NULL, NULL, NULL, 0)) {
430 lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__);
431 goto bail;
432 }
433
434 if (lws_genaes_destroy(&ctx, NULL, 0)) {
435 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
436 return -1;
437 }
438
439 if (lws_timingsafe_bcmp(ecb, res1, 16)) {
440 lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__);
441 lwsl_hexdump_notice(res, 16);
442 return -1;
443 }
444
445 return 0;
446
447 bail:
448 lws_genaes_destroy(&ctx, NULL, 0);
449
450 return -1;
451 }
452
453 #if defined(MBEDTLS_CONFIG_H) && !defined(MBEDTLS_CIPHER_MODE_OFB)
454 #else
455
456 static const uint8_t
457 /*
458 * produced with (plaintext.txt contains "test plaintext\0\0")
459 *
460 * openssl enc -aes-128-ofb \
461 * -K "0123456789abcdeffedcba98765432100123456789abcdeffedcba9876543210" \
462 * -iv "0123456789abcdeffedcba9876543210"
463 * -in plaintext.txt -out out.enc
464 *
465 */
466 *ofb = (uint8_t *)"test plaintext\0\0",
467 ofb_enc[] = {
468 /* !!! ugh... openssl app produces this... */
469 // 0xd2, 0x11, 0x86, 0xd7, 0xa9, 0x55, 0x59, 0x04,
470 // 0x4f, 0x63, 0x7c, 0xb9, 0xc6, 0xa1, 0xc9, 0x71,
471 /* but both OpenSSL and mbedTLS produce this */
472 0x11, 0x33, 0x6D, 0xFC, 0x88, 0x4C, 0x28, 0xBA,
473 0xD0, 0xF2, 0x6C, 0xBC, 0xDE, 0x4A, 0x56, 0x20
474 }, ofb_iv[] = {
475 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
476 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
477 }, ofb_key[] = {
478 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
479 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
480 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
481 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
482 }
483 ;
484
485 static int
test_genaes_ofb(void)486 test_genaes_ofb(void)
487 {
488 struct lws_genaes_ctx ctx;
489 struct lws_gencrypto_keyelem e;
490 uint8_t res[32], res1[32];
491 size_t iv_off = 0;
492
493 e.buf = (uint8_t *)ofb_key;
494 e.len = sizeof(ofb_key);
495
496 if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_OFB, &e, 0, NULL)) {
497 lwsl_err("%s: lws_genaes_create failed\n", __func__);
498 return 1;
499 }
500
501 if (lws_genaes_crypt(&ctx, ofb, 16, res, (uint8_t *)ofb_iv, NULL,
502 &iv_off, 0)) {
503 lwsl_err("%s: lws_genaes_crypt failed\n", __func__);
504 goto bail;
505 }
506
507 if (lws_genaes_destroy(&ctx, NULL, 0)) {
508 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
509 return -1;
510 }
511
512 if (lws_timingsafe_bcmp(ofb_enc, res, 16)) {
513 lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__);
514 lwsl_hexdump_notice(res, 16);
515 return -1;
516 }
517
518 iv_off = 0;
519
520 if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_OFB, &e, 0, NULL)) {
521 lwsl_err("%s: lws_genaes_create dec failed\n", __func__);
522 return -1;
523 }
524
525 if (lws_genaes_crypt(&ctx, res, 16, res1, (uint8_t *)ofb_iv, NULL,
526 &iv_off, 0)) {
527 lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__);
528 goto bail;
529 }
530
531 if (lws_genaes_destroy(&ctx, NULL, 0)) {
532 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
533 return -1;
534 }
535
536 if (lws_timingsafe_bcmp(ofb, res1, 16)) {
537 lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__);
538 lwsl_hexdump_notice(res, 16);
539 return -1;
540 }
541
542 return 0;
543
544 bail:
545 lws_genaes_destroy(&ctx, NULL, 0);
546
547 return -1;
548 }
549
550 #endif
551
552 #if defined(MBEDTLS_CONFIG_H) && !defined(MBEDTLS_CIPHER_MODE_XTS)
553 #else
554
