]>
Commit | Line | Data |
---|---|---|
ca38a4cc DB |
1 | /* |
2 | * QEMU Crypto cipher algorithms | |
3 | * | |
4 | * Copyright (c) 2015 Red Hat, Inc. | |
5 | * | |
6 | * This library is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU Lesser General Public | |
8 | * License as published by the Free Software Foundation; either | |
9 | * version 2 of the License, or (at your option) any later version. | |
10 | * | |
11 | * This library is distributed in the hope that it will be useful, | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | * Lesser General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU Lesser General Public | |
17 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. | |
18 | * | |
19 | */ | |
20 | ||
681c28a3 | 21 | #include "qemu/osdep.h" |
ca38a4cc DB |
22 | #include <glib.h> |
23 | ||
24 | #include "crypto/init.h" | |
25 | #include "crypto/cipher.h" | |
26 | ||
27 | typedef struct QCryptoCipherTestData QCryptoCipherTestData; | |
28 | struct QCryptoCipherTestData { | |
29 | const char *path; | |
30 | QCryptoCipherAlgorithm alg; | |
31 | QCryptoCipherMode mode; | |
32 | const char *key; | |
33 | const char *plaintext; | |
34 | const char *ciphertext; | |
35 | const char *iv; | |
36 | }; | |
37 | ||
38 | /* AES test data comes from appendix F of: | |
39 | * | |
40 | * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf | |
41 | */ | |
42 | static QCryptoCipherTestData test_data[] = { | |
43 | { | |
44 | /* NIST F.1.1 ECB-AES128.Encrypt */ | |
45 | .path = "/crypto/cipher/aes-ecb-128", | |
46 | .alg = QCRYPTO_CIPHER_ALG_AES_128, | |
47 | .mode = QCRYPTO_CIPHER_MODE_ECB, | |
48 | .key = "2b7e151628aed2a6abf7158809cf4f3c", | |
49 | .plaintext = | |
50 | "6bc1bee22e409f96e93d7e117393172a" | |
51 | "ae2d8a571e03ac9c9eb76fac45af8e51" | |
52 | "30c81c46a35ce411e5fbc1191a0a52ef" | |
53 | "f69f2445df4f9b17ad2b417be66c3710", | |
54 | .ciphertext = | |
55 | "3ad77bb40d7a3660a89ecaf32466ef97" | |
56 | "f5d3d58503b9699de785895a96fdbaaf" | |
57 | "43b1cd7f598ece23881b00e3ed030688" | |
58 | "7b0c785e27e8ad3f8223207104725dd4" | |
59 | }, | |
60 | { | |
61 | /* NIST F.1.3 ECB-AES192.Encrypt */ | |
62 | .path = "/crypto/cipher/aes-ecb-192", | |
63 | .alg = QCRYPTO_CIPHER_ALG_AES_192, | |
64 | .mode = QCRYPTO_CIPHER_MODE_ECB, | |
65 | .key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", | |
66 | .plaintext = | |
67 | "6bc1bee22e409f96e93d7e117393172a" | |
68 | "ae2d8a571e03ac9c9eb76fac45af8e51" | |
69 | "30c81c46a35ce411e5fbc1191a0a52ef" | |
70 | "f69f2445df4f9b17ad2b417be66c3710", | |
71 | .ciphertext = | |
72 | "bd334f1d6e45f25ff712a214571fa5cc" | |
73 | "974104846d0ad3ad7734ecb3ecee4eef" | |
