xref: /openbsd-src/regress/lib/libcrypto/aead/aeadtest.c (revision c1a45aed656e7d5627c30c92421893a76f370ccb) 
1 /*	$OpenBSD: aeadtest.c,v 1.13 2022/01/12 08:54:23 tb Exp $	*/
2 /* ====================================================================
3  * Copyright (c) 2011-2013 The OpenSSL Project.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  *
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in
14  *    the documentation and/or other materials provided with the
15  *    distribution.
16  *
17  * 3. All advertising materials mentioning features or use of this
18  *    software must display the following acknowledgment:
19  *    "This product includes software developed by the OpenSSL Project
20  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21  *
22  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23  *    endorse or promote products derived from this software without
24  *    prior written permission. For written permission, please contact
25  *    licensing@OpenSSL.org.
26  *
27  * 5. Products derived from this software may not be called "OpenSSL"
28  *    nor may "OpenSSL" appear in their names without prior written
29  *    permission of the OpenSSL Project.
30  *
31  * 6. Redistributions of any form whatsoever must retain the following
32  *    acknowledgment:
33  *    "This product includes software developed by the OpenSSL Project
34  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35  *
36  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
40  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47  * OF THE POSSIBILITY OF SUCH DAMAGE.
48  * ====================================================================
49  */
50 
51 #include <stdio.h>
52 #include <stdlib.h>
53 #include <string.h>
54 #include <stdint.h>
55 #include <unistd.h>
56 #include <ctype.h>
57 
58 #include <openssl/evp.h>
59 #include <openssl/err.h>
60 
61 /* This program tests an AEAD against a series of test vectors from a file. The
62  * test vector file consists of key-value lines where the key and value are
63  * separated by a colon and optional whitespace. The keys are listed in
64  * NAMES, below. The values are hex-encoded data.
65  *
66  * After a number of key-value lines, a blank line indicates the end of the
67  * test case.
68  *
69  * For example, here's a valid test case:
70  *
71  *   AEAD: chacha20-poly1305
72  *   KEY: bcb2639bf989c6251b29bf38d39a9bdce7c55f4b2ac12a39c8a37b5d0a5cc2b5
73  *   NONCE: 1e8b4c510f5ca083
74  *   IN: 8c8419bc27
75  *   AD: 34ab88c265
76  *   CT: 1a7c2f33f5
77  *   TAG: 2875c659d0f2808de3a40027feff91a4
78  */
79 
80 #define BUF_MAX 1024
81 
82 /* These are the different types of line that are found in the input file. */
83 enum {
84 	AEAD = 0,	/* name of the AEAD algorithm. */
85 	KEY,		/* hex encoded key. */
86 	NONCE,		/* hex encoded nonce. */
87 	IN,		/* hex encoded plaintext. */
88 	AD,		/* hex encoded additional data. */
89 	CT,		/* hex encoded ciphertext (not including the
90 			 * authenticator, which is next. */
91 	TAG,		/* hex encoded authenticator. */
92 	NUM_TYPES
93 };
94 
95 static const char NAMES[NUM_TYPES][6] = {
96 	"AEAD",
97 	"KEY",
98 	"NONCE",
99 	"IN",
100 	"AD",
101 	"CT",
102 	"TAG",
103 };
104 
105 static unsigned char
106 hex_digit(char h)
107 {
108 	if (h >= '0' && h <= '9')
109 		return h - '0';
110 	else if (h >= 'a' && h <= 'f')
111 		return h - 'a' + 10;
112 	else if (h >= 'A' && h <= 'F')
113 		return h - 'A' + 10;
114 	else
115 		return 16;
116 }
117 
118 static int
