tests/test-crypto-cipher.c

   1 /*
   2  * QEMU Crypto cipher algorithms
   3  *
   4  * Copyright (c) 2015 Red Hat, Inc.
   5  *
   6  * This library is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 2 of the License, or (at your option) any later version.
  10  *
  11  * This library is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public
  17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  18  *
  19  */
  20
  21 #include "qemu/osdep.h"
  22 #include <glib.h>
  23
  24 #include "crypto/init.h"
  25 #include "crypto/cipher.h"
  26
  27 typedef struct QCryptoCipherTestData QCryptoCipherTestData;
  28 struct QCryptoCipherTestData {
  29     const char *path;
  30     QCryptoCipherAlgorithm alg;
  31     QCryptoCipherMode mode;
  32     const char *key;
  33     const char *plaintext;
  34     const char *ciphertext;
  35     const char *iv;
  36 };
  37
  38 /* AES test data comes from appendix F of:
  39  *
  40  * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
  41  */
  42 static QCryptoCipherTestData test_data[] = {
  43     {
  44         /* NIST F.1.1 ECB-AES128.Encrypt */
  45         .path = "/crypto/cipher/aes-ecb-128",
  46         .alg = QCRYPTO_CIPHER_ALG_AES_128,
  47         .mode = QCRYPTO_CIPHER_MODE_ECB,
  48         .key = "2b7e151628aed2a6abf7158809cf4f3c",
  49         .plaintext =
  50             "6bc1bee22e409f96e93d7e117393172a"
  51             "ae2d8a571e03ac9c9eb76fac45af8e51"
  52             "30c81c46a35ce411e5fbc1191a0a52ef"
  53             "f69f2445df4f9b17ad2b417be66c3710",
  54         .ciphertext =
  55             "3ad77bb40d7a3660a89ecaf32466ef97"
  56             "f5d3d58503b9699de785895a96fdbaaf"
  57             "43b1cd7f598ece23881b00e3ed030688"
  58             "7b0c785e27e8ad3f8223207104725dd4"
  59     },
  60     {
  61         /* NIST F.1.3 ECB-AES192.Encrypt */
  62         .path = "/crypto/cipher/aes-ecb-192",
  63         .alg = QCRYPTO_CIPHER_ALG_AES_192,
  64         .mode = QCRYPTO_CIPHER_MODE_ECB,
  65         .key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b",
  66         .plaintext  =
  67             "6bc1bee22e409f96e93d7e117393172a"
  68             "ae2d8a571e03ac9c9eb76fac45af8e51"
  69             "30c81c46a35ce411e5fbc1191a0a52ef"
  70             "f69f2445df4f9b17ad2b417be66c3710",
  71         .ciphertext =
  72             "bd334f1d6e45f25ff712a214571fa5cc"
  73             "974104846d0ad3ad7734ecb3ecee4eef"
  74             "ef7afd2270e2e60adce0ba2face6444e"
  75             "9a4b41ba738d6c72fb16691603c18e0e"
  76     },
  77     {
  78         /* NIST F.1.5 ECB-AES256.Encrypt */
  79         .path = "/crypto/cipher/aes-ecb-256",
  80         .alg = QCRYPTO_CIPHER_ALG_AES_256,
  81         .mode = QCRYPTO_CIPHER_MODE_ECB,
  82         .key =
  83             "603deb1015ca71be2b73aef0857d7781"
  84             "1f352c073b6108d72d9810a30914dff4",
  85         .plaintext  =
  86             "6bc1bee22e409f96e93d7e117393172a"
  87             "ae2d8a571e03ac9c9eb76fac45af8e51"
  88             "30c81c46a35ce411e5fbc1191a0a52ef"
  89             "f69f2445df4f9b17ad2b417be66c3710",
  90         .ciphertext =
  91             "f3eed1bdb5d2a03c064b5a7e3db181f8"
  92             "591ccb10d410ed26dc5ba74a31362870"
  93             "b6ed21b99ca6f4f9f153e7b1beafed1d"
  94             "23304b7a39f9f3ff067d8d8f9e24ecc7",
