Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / boringssl / 8ff035535f7cf2903f02bbe94d2fa10b7ab855f1 / . / src / crypto / fipsmodule / aes / aes_test.cc
blob: 73ae2555d5a2154d8146d54dcf817986608ab8b1 [file] [log] [blame]
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame]1/* Copyright (c) 2015, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#include <stdio.h>
16#include <string.h>
17
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]18#include <memory>
19#include <vector>
20
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]21#include <gtest/gtest.h>
22
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame]23#include <openssl/aes.h>
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame]24
Robert Sloan572a4e22017-04-17 10:52:19 -0700[diff] [blame]25#include "../../internal.h"
26#include "../../test/file_test.h"
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]27#include "../../test/test_util.h"
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame]28
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]29
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]30static void TestRaw(FileTest *t) {
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]31 std::vector<uint8_t> key, plaintext, ciphertext;
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]32 ASSERT_TRUE(t->GetBytes(&key, "Key"));
33 ASSERT_TRUE(t->GetBytes(&plaintext, "Plaintext"));
34 ASSERT_TRUE(t->GetBytes(&ciphertext, "Ciphertext"));
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]35
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]36 ASSERT_EQ(static_cast<unsigned>(AES_BLOCK_SIZE), plaintext.size());
37 ASSERT_EQ(static_cast<unsigned>(AES_BLOCK_SIZE), ciphertext.size());
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]38
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame]39 AES_KEY aes_key;
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]40 ASSERT_EQ(0, AES_set_encrypt_key(key.data(), 8 * key.size(), &aes_key));
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame]41
42 // Test encryption.
43 uint8_t block[AES_BLOCK_SIZE];
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]44 AES_encrypt(plaintext.data(), block, &aes_key);
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]45 EXPECT_EQ(Bytes(ciphertext), Bytes(block));
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame]46
47 // Test in-place encryption.
Robert Sloan69939df2017-01-09 10:53:07 -0800[diff] [blame]48 OPENSSL_memcpy(block, plaintext.data(), AES_BLOCK_SIZE);
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame]49 AES_encrypt(block, block, &aes_key);
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]50 EXPECT_EQ(Bytes(ciphertext), Bytes(block));
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame]51
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]52 ASSERT_EQ(0, AES_set_decrypt_key(key.data(), 8 * key.size(), &aes_key));
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame]53
54 // Test decryption.
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]55 AES_decrypt(ciphertext.data(), block, &aes_key);
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]56 EXPECT_EQ(Bytes(plaintext), Bytes(block));
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame]57
58 // Test in-place decryption.
Robert Sloan69939df2017-01-09 10:53:07 -0800[diff] [blame]59 OPENSSL_memcpy(block, ciphertext.data(), AES_BLOCK_SIZE);
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame]60 AES_decrypt(block, block, &aes_key);
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]61 EXPECT_EQ(Bytes(plaintext), Bytes(block));
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame]62}
63
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]64static void TestKeyWrap(FileTest *t) {
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]65 // All test vectors use the default IV, so test both with implicit and
66 // explicit IV.
67 //
68 // TODO(davidben): Find test vectors that use a different IV.
69 static const uint8_t kDefaultIV[] = {
70 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6,
71 };
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame]72
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]73 std::vector<uint8_t> key, plaintext, ciphertext;
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]74 ASSERT_TRUE(t->GetBytes(&key, "Key"));
75 ASSERT_TRUE(t->GetBytes(&plaintext, "Plaintext"));
76 ASSERT_TRUE(t->GetBytes(&ciphertext, "Ciphertext"));
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame]77
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]78 ASSERT_EQ(plaintext.size() + 8, ciphertext.size())
79 << "Invalid Plaintext and Ciphertext lengths.";
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]80
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]81 // Test encryption.
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]82 AES_KEY aes_key;
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]83 ASSERT_EQ(0, AES_set_encrypt_key(key.data(), 8 * key.size(), &aes_key));
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]84
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]85 // Test with implicit IV.
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]86 std::unique_ptr<uint8_t[]> buf(new uint8_t[ciphertext.size()]);
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]87 int len = AES_wrap_key(&aes_key, nullptr /* iv */, buf.get(),
88 plaintext.data(), plaintext.size());
89 ASSERT_GE(len, 0);
90 EXPECT_EQ(Bytes(ciphertext), Bytes(buf.get(), static_cast<size_t>(len)));
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]91
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]92 // Test with explicit IV.
Robert Sloan69939df2017-01-09 10:53:07 -0800[diff] [blame]93 OPENSSL_memset(buf.get(), 0, ciphertext.size());
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]94 len = AES_wrap_key(&aes_key, kDefaultIV, buf.get(), plaintext.data(),
95 plaintext.size());
96 ASSERT_GE(len, 0);
97 EXPECT_EQ(Bytes(ciphertext), Bytes(buf.get(), static_cast<size_t>(len)));
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]98
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]99 // Test decryption.
100 ASSERT_EQ(0, AES_set_decrypt_key(key.data(), 8 * key.size(), &aes_key));
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]101
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]102 // Test with implicit IV.
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]103 buf.reset(new uint8_t[plaintext.size()]);
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]104 len = AES_unwrap_key(&aes_key, nullptr /* iv */, buf.get(), ciphertext.data(),
105 ciphertext.size());
106 ASSERT_GE(len, 0);
107 EXPECT_EQ(Bytes(plaintext), Bytes(buf.get(), static_cast<size_t>(len)));
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]108
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]109 // Test with explicit IV.
Robert Sloan69939df2017-01-09 10:53:07 -0800[diff] [blame]110 OPENSSL_memset(buf.get(), 0, plaintext.size());
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]111 len = AES_unwrap_key(&aes_key, kDefaultIV, buf.get(), ciphertext.data(),
112 ciphertext.size());
113 ASSERT_GE(len, 0);
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]114
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]115 // Test corrupted ciphertext.
Robert Sloan69939df2017-01-09 10:53:07 -0800[diff] [blame]116 ciphertext[0] ^= 1;
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]117 EXPECT_EQ(-1, AES_unwrap_key(&aes_key, nullptr /* iv */, buf.get(),
118 ciphertext.data(), ciphertext.size()));
Steven Valdezbb1ceac2016-10-07 10:34:51 -0400[diff] [blame]119}
120
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame^]121TEST(AESTest, TestVectors) {
122 FileTestGTest("crypto/fipsmodule/aes/aes_tests.txt", [](FileTest *t) {
123 if (t->GetParameter() == "Raw") {
124 TestRaw(t);
125 } else if (t->GetParameter() == "KeyWrap") {
126 TestKeyWrap(t);
127 } else {
128 ADD_FAILURE() << "Unknown mode " << t->GetParameter();
129 }
130 });
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame]131}