Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 1 | /* Copyright (c) 2015, Google Inc. |
| 2 | * |
| 3 | * Permission to use, copy, modify, and/or distribute this software for any |
| 4 | * purpose with or without fee is hereby granted, provided that the above |
| 5 | * copyright notice and this permission notice appear in all copies. |
| 6 | * |
| 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY |
| 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION |
| 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN |
| 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ |
| 14 | |
| 15 | #include <stdio.h> |
| 16 | #include <string.h> |
| 17 | |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 18 | #include <memory> |
| 19 | #include <vector> |
| 20 | |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 21 | #include <gtest/gtest.h> |
| 22 | |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 23 | #include <openssl/aes.h> |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 24 | |
Robert Sloan | 572a4e2 | 2017-04-17 10:52:19 -0700 | [diff] [blame] | 25 | #include "../../internal.h" |
| 26 | #include "../../test/file_test.h" |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 27 | #include "../../test/test_util.h" |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 28 | |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 29 | |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 30 | static void TestRaw(FileTest *t) { |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 31 | std::vector<uint8_t> key, plaintext, ciphertext; |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 32 | ASSERT_TRUE(t->GetBytes(&key, "Key")); |
| 33 | ASSERT_TRUE(t->GetBytes(&plaintext, "Plaintext")); |
| 34 | ASSERT_TRUE(t->GetBytes(&ciphertext, "Ciphertext")); |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 35 | |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 36 | ASSERT_EQ(static_cast<unsigned>(AES_BLOCK_SIZE), plaintext.size()); |
| 37 | ASSERT_EQ(static_cast<unsigned>(AES_BLOCK_SIZE), ciphertext.size()); |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 38 | |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 39 | AES_KEY aes_key; |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 40 | ASSERT_EQ(0, AES_set_encrypt_key(key.data(), 8 * key.size(), &aes_key)); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 41 | |
| 42 | // Test encryption. |
| 43 | uint8_t block[AES_BLOCK_SIZE]; |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 44 | AES_encrypt(plaintext.data(), block, &aes_key); |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 45 | EXPECT_EQ(Bytes(ciphertext), Bytes(block)); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 46 | |
| 47 | // Test in-place encryption. |
Robert Sloan | 69939df | 2017-01-09 10:53:07 -0800 | [diff] [blame] | 48 | OPENSSL_memcpy(block, plaintext.data(), AES_BLOCK_SIZE); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 49 | AES_encrypt(block, block, &aes_key); |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 50 | EXPECT_EQ(Bytes(ciphertext), Bytes(block)); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 51 | |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 52 | ASSERT_EQ(0, AES_set_decrypt_key(key.data(), 8 * key.size(), &aes_key)); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 53 | |
| 54 | // Test decryption. |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 55 | AES_decrypt(ciphertext.data(), block, &aes_key); |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 56 | EXPECT_EQ(Bytes(plaintext), Bytes(block)); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 57 | |
| 58 | // Test in-place decryption. |
Robert Sloan | 69939df | 2017-01-09 10:53:07 -0800 | [diff] [blame] | 59 | OPENSSL_memcpy(block, ciphertext.data(), AES_BLOCK_SIZE); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 60 | AES_decrypt(block, block, &aes_key); |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 61 | EXPECT_EQ(Bytes(plaintext), Bytes(block)); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 62 | } |
| 63 | |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 64 | static void TestKeyWrap(FileTest *t) { |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 65 | // All test vectors use the default IV, so test both with implicit and |
| 66 | // explicit IV. |
| 67 | // |
| 68 | // TODO(davidben): Find test vectors that use a different IV. |