74 | "ef7afd2270e2e60adce0ba2face6444e" | |
75 | "9a4b41ba738d6c72fb16691603c18e0e" | |
76 | }, | |
77 | { | |
78 | /* NIST F.1.5 ECB-AES256.Encrypt */ | |
79 | .path = "/crypto/cipher/aes-ecb-256", | |
80 | .alg = QCRYPTO_CIPHER_ALG_AES_256, | |
81 | .mode = QCRYPTO_CIPHER_MODE_ECB, | |
82 | .key = | |
83 | "603deb1015ca71be2b73aef0857d7781" | |
84 | "1f352c073b6108d72d9810a30914dff4", | |
85 | .plaintext = | |
86 | "6bc1bee22e409f96e93d7e117393172a" | |
87 | "ae2d8a571e03ac9c9eb76fac45af8e51" | |
88 | "30c81c46a35ce411e5fbc1191a0a52ef" | |
89 | "f69f2445df4f9b17ad2b417be66c3710", | |
90 | .ciphertext = | |
91 | "f3eed1bdb5d2a03c064b5a7e3db181f8" | |
92 | "591ccb10d410ed26dc5ba74a31362870" | |
93 | "b6ed21b99ca6f4f9f153e7b1beafed1d" | |
94 | "23304b7a39f9f3ff067d8d8f9e24ecc7", | |
95 | }, | |
96 | { | |
97 | /* NIST F.2.1 CBC-AES128.Encrypt */ | |
98 | .path = "/crypto/cipher/aes-cbc-128", | |
99 | .alg = QCRYPTO_CIPHER_ALG_AES_128, | |
100 | .mode = QCRYPTO_CIPHER_MODE_CBC, | |
101 | .key = "2b7e151628aed2a6abf7158809cf4f3c", | |
102 | .iv = "000102030405060708090a0b0c0d0e0f", | |
103 | .plaintext = | |
104 | "6bc1bee22e409f96e93d7e117393172a" | |
105 | "ae2d8a571e03ac9c9eb76fac45af8e51" | |
106 | "30c81c46a35ce411e5fbc1191a0a52ef" | |
107 | "f69f2445df4f9b17ad2b417be66c3710", | |
108 | .ciphertext = | |
109 | "7649abac8119b246cee98e9b12e9197d" | |
110 | "5086cb9b507219ee95db113a917678b2" | |
111 | "73bed6b8e3c1743b7116e69e22229516" | |
112 | "3ff1caa1681fac09120eca307586e1a7", | |
113 | }, | |
114 | { | |
115 | /* NIST F.2.3 CBC-AES128.Encrypt */ | |
116 | .path = "/crypto/cipher/aes-cbc-192", | |
117 | .alg = QCRYPTO_CIPHER_ALG_AES_192, | |
118 | .mode = QCRYPTO_CIPHER_MODE_CBC, | |
119 | .key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", | |
120 | .iv = "000102030405060708090a0b0c0d0e0f", | |
121 | .plaintext = | |
122 | "6bc1bee22e409f96e93d7e117393172a" | |
123 | "ae2d8a571e03ac9c9eb76fac45af8e51" | |
124 | "30c81c46a35ce411e5fbc1191a0a52ef" | |
125 | "f69f2445df4f9b17ad2b417be66c3710", | |
126 | .ciphertext = | |
127 | "4f021db243bc633d7178183a9fa071e8" | |
128 | "b4d9ada9ad7dedf4e5e738763f69145a" | |
129 | "571b242012fb7ae07fa9baac3df102e0" | |
130 | "08b0e27988598881d920a9e64f5615cd", | |
131 | }, | |
132 | { | |
133 | /* NIST F.2.5 CBC-AES128.Encrypt */ | |
134 | .path = "/crypto/cipher/aes-cbc-256", | |
135 | .alg = QCRYPTO_CIPHER_ALG_AES_256, | |
136 | .mode = QCRYPTO_CIPHER_MODE_CBC, | |
137 | .key = | |
138 | "603deb1015ca71be2b73aef0857d7781" | |
139 | "1f352c073b6108d72d9810a30914dff4", | |
140 | .iv = "000102030405060708090a0b0c0d0e0f", | |
141 | .plaintext = | |
142 | "6bc1bee22e409f96e93d7e117393172a" | |