  95     },
  96     {
  97         /* NIST F.2.1 CBC-AES128.Encrypt */
  98         .path = "/crypto/cipher/aes-cbc-128",
  99         .alg = QCRYPTO_CIPHER_ALG_AES_128,
 100         .mode = QCRYPTO_CIPHER_MODE_CBC,
 101         .key = "2b7e151628aed2a6abf7158809cf4f3c",
 102         .iv = "000102030405060708090a0b0c0d0e0f",
 103         .plaintext  =
 104             "6bc1bee22e409f96e93d7e117393172a"
 105             "ae2d8a571e03ac9c9eb76fac45af8e51"
 106             "30c81c46a35ce411e5fbc1191a0a52ef"
 107             "f69f2445df4f9b17ad2b417be66c3710",
 108         .ciphertext =
 109             "7649abac8119b246cee98e9b12e9197d"
 110             "5086cb9b507219ee95db113a917678b2"
 111             "73bed6b8e3c1743b7116e69e22229516"
 112             "3ff1caa1681fac09120eca307586e1a7",
 113     },
 114     {
 115         /* NIST F.2.3 CBC-AES128.Encrypt */
 116         .path = "/crypto/cipher/aes-cbc-192",
 117         .alg = QCRYPTO_CIPHER_ALG_AES_192,
 118         .mode = QCRYPTO_CIPHER_MODE_CBC,
 119         .key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b",
 120         .iv = "000102030405060708090a0b0c0d0e0f",
 121         .plaintext  =
 122             "6bc1bee22e409f96e93d7e117393172a"
 123             "ae2d8a571e03ac9c9eb76fac45af8e51"
 124             "30c81c46a35ce411e5fbc1191a0a52ef"
 125             "f69f2445df4f9b17ad2b417be66c3710",
 126         .ciphertext =
 127             "4f021db243bc633d7178183a9fa071e8"
 128             "b4d9ada9ad7dedf4e5e738763f69145a"
 129             "571b242012fb7ae07fa9baac3df102e0"
 130             "08b0e27988598881d920a9e64f5615cd",
 131     },
 132     {
 133         /* NIST F.2.5 CBC-AES128.Encrypt */
 134         .path = "/crypto/cipher/aes-cbc-256",
 135         .alg = QCRYPTO_CIPHER_ALG_AES_256,
 136         .mode = QCRYPTO_CIPHER_MODE_CBC,
 137         .key =
 138             "603deb1015ca71be2b73aef0857d7781"
 139             "1f352c073b6108d72d9810a30914dff4",
 140         .iv = "000102030405060708090a0b0c0d0e0f",
 141         .plaintext  =
 142             "6bc1bee22e409f96e93d7e117393172a"
 143             "ae2d8a571e03ac9c9eb76fac45af8e51"
 144             "30c81c46a35ce411e5fbc1191a0a52ef"
 145             "f69f2445df4f9b17ad2b417be66c3710",
 146         .ciphertext =
 147             "f58c4c04d6e5f1ba779eabfb5f7bfbd6"
 148             "9cfc4e967edb808d679f777bc6702c7d"
 149             "39f23369a9d9bacfa530e26304231461"
 150             "b2eb05e2c39be9fcda6c19078c6a9d1b",
 151     },
 152     {
 153         .path = "/crypto/cipher/des-rfb-ecb-56",
 154         .alg = QCRYPTO_CIPHER_ALG_DES_RFB,
 155         .mode = QCRYPTO_CIPHER_MODE_ECB,
 156         .key = "0123456789abcdef",
 157         .plaintext =
 158             "6bc1bee22e409f96e93d7e117393172a"
 159             "ae2d8a571e03ac9c9eb76fac45af8e51"
 160             "30c81c46a35ce411e5fbc1191a0a52ef"
 161             "f69f2445df4f9b17ad2b417be66c3710",
 162         .ciphertext =
 163             "8f346aaf64eaf24040720d80648c52e7"
 164             "aefc616be53ab1a3d301e69d91e01838"
 165             "ffd29f1bb5596ad94ea2d8e6196b7f09"
 166             "30d8ed0bf2773af36dd82a6280c20926",
 167     },
 168 };
 169
 170
 171 static inline int unhex(char c)
 172 {
 173     if (c >= 'a' && c <= 'f') {
 174         return 10 + (c - 'a');