| 69 | static const uint8_t kDefaultIV[] = { |
| 70 | 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, |
| 71 | }; |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 72 | |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 73 | std::vector<uint8_t> key, plaintext, ciphertext; |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 74 | ASSERT_TRUE(t->GetBytes(&key, "Key")); |
| 75 | ASSERT_TRUE(t->GetBytes(&plaintext, "Plaintext")); |
| 76 | ASSERT_TRUE(t->GetBytes(&ciphertext, "Ciphertext")); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 77 | |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 78 | ASSERT_EQ(plaintext.size() + 8, ciphertext.size()) |
| 79 | << "Invalid Plaintext and Ciphertext lengths."; |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 80 | |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 81 | // Test encryption. |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 82 | AES_KEY aes_key; |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 83 | ASSERT_EQ(0, AES_set_encrypt_key(key.data(), 8 * key.size(), &aes_key)); |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 84 | |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 85 | // Test with implicit IV. |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 86 | std::unique_ptr<uint8_t[]> buf(new uint8_t[ciphertext.size()]); |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 87 | int len = AES_wrap_key(&aes_key, nullptr /* iv */, buf.get(), |
| 88 | plaintext.data(), plaintext.size()); |
| 89 | ASSERT_GE(len, 0); |
| 90 | EXPECT_EQ(Bytes(ciphertext), Bytes(buf.get(), static_cast<size_t>(len))); |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 91 | |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 92 | // Test with explicit IV. |
Robert Sloan | 69939df | 2017-01-09 10:53:07 -0800 | [diff] [blame] | 93 | OPENSSL_memset(buf.get(), 0, ciphertext.size()); |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 94 | len = AES_wrap_key(&aes_key, kDefaultIV, buf.get(), plaintext.data(), |
| 95 | plaintext.size()); |
| 96 | ASSERT_GE(len, 0); |
| 97 | EXPECT_EQ(Bytes(ciphertext), Bytes(buf.get(), static_cast<size_t>(len))); |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 98 | |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 99 | // Test decryption. |
| 100 | ASSERT_EQ(0, AES_set_decrypt_key(key.data(), 8 * key.size(), &aes_key)); |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 101 | |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 102 | // Test with implicit IV. |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 103 | buf.reset(new uint8_t[plaintext.size()]); |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 104 | len = AES_unwrap_key(&aes_key, nullptr /* iv */, buf.get(), ciphertext.data(), |
| 105 | ciphertext.size()); |
| 106 | ASSERT_GE(len, 0); |
| 107 | EXPECT_EQ(Bytes(plaintext), Bytes(buf.get(), static_cast<size_t>(len))); |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 108 | |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 109 | // Test with explicit IV. |
Robert Sloan | 69939df | 2017-01-09 10:53:07 -0800 | [diff] [blame] | 110 | OPENSSL_memset(buf.get(), 0, plaintext.size()); |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 111 | len = AES_unwrap_key(&aes_key, kDefaultIV, buf.get(), ciphertext.data(), |
| 112 | ciphertext.size()); |
| 113 | ASSERT_GE(len, 0); |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 114 | |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 115 | // Test corrupted ciphertext. |
Robert Sloan | 69939df | 2017-01-09 10:53:07 -0800 | [diff] [blame] | 116 | ciphertext[0] ^= 1; |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 117 | EXPECT_EQ(-1, AES_unwrap_key(&aes_key, nullptr /* iv */, buf.get(), |
| 118 | ciphertext.data(), ciphertext.size())); |
Steven Valdez | bb1ceac | 2016-10-07 10:34:51 -0400 | [diff] [blame] | 119 | } |
| 120 | |
Robert Sloan | 8ff0355 | 2017-06-14 12:40:58 -0700 | [diff] [blame^] | 121 | TEST(AESTest, TestVectors) { |
| 122 | FileTestGTest("crypto/fipsmodule/aes/aes_tests.txt", [](FileTest *t) { |
| 123 | if (t->GetParameter() == "Raw") { |
| 124 | TestRaw(t); |
| 125 | } else if (t->GetParameter() == "KeyWrap") { |
| 126 | TestKeyWrap(t); |
| 127 | } else { |
| 128 | ADD_FAILURE() << "Unknown mode " << t->GetParameter(); |
| 129 | } |
| 130 | }); |
Kenny Root | b849459 | 2015-09-25 02:29:14 +0000 | [diff] [blame] | 131 | } |