143 | "ae2d8a571e03ac9c9eb76fac45af8e51" | |
144 | "30c81c46a35ce411e5fbc1191a0a52ef" | |
145 | "f69f2445df4f9b17ad2b417be66c3710", | |
146 | .ciphertext = | |
147 | "f58c4c04d6e5f1ba779eabfb5f7bfbd6" | |
148 | "9cfc4e967edb808d679f777bc6702c7d" | |
149 | "39f23369a9d9bacfa530e26304231461" | |
150 | "b2eb05e2c39be9fcda6c19078c6a9d1b", | |
151 | }, | |
152 | { | |
153 | .path = "/crypto/cipher/des-rfb-ecb-56", | |
154 | .alg = QCRYPTO_CIPHER_ALG_DES_RFB, | |
155 | .mode = QCRYPTO_CIPHER_MODE_ECB, | |
156 | .key = "0123456789abcdef", | |
157 | .plaintext = | |
158 | "6bc1bee22e409f96e93d7e117393172a" | |
159 | "ae2d8a571e03ac9c9eb76fac45af8e51" | |
160 | "30c81c46a35ce411e5fbc1191a0a52ef" | |
161 | "f69f2445df4f9b17ad2b417be66c3710", | |
162 | .ciphertext = | |
163 | "8f346aaf64eaf24040720d80648c52e7" | |
164 | "aefc616be53ab1a3d301e69d91e01838" | |
165 | "ffd29f1bb5596ad94ea2d8e6196b7f09" | |
166 | "30d8ed0bf2773af36dd82a6280c20926", | |
167 | }, | |
084a85ee DB |
168 | { |
169 | /* RFC 2144, Appendix B.1 */ | |
170 | .path = "/crypto/cipher/cast5-128", | |
171 | .alg = QCRYPTO_CIPHER_ALG_CAST5_128, | |
172 | .mode = QCRYPTO_CIPHER_MODE_ECB, | |
173 | .key = "0123456712345678234567893456789A", | |
174 | .plaintext = "0123456789abcdef", | |
175 | .ciphertext = "238b4fe5847e44b2", | |
176 | }, | |
ca38a4cc DB |
177 | }; |
178 | ||
179 | ||
180 | static inline int unhex(char c) | |
181 | { | |
182 | if (c >= 'a' && c <= 'f') { | |
183 | return 10 + (c - 'a'); | |
184 | } | |
185 | if (c >= 'A' && c <= 'F') { | |
186 | return 10 + (c - 'A'); | |
187 | } | |
188 | return c - '0'; | |
189 | } | |
190 | ||
191 | static inline char hex(int i) | |
192 | { | |
193 | if (i < 10) { | |
194 | return '0' + i; | |
195 | } | |
196 | return 'a' + (i - 10); | |
197 | } | |
198 | ||
199 | static size_t unhex_string(const char *hexstr, | |
200 | uint8_t **data) | |
201 | { | |
202 | size_t len; | |
203 | size_t i; | |
204 | ||
205 | if (!hexstr) { | |
206 | *data = NULL; | |
207 | return 0; | |
208 | } | |
209 | ||
210 | len = strlen(hexstr); | |
211 | *data = g_new0(uint8_t, len / 2); | |
212 | ||
213 | for (i = 0; i < len; i += 2) { | |
214 | (*data)[i/2] = (unhex(hexstr[i]) << 4) | unhex(hexstr[i+1]); | |
215 | } | |
216 | return len / 2; | |
217 | } | |
218 | ||
219 | static char *hex_string(const uint8_t *bytes, | |
220 | size_t len) | |
221 | { | |
222 | char *hexstr = g_new0(char, len * 2 + 1); | |
223 | size_t i; | |
224 | ||
225 | for (i = 0; i < len; i++) { | |
226 | hexstr[i*2] = hex((bytes[i] >> 4) & 0xf); | |
227 | hexstr[i*2+1] = hex(bytes[i] & 0xf); | |
228 | } | |
229 | hexstr[len*2] = '\0'; | |
230 | ||
231 | return hexstr; | |
232 | } | |