555 static const uint8_t
556 /*
557 * Fedora openssl tool doesn't support xts... this data produced
558 * by testing on mbedtls + OpenSSL and getting the same result
559 *
560 * NOTICE that xts requires a double-length key... OpenSSL now checks
561 * the key for duplication so we use a random key
562 */
563 *xts = (uint8_t *)"test plaintext\0\0",
564 xts_enc[] = {
565 0x87, 0x83, 0x20, 0x8B, 0x15, 0x89, 0xA1, 0x13,
566 0xDC, 0xEA, 0x82, 0xB6, 0xFF, 0x8D, 0x76, 0x3A
567 }, xts_key[] = {
568 0xa4, 0xd6, 0xa2, 0x1a, 0x3b, 0x34, 0x34, 0x43,
569 0x9a, 0xe2, 0x6a, 0x01, 0x1c, 0x73, 0x80, 0x3b,
570 0xdd, 0xf6, 0xd4, 0x37, 0x5e, 0x0e, 0x1c, 0x72,
571 0x8e, 0xe5, 0x18, 0x69, 0xfd, 0x08, 0x40, 0x2b,
572 0x98, 0xf9, 0x75, 0xa8, 0x36, 0xd5, 0x0f, 0xa2,
573 0x20, 0x04, 0x43, 0xa7, 0x3a, 0xa6, 0x4a, 0xdc,
574 0xe9, 0x54, 0x50, 0xfa, 0x38, 0xad, 0x6d, 0x96,
575 0x5f, 0x31, 0x9e, 0xcd, 0x33, 0x08, 0xa0, 0x44
576 }
577 ;
578
579 static int
test_genaes_xts(void)580 test_genaes_xts(void)
581 {
582 struct lws_genaes_ctx ctx;
583 struct lws_gencrypto_keyelem e;
584 uint8_t res[32], res1[32], data_unit[16];
585
586 memset(data_unit, 0, sizeof(data_unit));
587
588 e.buf = (uint8_t *)xts_key;
589 e.len = sizeof(xts_key);
590
591 if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_XTS, &e, 0, NULL)) {
592 lwsl_err("%s: lws_genaes_create failed\n", __func__);
593 return 1;
594 }
595
596 if (lws_genaes_crypt(&ctx, xts, 16, res, data_unit, NULL, NULL, 0)) {
597 lwsl_err("%s: lws_genaes_crypt failed\n", __func__);
598 goto bail;
599 }
600
601 if (lws_genaes_destroy(&ctx, NULL, 0)) {
602 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
603 return -1;
604 }
605
606 if (lws_timingsafe_bcmp(xts_enc, res, 16)) {
607 lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__);
608 lwsl_hexdump_notice(res, 16);
609 return -1;
610 }
611
612 if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_XTS, &e, 0, NULL)) {
613 lwsl_err("%s: lws_genaes_create dec failed\n", __func__);
614 return -1;
615 }
616
617 if (lws_genaes_crypt(&ctx, res, 16, res1, data_unit, NULL, NULL, 0)) {
618 lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__);
619 goto bail;
620 }
621
622 if (lws_genaes_destroy(&ctx, NULL, 0)) {
623 lwsl_err("%s: lws_genaes_destroy failed\n", __func__);
624 return -1;
625 }
626
627 if (lws_timingsafe_bcmp(xts, res1, 16)) {
628 lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__);
629 lwsl_hexdump_notice(res, 16);
630 return -1;
631 }
632
633 return 0;
634
635 bail:
636 lws_genaes_destroy(&ctx, NULL, 0);
637
638 return -1;
639 }
640 #endif
641
642 static const uint8_t
643 /*
644 * https://csrc.nist.gov/CSRC/media/Projects/
645 * Cryptographic-Algorithm-Validation-Program/
646 * documents/mac/gcmtestvectors.zip
647 */
648
649 gcm_ct[] = {
650 0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c,
651 0xd5, 0x36, 0x86, 0x7e, 0xb9, 0xf2, 0x17, 0x36
652 }, gcm_iv[] = {
653 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0,
654 0xee, 0xd0, 0x66, 0x84
655 }, gcm_key[] = {
656 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92,
657 0x1c, 0x04, 0x65, 0x66, 0x5f, 0x8a, 0xe6, 0xd1,
658 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
659 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f
660 }, gcm_pt[] = {
661 0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e,
662 0xeb, 0x31, 0xb2, 0xea, 0xcc, 0x2b, 0xf2, 0xa5
663 }, gcm_aad[] = {
664 0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b,
