1 /* Copyright (c) 2017, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 // cavp_aes_gcm_test processes a NIST CAVP AES GCM test vector request file and
16 // emits the corresponding response.
17
18 #include <stdlib.h>
19
20 #include <openssl/aead.h>
21 #include <openssl/cipher.h>
22 #include <openssl/crypto.h>
23 #include <openssl/err.h>
24
25 #include "../crypto/test/file_test.h"
26 #include "../crypto/test/test_util.h"
27 #include "cavp_test_util.h"
28
29
30 namespace {
31
32 struct TestCtx {
33 const EVP_AEAD *aead;
34 };
35
36 }
37
GetAEAD(const std::string & name,const bool enc)38 static const EVP_AEAD *GetAEAD(const std::string &name, const bool enc) {
39 if (name == "aes-128-gcm") {
40 return EVP_aead_aes_128_gcm();
41 } else if (name == "aes-192-gcm") {
42 return EVP_aead_aes_192_gcm();
43 } else if (name == "aes-256-gcm") {
44 return EVP_aead_aes_256_gcm();
45 }
46 return nullptr;
47 }
48
TestAEADEncrypt(FileTest * t,void * arg)49 static bool TestAEADEncrypt(FileTest *t, void *arg) {
50 TestCtx *ctx = reinterpret_cast<TestCtx *>(arg);
51
52 std::string key_len_str, iv_len_str, pt_len_str, aad_len_str, tag_len_str;
53 if (!t->GetInstruction(&key_len_str, "Keylen") ||
54 !t->GetInstruction(&iv_len_str, "IVlen") ||
55 !t->GetInstruction(&pt_len_str, "PTlen") ||
56 !t->GetInstruction(&aad_len_str, "AADlen") ||
57 !t->GetInstruction(&tag_len_str, "Taglen")) {
58 return false;
59 }
60
61 std::string count;
62 std::vector<uint8_t> key, iv, pt, aad, tag, ct;
63 if (!t->GetAttribute(&count, "Count") ||
64 !t->GetBytes(&key, "Key") ||
65 !t->GetBytes(&iv, "IV") ||
66 !t->GetBytes(&pt, "PT") ||
67 !t->GetBytes(&aad, "AAD") ||
68 key.size() * 8 != strtoul(key_len_str.c_str(), nullptr, 0) ||
69 iv.size() * 8 != strtoul(iv_len_str.c_str(), nullptr, 0) ||
70 pt.size() * 8 != strtoul(pt_len_str.c_str(), nullptr, 0) ||
71 aad.size() * 8 != strtoul(aad_len_str.c_str(), nullptr, 0) ||
72 iv.size() != 12) {
73 return false;
74 }
75
76 const size_t tag_len = strtoul(tag_len_str.c_str(), nullptr, 0) / 8;
77 if (!AEADEncrypt(ctx->aead, &ct, &tag, tag_len, key, pt, aad, iv)) {
78 return false;
79 }
80 printf("%s", t->CurrentTestToString().c_str());
81 printf("CT = %s\r\n", EncodeHex(ct).c_str());
82 printf("Tag = %s\r\n\r\n", EncodeHex(tag).c_str());
83
84 return true;
85 }
86
TestAEADDecrypt(FileTest * t,void * arg)87 static bool TestAEADDecrypt(FileTest *t, void *arg) {
88 TestCtx *ctx = reinterpret_cast<TestCtx *>(arg);
89
90 std::string key_len, iv_len, pt_len_str, aad_len_str, tag_len;
91 if (!t->GetInstruction(&key_len, "Keylen") ||
92 !t->GetInstruction(&iv_len, "IVlen") ||
93 !t->GetInstruction(&pt_len_str, "PTlen") ||
94 !t->GetInstruction(&aad_len_str, "AADlen") ||
95 !t->GetInstruction(&tag_len, "Taglen")) {
96 t->PrintLine("Invalid instruction block.");
97 return false;
98 }
99 size_t aad_len = strtoul(aad_len_str.c_str(), nullptr, 0) / 8;
100 size_t pt_len = strtoul(pt_len_str.c_str(), nullptr, 0) / 8;
101
102 std::string count;
103 std::vector<uint8_t> key, iv, ct, aad, tag, pt;
104 if (!t->GetAttribute(&count, "Count") ||
105 !t->GetBytes(&key, "Key") ||
106 !t->GetBytes(&aad, "AAD") ||
107 !t->GetBytes(&tag, "Tag") ||
108 !t->GetBytes(&iv, "IV") ||
109 !t->GetBytes(&ct, "CT") ||
110 key.size() * 8 != strtoul(key_len.c_str(), nullptr, 0) ||
111 iv.size() * 8 != strtoul(iv_len.c_str(), nullptr, 0) ||
112 ct.size() != pt_len ||
113 aad.size() != aad_len ||
114 tag.size() * 8 != strtoul(tag_len.c_str(), nullptr, 0)) {
115 t->PrintLine("Invalid test case");
116 return false;
117 }
118
119 printf("%s", t->CurrentTestToString().c_str());
120 bool aead_result =
121 AEADDecrypt(ctx->aead, &pt, pt_len, key, aad, ct, tag, iv);
122 if (aead_result) {
123 printf("PT = %s\r\n\r\n", EncodeHex(pt).c_str());
124 } else {
125 printf("FAIL\r\n\r\n");
126 }
127
128 return true;
129 }
130
usage(char * arg)131 static int usage(char *arg) {
132 fprintf(stderr, "usage: %s (enc|dec) <cipher> <test file>\n", arg);
133 return 1;
134 }
135
cavp_aes_gcm_test_main(int argc,char ** argv)136 int cavp_aes_gcm_test_main(int argc, char **argv) {
137 if (argc != 4) {
138 return usage(argv[0]);
139 }
140
141 const std::string mode(argv[1]);
142 bool (*test_fn)(FileTest * t, void *arg);
143 if (mode == "enc") {
144 test_fn = &TestAEADEncrypt;
145 } else if (mode == "dec") {
146 test_fn = &TestAEADDecrypt;
147 } else {
148 return usage(argv[0]);
149 }
150
151 const EVP_AEAD *aead = GetAEAD(argv[2], mode == "enc");
152 if (aead == nullptr) {
153 fprintf(stderr, "invalid aead: %s\n", argv[2]);
154 return 1;
155 }
156
157 TestCtx ctx = {aead};
158
159 FileTest::Options opts;
160 opts.path = argv[3];
161 opts.callback = test_fn;
162 opts.arg = &ctx;
163 opts.silent = true;
164 opts.comment_callback = EchoComment;
165 return FileTestMain(opts);
166 }
167