233 | ||
234 | static void test_cipher(const void *opaque) | |
235 | { | |
236 | const QCryptoCipherTestData *data = opaque; | |
237 | ||
238 | QCryptoCipher *cipher; | |
ca38a4cc DB |
239 | uint8_t *key, *iv, *ciphertext, *plaintext, *outtext; |
240 | size_t nkey, niv, nciphertext, nplaintext; | |
241 | char *outtexthex; | |
dd2bf9eb | 242 | size_t ivsize, keysize, blocksize; |
ca38a4cc | 243 | |
ca38a4cc DB |
244 | nkey = unhex_string(data->key, &key); |
245 | niv = unhex_string(data->iv, &iv); | |
246 | nciphertext = unhex_string(data->ciphertext, &ciphertext); | |
247 | nplaintext = unhex_string(data->plaintext, &plaintext); | |
248 | ||
249 | g_assert(nciphertext == nplaintext); | |
250 | ||
251 | outtext = g_new0(uint8_t, nciphertext); | |
252 | ||
253 | cipher = qcrypto_cipher_new( | |
254 | data->alg, data->mode, | |
255 | key, nkey, | |
019c2ab8 | 256 | &error_abort); |
ca38a4cc | 257 | g_assert(cipher != NULL); |
ca38a4cc | 258 | |
dd2bf9eb DB |
259 | keysize = qcrypto_cipher_get_key_len(data->alg); |
260 | blocksize = qcrypto_cipher_get_block_len(data->alg); | |
261 | ivsize = qcrypto_cipher_get_iv_len(data->alg, data->mode); | |
262 | ||
263 | g_assert_cmpint(keysize, ==, nkey); | |
264 | g_assert_cmpint(ivsize, ==, niv); | |
265 | if (niv) { | |
266 | g_assert_cmpint(blocksize, ==, niv); | |
267 | } | |
ca38a4cc DB |
268 | |
269 | if (iv) { | |
270 | g_assert(qcrypto_cipher_setiv(cipher, | |
271 | iv, niv, | |
019c2ab8 | 272 | &error_abort) == 0); |
ca38a4cc DB |
273 | } |
274 | g_assert(qcrypto_cipher_encrypt(cipher, | |
275 | plaintext, | |
276 | outtext, | |
277 | nplaintext, | |
019c2ab8 | 278 | &error_abort) == 0); |
ca38a4cc DB |
279 | |
280 | outtexthex = hex_string(outtext, nciphertext); | |
281 | ||
282 | g_assert_cmpstr(outtexthex, ==, data->ciphertext); | |
283 | ||
019c2ab8 DB |
284 | g_free(outtexthex); |
285 | ||
286 | if (iv) { | |
287 | g_assert(qcrypto_cipher_setiv(cipher, | |
288 | iv, niv, | |
289 | &error_abort) == 0); | |
290 | } | |
291 | g_assert(qcrypto_cipher_decrypt(cipher, | |
292 | ciphertext, | |
293 | outtext, | |
294 | nplaintext, | |
295 | &error_abort) == 0); | |
296 | ||
297 | outtexthex = hex_string(outtext, nplaintext); | |
298 | ||
299 | g_assert_cmpstr(outtexthex, ==, data->plaintext); | |
300 | ||
ca38a4cc DB |
301 | g_free(outtext); |
302 | g_free(outtexthex); | |
303 | g_free(key); | |
304 | g_free(iv); | |
305 | g_free(ciphertext); | |
306 | g_free(plaintext); | |
307 | qcrypto_cipher_free(cipher); | |
308 | } | |
309 | ||
eb2a770b DB |
310 | |
311 | static void test_cipher_null_iv(void) | |
312 | { | |
313 | QCryptoCipher *cipher; | |
314 | uint8_t key[32] = { 0 }; | |