 175     }
 176     if (c >= 'A' && c <= 'F') {
 177         return 10 + (c - 'A');
 178     }
 179     return c - '0';
 180 }
 181
 182 static inline char hex(int i)
 183 {
 184     if (i < 10) {
 185         return '0' + i;
 186     }
 187     return 'a' + (i - 10);
 188 }
 189
 190 static size_t unhex_string(const char *hexstr,
 191                            uint8_t **data)
 192 {
 193     size_t len;
 194     size_t i;
 195
 196     if (!hexstr) {
 197         *data = NULL;
 198         return 0;
 199     }
 200
 201     len = strlen(hexstr);
 202     *data = g_new0(uint8_t, len / 2);
 203
 204     for (i = 0; i < len; i += 2) {
 205         (*data)[i/2] = (unhex(hexstr[i]) << 4) | unhex(hexstr[i+1]);
 206     }
 207     return len / 2;
 208 }
 209
 210 static char *hex_string(const uint8_t *bytes,
 211                         size_t len)
 212 {
 213     char *hexstr = g_new0(char, len * 2 + 1);
 214     size_t i;
 215
 216     for (i = 0; i < len; i++) {
 217         hexstr[i*2] = hex((bytes[i] >> 4) & 0xf);
 218         hexstr[i*2+1] = hex(bytes[i] & 0xf);
 219     }
 220     hexstr[len*2] = '\0';
 221
 222     return hexstr;
 223 }
 224
 225 static void test_cipher(const void *opaque)
 226 {
 227     const QCryptoCipherTestData *data = opaque;
 228
 229     QCryptoCipher *cipher;
 230     uint8_t *key, *iv, *ciphertext, *plaintext, *outtext;
 231     size_t nkey, niv, nciphertext, nplaintext;
 232     char *outtexthex;
 233     size_t ivsize, keysize, blocksize;
 234
 235     nkey = unhex_string(data->key, &key);
 236     niv = unhex_string(data->iv, &iv);
 237     nciphertext = unhex_string(data->ciphertext, &ciphertext);
 238     nplaintext = unhex_string(data->plaintext, &plaintext);
 239
 240     g_assert(nciphertext == nplaintext);
 241
 242     outtext = g_new0(uint8_t, nciphertext);
 243
 244     cipher = qcrypto_cipher_new(
 245         data->alg, data->mode,
 246         key, nkey,
 247         &error_abort);
 248     g_assert(cipher != NULL);
 249
 250     keysize = qcrypto_cipher_get_key_len(data->alg);
 251     blocksize = qcrypto_cipher_get_block_len(data->alg);
 252     ivsize = qcrypto_cipher_get_iv_len(data->alg, data->mode);
 253
 254     g_assert_cmpint(keysize, ==, nkey);
 255     g_assert_cmpint(ivsize, ==, niv);
 256     if (niv) {
 257         g_assert_cmpint(blocksize, ==, niv);
 258     }
 259
 260     if (iv) {
 261         g_assert(qcrypto_cipher_setiv(cipher,
 262                                       iv, niv,
 263                                       &error_abort) == 0);
 264     }
 265     g_assert(qcrypto_cipher_encrypt(cipher,
 266                                     plaintext,
 267                                     outtext,
 268                                     nplaintext,
 269                                     &error_abort) == 0);
 270
 271     outtexthex = hex_string(outtext, nciphertext);
 272
 273     g_assert_cmpstr(outtexthex, ==, data->ciphertext);
 274
 275     g_free(outtexthex);
 276
 277     if (iv) {
 278         g_assert(qcrypto_cipher_setiv(cipher,
 279                                       iv, niv,
 280                                       &error_abort) == 0);
 281     }
 282     g_assert(qcrypto_cipher_decrypt(cipher,
 283                                     ciphertext,
 284                                     outtext,