665 0xdb, 0x37, 0x0c, 0x43, 0x7f, 0xec, 0x78, 0xde
666 }, gcm_tag[] = {
667 0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87,
668 0xd7, 0x37, 0xee, 0x62, 0x98, 0xf7, 0x7e, 0x0c
669 };
670
671 static int
test_genaes_gcm(void)672 test_genaes_gcm(void)
673 {
674 uint8_t res[sizeof(gcm_ct)], tag[sizeof(gcm_tag)];
675 struct lws_genaes_ctx ctx;
676 struct lws_gencrypto_keyelem e;
677 size_t iv_off = 0;
678
679 e.buf = (uint8_t *)gcm_key;
680 e.len = sizeof(gcm_key);
681
682 /* Encrypt */
683
684 if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_GCM, &e, 0, NULL)) {
685 lwsl_err("%s: lws_genaes_create failed\n", __func__);
686 return 1;
687 }
688
689 /* first we set the iv and aad */
690
691 iv_off = sizeof(gcm_iv);
692 if (lws_genaes_crypt(&ctx, gcm_aad, sizeof(gcm_aad), NULL,
693 (uint8_t *)gcm_iv, (uint8_t *)gcm_tag,
694 &iv_off, sizeof(gcm_tag))) {
695 lwsl_err("%s: lws_genaes_crypt 1 failed\n", __func__);
696 goto bail;
697 }
698
699 if (lws_genaes_crypt(&ctx, gcm_pt, sizeof(gcm_pt), res,
700 NULL, NULL, NULL, 0)) {
701 lwsl_err("%s: lws_genaes_crypt 2 failed\n", __func__);
702 goto bail;
703 }
704
705 if (lws_genaes_destroy(&ctx, tag, sizeof(tag))) {
706 lwsl_err("%s: lws_genaes_destroy enc failed\n", __func__);
707 return -1;
708 }
709
710 if (lws_timingsafe_bcmp(gcm_ct, res, sizeof(gcm_ct))) {
711 lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__);
712 lwsl_hexdump_notice(res, sizeof(gcm_ct));
713 return -1;
714 }
715
716
717 /* Decrypt */
718
719 if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_GCM, &e, 0, NULL)) {
720 lwsl_err("%s: lws_genaes_create failed\n", __func__);
721 return 1;
722 }
723
724 iv_off = sizeof(gcm_iv); /* initial call sets iv + aad + tag */
725 if (lws_genaes_crypt(&ctx, gcm_aad, sizeof(gcm_aad), NULL,
726 (uint8_t *)gcm_iv, (uint8_t *)gcm_tag,
727 &iv_off, sizeof(gcm_tag))) {
728 lwsl_err("%s: lws_genaes_crypt 1 failed\n", __func__);
729 goto bail;
730 }
731
732 if (lws_genaes_crypt(&ctx, gcm_ct, sizeof(gcm_ct), res,
733 NULL, NULL, NULL, 0)) {
734 lwsl_err("%s: lws_genaes_crypt 2 failed\n", __func__);
735 goto bail;
736 }
737
738 if (lws_genaes_destroy(&ctx, tag, sizeof(tag))) {
739 lwsl_err("%s: lws_genaes_destroy dec failed\n", __func__);
740 return -1;
741 }
742
743 if (lws_timingsafe_bcmp(gcm_pt, res, sizeof(gcm_pt))) {
744 lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__);
745 lwsl_hexdump_notice(res, sizeof(gcm_ct));
746 return -1;
747 }
748
749 return 0;
750
751 bail:
752 lws_genaes_destroy(&ctx, NULL, 0);
753
754 return -1;
755 }
756
757 int
test_genaes(struct lws_context * context)758 test_genaes(struct lws_context *context)
759 {
760
761 if (test_genaes_cbc())
762 goto bail;
763
764 if (test_genaes_cfb128())
765 goto bail;
766
767 if (test_genaes_cfb8())
768 goto bail;
769
770 if (test_genaes_ctr())
771 goto bail;
772
773 if (test_genaes_ecb())
774 goto bail;
775
776 #if defined(MBEDTLS_CONFIG_H) && !defined(MBEDTLS_CIPHER_MODE_OFB)
777 #else
778 if (test_genaes_ofb())
779 goto bail;
780 #endif
781
782 #if defined(MBEDTLS_CONFIG_H) && !defined(MBEDTLS_CIPHER_MODE_XTS)
783 #else
784 if (test_genaes_xts())
785 goto bail;
786 #endif
787
788 if (test_genaes_gcm())
789 goto bail;
790
791 /* end */
792
793 lwsl_notice("%s: selftest OK\n", __func__);
794
795 return 0;
796
797 bail:
798 lwsl_err("%s: selftest failed ++++++++++++++++++++\n", __func__);
799
800 return 1;
801 }
802