119 aead_from_name(const EVP_AEAD **aead, const char *name)
120 {
121 	*aead = NULL;
122 
123 	if (strcmp(name, "aes-128-gcm") == 0) {
124 #ifndef OPENSSL_NO_AES
125 		*aead = EVP_aead_aes_128_gcm();
126 #else
127 		fprintf(stderr, "No AES support.\n");
128 #endif
129 	} else if (strcmp(name, "aes-256-gcm") == 0) {
130 #ifndef OPENSSL_NO_AES
131 		*aead = EVP_aead_aes_256_gcm();
132 #else
133 		fprintf(stderr, "No AES support.\n");
134 #endif
135 	} else if (strcmp(name, "chacha20-poly1305") == 0) {
136 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
137 		*aead = EVP_aead_chacha20_poly1305();
138 #else
139 		fprintf(stderr, "No chacha20-poly1305 support.\n");
140 #endif
141 	} else if (strcmp(name, "xchacha20-poly1305") == 0) {
142 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
143 		*aead = EVP_aead_xchacha20_poly1305();
144 #else
145 		fprintf(stderr, "No xchacha20-poly1305 support.\n");
146 #endif
147 	} else {
148 		fprintf(stderr, "Unknown AEAD: %s\n", name);
149 		return -1;
150 	}
151 
152 	if (*aead == NULL)
153 		return 0;
154 
155 	return 1;
156 }
157 
158 static int
159 run_test_case(const EVP_AEAD* aead, unsigned char bufs[NUM_TYPES][BUF_MAX],
160     const unsigned int lengths[NUM_TYPES], unsigned int line_no)
161 {
162 	EVP_AEAD_CTX *ctx;
163 	unsigned char out[BUF_MAX + EVP_AEAD_MAX_TAG_LENGTH], out2[BUF_MAX];
164 	size_t out_len, out_len2;
165 	int ret = 0;
166 
167 	if ((ctx = EVP_AEAD_CTX_new()) == NULL) {
168 		fprintf(stderr, "Failed to allocate AEAD context on line %u\n",
169 		    line_no);
170 		goto err;
171 	}
172 
173 	if (!EVP_AEAD_CTX_init(ctx, aead, bufs[KEY], lengths[KEY],
174 	    lengths[TAG], NULL)) {
175 		fprintf(stderr, "Failed to init AEAD on line %u\n", line_no);
176 		goto err;
177 	}
178 
179 	if (!EVP_AEAD_CTX_seal(ctx, out, &out_len, sizeof(out), bufs[NONCE],
180 	    lengths[NONCE], bufs[IN], lengths[IN], bufs[AD], lengths[AD])) {
181 		fprintf(stderr, "Failed to run AEAD on line %u\n", line_no);
182 		goto err;
183 	}
184 
185 	if (out_len != lengths[CT] + lengths[TAG]) {
186 		fprintf(stderr, "Bad output length on line %u: %zu vs %u\n",
187 		    line_no, out_len, (unsigned)(lengths[CT] + lengths[TAG]));
188 		goto err;
189 	}
190 
191 	if (memcmp(out, bufs[CT], lengths[CT]) != 0) {
192 		fprintf(stderr, "Bad output on line %u\n", line_no);
193 		goto err;
194 	}
195 
196 	if (memcmp(out + lengths[CT], bufs[TAG], lengths[TAG]) != 0) {
197 		fprintf(stderr, "Bad tag on line %u\n", line_no);
198 		goto err;
199 	}
200 
201 	if (!EVP_AEAD_CTX_open(ctx, out2, &out_len2, lengths[IN], bufs[NONCE],
202 	    lengths[NONCE], out, out_len, bufs[AD], lengths[AD])) {
203 		fprintf(stderr, "Failed to decrypt on line %u\n", line_no);
204 		goto err;
205 	}
206 
207 	if (out_len2 != lengths[IN]) {
208 		fprintf(stderr, "Bad decrypt on line %u: %zu\n",
209 		    line_no, out_len2);
210 		goto err;
211 	}
212 
213 	if (memcmp(out2, bufs[IN], out_len2) != 0) {
214 		fprintf(stderr, "Plaintext mismatch on line %u\n", line_no);
215 		goto err;
216 	}
217 
218 	out[0] ^= 0x80;
219 	if (EVP_AEAD_CTX_open(ctx, out2, &out_len2, lengths[IN], bufs[NONCE],
220 	    lengths[NONCE], out, out_len, bufs[AD], lengths[AD])) {
221 		fprintf(stderr, "Decrypted bad data on line %u\n", line_no);
222 		goto err;
223 	}
224 
225 	ret = 1;
226 
227  err:
228 	EVP_AEAD_CTX_free(ctx);
229 
230 	return ret;
231 }
232 
233 int
234 main(int argc, char **argv)
235 {
236 	FILE *f;
237 	const EVP_AEAD *aead = NULL;
238 	unsigned int line_no = 0, num_tests = 0, j;