 285                                     nplaintext,
 286                                     &error_abort) == 0);
 287
 288     outtexthex = hex_string(outtext, nplaintext);
 289
 290     g_assert_cmpstr(outtexthex, ==, data->plaintext);
 291
 292     g_free(outtext);
 293     g_free(outtexthex);
 294     g_free(key);
 295     g_free(iv);
 296     g_free(ciphertext);
 297     g_free(plaintext);
 298     qcrypto_cipher_free(cipher);
 299 }
 300
 301
 302 static void test_cipher_null_iv(void)
 303 {
 304     QCryptoCipher *cipher;
 305     uint8_t key[32] = { 0 };
 306     uint8_t plaintext[32] = { 0 };
 307     uint8_t ciphertext[32] = { 0 };
 308
 309     cipher = qcrypto_cipher_new(
 310         QCRYPTO_CIPHER_ALG_AES_256,
 311         QCRYPTO_CIPHER_MODE_CBC,
 312         key, sizeof(key),
 313         &error_abort);
 314     g_assert(cipher != NULL);
 315
 316     /* Don't call qcrypto_cipher_setiv */
 317
 318     qcrypto_cipher_encrypt(cipher,
 319                            plaintext,
 320                            ciphertext,
 321                            sizeof(plaintext),
 322                            &error_abort);
 323
 324     qcrypto_cipher_free(cipher);
 325 }
 326
 327 static void test_cipher_short_plaintext(void)
 328 {
 329     Error *err = NULL;
 330     QCryptoCipher *cipher;
 331     uint8_t key[32] = { 0 };
 332     uint8_t plaintext1[20] = { 0 };
 333     uint8_t ciphertext1[20] = { 0 };
 334     uint8_t plaintext2[40] = { 0 };
 335     uint8_t ciphertext2[40] = { 0 };
 336     int ret;
 337
 338     cipher = qcrypto_cipher_new(
 339         QCRYPTO_CIPHER_ALG_AES_256,
 340         QCRYPTO_CIPHER_MODE_CBC,
 341         key, sizeof(key),
 342         &error_abort);
 343     g_assert(cipher != NULL);
 344
 345     /* Should report an error as plaintext is shorter
 346      * than block size
 347      */
 348     ret = qcrypto_cipher_encrypt(cipher,
 349                                  plaintext1,
 350                                  ciphertext1,
 351                                  sizeof(plaintext1),
 352                                  &err);
 353     g_assert(ret == -1);
 354     g_assert(err != NULL);
 355
 356     error_free(err);
 357     err = NULL;
 358
 359     /* Should report an error as plaintext is larger than
 360      * block size, but not a multiple of block size
 361      */
 362     ret = qcrypto_cipher_encrypt(cipher,
 363                                  plaintext2,
 364                                  ciphertext2,
 365                                  sizeof(plaintext2),
 366                                  &err);
 367     g_assert(ret == -1);
 368     g_assert(err != NULL);
 369
 370     error_free(err);
 371     qcrypto_cipher_free(cipher);
 372 }
 373
 374 int main(int argc, char **argv)
 375 {
 376     size_t i;
 377
 378     g_test_init(&argc, &argv, NULL);
 379
 380     g_assert(qcrypto_init(NULL) == 0);
 381
 382     for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
 383         g_test_add_data_func(test_data[i].path, &test_data[i], test_cipher);
 384     }
 385
 386     g_test_add_func("/crypto/cipher/null-iv",
 387                     test_cipher_null_iv);
 388
 389     g_test_add_func("/crypto/cipher/short-plaintext",
 390                     test_cipher_short_plaintext);
 391
 392     return g_test_run();
 393 }