xref: /openbsd-src/regress/lib/libcrypto/aead/aeadtest.c (revision f2da64fbbbf1b03f09f390ab01267c93dfd77c4c) 
1 /* ====================================================================
2  * Copyright (c) 2011-2013 The OpenSSL Project.  All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  *
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  *
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in
13  *    the documentation and/or other materials provided with the
14  *    distribution.
15  *
16  * 3. All advertising materials mentioning features or use of this
17  *    software must display the following acknowledgment:
18  *    "This product includes software developed by the OpenSSL Project
19  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
20  *
21  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22  *    endorse or promote products derived from this software without
23  *    prior written permission. For written permission, please contact
24  *    licensing@OpenSSL.org.
25  *
26  * 5. Products derived from this software may not be called "OpenSSL"
27  *    nor may "OpenSSL" appear in their names without prior written
28  *    permission of the OpenSSL Project.
29  *
30  * 6. Redistributions of any form whatsoever must retain the following
31  *    acknowledgment:
32  *    "This product includes software developed by the OpenSSL Project
33  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
34  *
35  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
39  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46  * OF THE POSSIBILITY OF SUCH DAMAGE.
47  * ====================================================================
48  */
49 
50 #include <stdio.h>
51 #include <stdlib.h>
52 #include <string.h>
53 #include <stdint.h>
54 
55 #include <openssl/evp.h>
56 
57 /* This program tests an AEAD against a series of test vectors from a file. The
58  * test vector file consists of key-value lines where the key and value are
59  * separated by a colon and optional whitespace. The keys are listed in
60  * NAMES, below. The values are hex-encoded data.
61  *
62  * After a number of key-value lines, a blank line indicates the end of the
63  * test case.
64  *
65  * For example, here's a valid test case:
66  *
67  *   AEAD: chacha20-poly1305
68  *   KEY: bcb2639bf989c6251b29bf38d39a9bdce7c55f4b2ac12a39c8a37b5d0a5cc2b5
69  *   NONCE: 1e8b4c510f5ca083
70  *   IN: 8c8419bc27
71  *   AD: 34ab88c265
72  *   CT: 1a7c2f33f5
73  *   TAG: 2875c659d0f2808de3a40027feff91a4
74  */
75 
76 #define BUF_MAX 1024
77 
78 /* These are the different types of line that are found in the input file. */
79 enum {
80 	AEAD = 0,	/* name of the AEAD algorithm. */
81 	KEY,		/* hex encoded key. */
82 	NONCE,		/* hex encoded nonce. */
83 	IN,		/* hex encoded plaintext. */
84 	AD,		/* hex encoded additional data. */
85 	CT,		/* hex encoded ciphertext (not including the
86 			 * authenticator, which is next. */
87 	TAG,		/* hex encoded authenticator. */
88 	NUM_TYPES
89 };
90 
91 static const char NAMES[NUM_TYPES][6] = {
92 	"AEAD",
93 	"KEY",
94 	"NONCE",
95 	"IN",
96 	"AD",
97 	"CT",
98 	"TAG",
99 };
100 
101 static unsigned char
102 hex_digit(char h)
103 {
104 	if (h >= '0' && h <= '9')
105 		return h - '0';
106 	else if (h >= 'a' && h <= 'f')
107 		return h - 'a' + 10;
108 	else if (h >= 'A' && h <= 'F')
109 		return h - 'A' + 10;
110 	else
111 		return 16;
112 }
113 
114 static int