315 | uint8_t plaintext[32] = { 0 }; | |
316 | uint8_t ciphertext[32] = { 0 }; | |
317 | ||
318 | cipher = qcrypto_cipher_new( | |
319 | QCRYPTO_CIPHER_ALG_AES_256, | |
320 | QCRYPTO_CIPHER_MODE_CBC, | |
321 | key, sizeof(key), | |
322 | &error_abort); | |
323 | g_assert(cipher != NULL); | |
324 | ||
325 | /* Don't call qcrypto_cipher_setiv */ | |
326 | ||
327 | qcrypto_cipher_encrypt(cipher, | |
328 | plaintext, | |
329 | ciphertext, | |
330 | sizeof(plaintext), | |
331 | &error_abort); | |
332 | ||
333 | qcrypto_cipher_free(cipher); | |
334 | } | |
335 | ||
3a661f1e DB |
336 | static void test_cipher_short_plaintext(void) |
337 | { | |
338 | Error *err = NULL; | |
339 | QCryptoCipher *cipher; | |
340 | uint8_t key[32] = { 0 }; | |
341 | uint8_t plaintext1[20] = { 0 }; | |
342 | uint8_t ciphertext1[20] = { 0 }; | |
343 | uint8_t plaintext2[40] = { 0 }; | |
344 | uint8_t ciphertext2[40] = { 0 }; | |
345 | int ret; | |
346 | ||
347 | cipher = qcrypto_cipher_new( | |
348 | QCRYPTO_CIPHER_ALG_AES_256, | |
349 | QCRYPTO_CIPHER_MODE_CBC, | |
350 | key, sizeof(key), | |
351 | &error_abort); | |
352 | g_assert(cipher != NULL); | |
353 | ||
354 | /* Should report an error as plaintext is shorter | |
355 | * than block size | |
356 | */ | |
357 | ret = qcrypto_cipher_encrypt(cipher, | |
358 | plaintext1, | |
359 | ciphertext1, | |
360 | sizeof(plaintext1), | |
361 | &err); | |
362 | g_assert(ret == -1); | |
363 | g_assert(err != NULL); | |
364 | ||
365 | error_free(err); | |
366 | err = NULL; | |
367 | ||
368 | /* Should report an error as plaintext is larger than | |
369 | * block size, but not a multiple of block size | |
370 | */ | |
371 | ret = qcrypto_cipher_encrypt(cipher, | |
372 | plaintext2, | |
373 | ciphertext2, | |
374 | sizeof(plaintext2), | |
375 | &err); | |
376 | g_assert(ret == -1); | |
377 | g_assert(err != NULL); | |
378 | ||
379 | error_free(err); | |
380 | qcrypto_cipher_free(cipher); | |
381 | } | |
382 | ||
ca38a4cc DB |
383 | int main(int argc, char **argv) |
384 | { | |
385 | size_t i; | |
386 | ||
387 | g_test_init(&argc, &argv, NULL); | |
388 | ||
389 | g_assert(qcrypto_init(NULL) == 0); | |
390 | ||
391 | for (i = 0; i < G_N_ELEMENTS(test_data); i++) { | |
aa413635 DB |
392 | if (qcrypto_cipher_supports(test_data[i].alg)) { |
393 | g_test_add_data_func(test_data[i].path, &test_data[i], test_cipher); | |
394 | } | |
ca38a4cc | 395 | } |
eb2a770b DB |
396 | |
397 | g_test_add_func("/crypto/cipher/null-iv", | |
398 | test_cipher_null_iv); | |
399 | ||
3a661f1e DB |
400 | g_test_add_func("/crypto/cipher/short-plaintext", |
401 | test_cipher_short_plaintext); | |
402 | ||
ca38a4cc DB |
403 | return g_test_run(); |
404 | } |