239 
240 	unsigned char bufs[NUM_TYPES][BUF_MAX];
241 	unsigned int lengths[NUM_TYPES];
242 
243 	if (argc != 2) {
244 		fprintf(stderr, "%s <test file.txt>\n", argv[0]);
245 		return 1;
246 	}
247 
248 	f = fopen(argv[1], "r");
249 	if (f == NULL) {
250 		perror("failed to open input");
251 		return 1;
252 	}
253 
254 	for (j = 0; j < NUM_TYPES; j++)
255 		lengths[j] = 0;
256 
257 	for (;;) {
258 		char line[4096];
259 		unsigned int i, type_len = 0;
260 
261 		unsigned char *buf = NULL;
262 		unsigned int *buf_len = NULL;
263 
264 		if (!fgets(line, sizeof(line), f))
265 			break;
266 
267 		line_no++;
268 		if (line[0] == '#')
269 			continue;
270 
271 		if (line[0] == '\n' || line[0] == 0) {
272 			/* Run a test, if possible. */
273 			char any_values_set = 0;
274 			for (j = 0; j < NUM_TYPES; j++) {
275 				if (lengths[j] != 0) {
276 					any_values_set = 1;
277 					break;
278 				}
279 			}
280 
281 			if (!any_values_set)
282 				continue;
283 
284 			switch (aead_from_name(&aead, bufs[AEAD])) {
285 			case 0:
286 				fprintf(stderr, "Skipping test...\n");
287 				continue;
288 			case -1:
289 				fprintf(stderr, "Aborting...\n");
290 				return 4;
291 			}
292 
293 			if (!run_test_case(aead, bufs, lengths, line_no))
294 				return 4;
295 
296 			for (j = 0; j < NUM_TYPES; j++)
297 				lengths[j] = 0;
298 
299 			num_tests++;
300 			continue;
301 		}
302 
303 		/* Each line looks like:
304 		 *   TYPE: 0123abc
305 		 * Where "TYPE" is the type of the data on the line,
306 		 * e.g. "KEY". */
307 		for (i = 0; line[i] != 0 && line[i] != '\n'; i++) {
308 			if (line[i] == ':') {
309 				type_len = i;
310 				break;
311 			}
312 		}
313 		i++;
314 
315 		if (type_len == 0) {
316 			fprintf(stderr, "Parse error on line %u\n", line_no);
317 			return 3;
318 		}
319 
320 		/* After the colon, there's optional whitespace. */
321 		for (; line[i] != 0 && line[i] != '\n'; i++) {
322 			if (line[i] != ' ' && line[i] != '\t')
323 				break;
324 		}
325 
326 		line[type_len] = 0;
327 		for (j = 0; j < NUM_TYPES; j++) {
328 			if (strcmp(line, NAMES[j]) != 0)
329 				continue;
330 			if (lengths[j] != 0) {
331 				fprintf(stderr, "Duplicate value on line %u\n",
332 				    line_no);
333 				return 3;
334 			}
335 			buf = bufs[j];
336 			buf_len = &lengths[j];
337 			break;
338 		}
339 
340 		if (buf == NULL) {
341 			fprintf(stderr, "Unknown line type on line %u\n",
342 			    line_no);
343 			return 3;
344 		}
345 
346 		if (j == AEAD) {
347 			*buf_len = strlcpy(buf, line + i, BUF_MAX);
348 			for (j = 0; j < BUF_MAX; j++) {
349 				if (buf[j] == '\n')
350 					buf[j] = '\0';
351 			}
352 			continue;
353 		}
354 
355 		for (j = 0; line[i] != 0 && line[i] != '\n'; i++) {
356 			unsigned char v, v2;
357 			v = hex_digit(line[i++]);
358 			if (line[i] == 0 || line[i] == '\n') {
359 				fprintf(stderr, "Odd-length hex data on "
360 				    "line %u\n", line_no);
361 				return 3;
362 			}
363 			v2 = hex_digit(line[i]);
364 			if (v > 15 || v2 > 15) {
365 				fprintf(stderr, "Invalid hex char on line %u\n",
366 				    line_no);
367 				return 3;
368 			}
369 			v <<= 4;
370 			v |= v2;
371 
372 			if (j == BUF_MAX) {
373 				fprintf(stderr, "Too much hex data on line %u "
374 				    "(max is %u bytes)\n",
375 				    line_no, (unsigned) BUF_MAX);
376 				return 3;
377 			}
378 			buf[j++] = v;
379 			*buf_len = *buf_len + 1;
380 		}
381 	}
382 
383 	printf("Completed %u test cases\n", num_tests);
384 	printf("PASS\n");
385 	fclose(f);
386 
387 	return 0;
388 }
389