115 aead_from_name(const EVP_AEAD **aead, const char *name)
116 {
117 	*aead = NULL;
118 
119 	if (strcmp(name, "aes-128-gcm") == 0) {
120 #ifndef OPENSSL_NO_AES
121 		*aead = EVP_aead_aes_128_gcm();
122 #else
123 		fprintf(stderr, "No AES support.\n");
124 #endif
125 	} else if (strcmp(name, "aes-256-gcm") == 0) {
126 #ifndef OPENSSL_NO_AES
127 		*aead = EVP_aead_aes_256_gcm();
128 #else
129 		fprintf(stderr, "No AES support.\n");
130 #endif
131 	} else if (strcmp(name, "chacha20-poly1305") == 0) {
132 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
133 		*aead = EVP_aead_chacha20_poly1305();
134 #else
135 		fprintf(stderr, "No chacha20-poly1305 support.\n");
136 #endif
137 	} else if (strcmp(name, "chacha20-poly1305-old") == 0) {
138 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
139 		*aead = EVP_aead_chacha20_poly1305_old();
140 #else
141 		fprintf(stderr, "No chacha20-poly1305-old support.\n");
142 #endif
143 	} else {
144 		fprintf(stderr, "Unknown AEAD: %s\n", name);
145 		return -1;
146 	}
147 
148 	if (*aead == NULL)
149 		return 0;
150 
151 	return 1;
152 }
153 
154 static int
155 run_test_case(const EVP_AEAD* aead, unsigned char bufs[NUM_TYPES][BUF_MAX],
156     const unsigned int lengths[NUM_TYPES], unsigned int line_no)
157 {
158 	EVP_AEAD_CTX ctx;
159 	unsigned char out[BUF_MAX + EVP_AEAD_MAX_TAG_LENGTH], out2[BUF_MAX];
160 	size_t out_len, out_len2;
161 
162 	if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY],
163 	    lengths[TAG], NULL)) {
164 		fprintf(stderr, "Failed to init AEAD on line %u\n", line_no);
165 		return 0;
166 	}
167 
168 	if (!EVP_AEAD_CTX_seal(&ctx, out, &out_len, sizeof(out), bufs[NONCE],
169 	    lengths[NONCE], bufs[IN], lengths[IN], bufs[AD], lengths[AD])) {
170 		fprintf(stderr, "Failed to run AEAD on line %u\n", line_no);
171 		return 0;
172 	}
173 
174 	if (out_len != lengths[CT] + lengths[TAG]) {
175 		fprintf(stderr, "Bad output length on line %u: %zu vs %u\n",
176 		    line_no, out_len, (unsigned)(lengths[CT] + lengths[TAG]));
177 		return 0;
178 	}
179 
180 	if (memcmp(out, bufs[CT], lengths[CT]) != 0) {
181 		fprintf(stderr, "Bad output on line %u\n", line_no);
182 		return 0;
183 	}
184 
185 	if (memcmp(out + lengths[CT], bufs[TAG], lengths[TAG]) != 0) {
186 		fprintf(stderr, "Bad tag on line %u\n", line_no);
187 		return 0;
188 	}
189 
190 	if (!EVP_AEAD_CTX_open(&ctx, out2, &out_len2, lengths[IN], bufs[NONCE],
191 	    lengths[NONCE], out, out_len, bufs[AD], lengths[AD])) {
192 		fprintf(stderr, "Failed to decrypt on line %u\n", line_no);
193 		return 0;
194 	}
195 
196 	if (out_len2 != lengths[IN]) {
197 		fprintf(stderr, "Bad decrypt on line %u: %zu\n",
198 		    line_no, out_len2);
199 		return 0;
200 	}
201 
202 	if (memcmp(out2, bufs[IN], out_len2) != 0) {
203 		fprintf(stderr, "Plaintext mismatch on line %u\n", line_no);
204 		return 0;
205 	}
206 
207 	out[0] ^= 0x80;
208 	if (EVP_AEAD_CTX_open(&ctx, out2, &out_len2, lengths[IN], bufs[NONCE],
209 	    lengths[NONCE], out, out_len, bufs[AD], lengths[AD])) {
210 		fprintf(stderr, "Decrypted bad data on line %u\n", line_no);
211 		return 0;
212 	}
213 
214 	EVP_AEAD_CTX_cleanup(&ctx);
215 	return 1;
216 }
217 
218 int
219 main(int argc, char **argv)
220 {
221 	FILE *f;
222 	const EVP_AEAD *aead = NULL;
223 	unsigned int line_no = 0, num_tests = 0, j;
224 
225 	unsigned char bufs[NUM_TYPES][BUF_MAX];
226 	unsigned int lengths[NUM_TYPES];
227 
228 	if (argc != 2) {
229 		fprintf(stderr, "%s <test file.txt>\n", argv[0]);
230 		return 1;
231 	}
232 
233 	f = fopen(argv[1], "r");
234 	if (f == NULL) {
235 		perror("failed to open input");
236 		return 1;
237 	}
238 
239 	for (j = 0; j < NUM_TYPES; j++)
240 		lengths[j] = 0;
241 
242 	for (;;) {
243 		char line[4096];
244 		unsigned int i, type_len = 0;
245 
246 		unsigned char *buf = NULL;
247 		unsigned int *buf_len = NULL;
248 
249 		if (!fgets(line, sizeof(line), f))
250 			break;
251 
252 		line_no++;
253 		if (line[0] == '#')
254 			continue;
255 
256 		if (line[0] == '\n' || line[0] == 0) {
257 			/* Run a test, if possible. */
258 			char any_values_set = 0;
259 			for (j = 0; j < NUM_TYPES; j++) {
260 				if (lengths[j] != 0) {
261 					any_values_set = 1;
262 					break;
263 				}
264 			}
265 
266 			if (!any_values_set)
267 				continue;
268 
269 			switch (aead_from_name(&aead, bufs[AEAD])) {
270 			case 0:
271 				fprintf(stderr, "Skipping test...\n");
272 				continue;
273 			case -1:
274 				fprintf(stderr, "Aborting...\n");
275 				return 4;
276 			}
277 
278 			if (!run_test_case(aead, bufs, lengths, line_no))
279 				return 4;
280 
281 			for (j = 0; j < NUM_TYPES; j++)
282 				lengths[j] = 0;
283 
284 			num_tests++;
285 			continue;
286 		}
287 
288 		/* Each line looks like:
289 		 *   TYPE: 0123abc
290 		 * Where "TYPE" is the type of the data on the line,
291 		 * e.g. "KEY". */
292 		for (i = 0; line[i] != 0 && line[i] != '\n'; i++) {
293 			if (line[i] == ':') {
294 				type_len = i;
295 				break;
296 			}
297 		}
298 		i++;
299 
300 		if (type_len == 0) {
301 			fprintf(stderr, "Parse error on line %u\n", line_no);
302 			return 3;
303 		}
304 
305 		/* After the colon, there's optional whitespace. */
306 		for (; line[i] != 0 && line[i] != '\n'; i++) {
307 			if (line[i] != ' ' && line[i] != '\t')
308 				break;
309 		}
310 
311 		line[type_len] = 0;
312 		for (j = 0; j < NUM_TYPES; j++) {
313 			if (strcmp(line, NAMES[j]) != 0)
314 				continue;
315 			if (lengths[j] != 0) {
316 				fprintf(stderr, "Duplicate value on line %u\n",
317 				    line_no);
318 				return 3;
319 			}
320 			buf = bufs[j];
321 			buf_len = &lengths[j];
322 			break;
323 		}
324 
325 		if (buf == NULL) {
326 			fprintf(stderr, "Unknown line type on line %u\n",
327 			    line_no);
328 			return 3;
329 		}
330 
331 		if (j == AEAD) {
332 			*buf_len = strlcpy(buf, line + i, BUF_MAX);
333 			for (j = 0; j < BUF_MAX; j++) {
334 				if (buf[j] == '\n')
335 					buf[j] = '\0';
336 			}
337 			continue;
338 		}
339 
340 		for (j = 0; line[i] != 0 && line[i] != '\n'; i++) {
341 			unsigned char v, v2;
342 			v = hex_digit(line[i++]);
343 			if (line[i] == 0 || line[i] == '\n') {
344 				fprintf(stderr, "Odd-length hex data on "
345 				    "line %u\n", line_no);
346 				return 3;
347 			}
348 			v2 = hex_digit(line[i]);
349 			if (v > 15 || v2 > 15) {
350 				fprintf(stderr, "Invalid hex char on line %u\n",
351 				    line_no);
352 				return 3;
353 			}
354 			v <<= 4;
355 			v |= v2;
356 
357 			if (j == BUF_MAX) {
358 				fprintf(stderr, "Too much hex data on line %u "
359 				    "(max is %u bytes)\n",
360 				    line_no, (unsigned) BUF_MAX);
361 				return 3;
362 			}
363 			buf[j++] = v;
364 			*buf_len = *buf_len + 1;
365 		}
366 	}
367 
368 	printf("Completed %u test cases\n", num_tests);
369 	printf("PASS\n");
370 	fclose(f);
371 
372 	return 0;
373 }
374