tests/test-crypto-cipher.c

   1 /*
   2  * QEMU Crypto cipher algorithms
   3  *
   4  * Copyright (c) 2015 Red Hat, Inc.
   5  *
   6  * This library is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 2 of the License, or (at your option) any later version.
  10  *
  11  * This library is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public
  17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  18  *
  19  */
  20
  21 #include <glib.h>
  22
  23 #include "crypto/init.h"
  24 #include "crypto/cipher.h"
  25
  26 typedef struct QCryptoCipherTestData QCryptoCipherTestData;
  27 struct QCryptoCipherTestData {
  28     const char *path;
  29     QCryptoCipherAlgorithm alg;
  30     QCryptoCipherMode mode;
  31     const char *key;
  32     const char *plaintext;
  33     const char *ciphertext;
  34     const char *iv;
  35 };
  36
  37 /* AES test data comes from appendix F of:
  38  *
  39  * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
  40  */
  41 static QCryptoCipherTestData test_data[] = {
  42     {
  43         /* NIST F.1.1 ECB-AES128.Encrypt */
  44         .path = "/crypto/cipher/aes-ecb-128",
  45         .alg = QCRYPTO_CIPHER_ALG_AES_128,
  46         .mode = QCRYPTO_CIPHER_MODE_ECB,
  47         .key = "2b7e151628aed2a6abf7158809cf4f3c",
  48         .plaintext =
  49             "6bc1bee22e409f96e93d7e117393172a"
  50             "ae2d8a571e03ac9c9eb76fac45af8e51"
  51             "30c81c46a35ce411e5fbc1191a0a52ef"
  52             "f69f2445df4f9b17ad2b417be66c3710",
  53         .ciphertext =
  54             "3ad77bb40d7a3660a89ecaf32466ef97"
  55             "f5d3d58503b9699de785895a96fdbaaf"
  56             "43b1cd7f598ece23881b00e3ed030688"
  57             "7b0c785e27e8ad3f8223207104725dd4"
  58     },
  59     {
  60         /* NIST F.1.3 ECB-AES192.Encrypt */
  61         .path = "/crypto/cipher/aes-ecb-192",
  62         .alg = QCRYPTO_CIPHER_ALG_AES_192,
  63         .mode = QCRYPTO_CIPHER_MODE_ECB,
  64         .key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b",
  65         .plaintext  =
  66             "6bc1bee22e409f96e93d7e117393172a"
  67             "ae2d8a571e03ac9c9eb76fac45af8e51"
  68             "30c81c46a35ce411e5fbc1191a0a52ef"
  69             "f69f2445df4f9b17ad2b417be66c3710",
  70         .ciphertext =
  71             "bd334f1d6e45f25ff712a214571fa5cc"
  72             "974104846d0ad3ad7734ecb3ecee4eef"
  73             "ef7afd2270e2e60adce0ba2face6444e"
  74             "9a4b41ba738d6c72fb16691603c18e0e"
  75     },
  76     {
  77         /* NIST F.1.5 ECB-AES256.Encrypt */
  78         .path = "/crypto/cipher/aes-ecb-256",
  79         .alg = QCRYPTO_CIPHER_ALG_AES_256,
  80         .mode = QCRYPTO_CIPHER_MODE_ECB,
  81         .key =
  82             "603deb1015ca71be2b73aef0857d7781"
  83             "1f352c073b6108d72d9810a30914dff4",
  84         .plaintext  =
  85             "6bc1bee22e409f96e93d7e117393172a"
  86             "ae2d8a571e03ac9c9eb76fac45af8e51"
  87             "30c81c46a35ce411e5fbc1191a0a52ef"
  88             "f69f2445df4f9b17ad2b417be66c3710",
  89         .ciphertext =
  90             "f3eed1bdb5d2a03c064b5a7e3db181f8"
  91             "591ccb10d410ed26dc5ba74a31362870"
  92             "b6ed21b99ca6f4f9f153e7b1beafed1d"
  93             "23304b7a39f9f3ff067d8d8f9e24ecc7",
  94     },
  95     {
  96         /* NIST F.2.1 CBC-AES128.Encrypt */
  97         .path = "/crypto/cipher/aes-cbc-128",
  98         .alg = QCRYPTO_CIPHER_ALG_AES_128,
  99         .mode = QCRYPTO_CIPHER_MODE_CBC,
 100         .key = "2b7e151628aed2a6abf7158809cf4f3c",
 101         .iv = "000102030405060708090a0b0c0d0e0f",
 102         .plaintext  =
 103             "6bc1bee22e409f96e93d7e117393172a"
 104             "ae2d8a571e03ac9c9eb76fac45af8e51"
 105             "30c81c46a35ce411e5fbc1191a0a52ef"
 106             "f69f2445df4f9b17ad2b417be66c3710",
 107         .ciphertext =
 108             "7649abac8119b246cee98e9b12e9197d"
 109             "5086cb9b507219ee95db113a917678b2"
 110             "73bed6b8e3c1743b7116e69e22229516"
 111             "3ff1caa1681fac09120eca307586e1a7",
 112     },
 113     {
 114         /* NIST F.2.3 CBC-AES128.Encrypt */
 115         .path = "/crypto/cipher/aes-cbc-192",
 116         .alg = QCRYPTO_CIPHER_ALG_AES_192,
 117         .mode = QCRYPTO_CIPHER_MODE_CBC,
 118         .key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b",
 119         .iv = "000102030405060708090a0b0c0d0e0f",
 120         .plaintext  =
 121             "6bc1bee22e409f96e93d7e117393172a"
 122             "ae2d8a571e03ac9c9eb76fac45af8e51"
 123             "30c81c46a35ce411e5fbc1191a0a52ef"
 124             "f69f2445df4f9b17ad2b417be66c3710",
 125         .ciphertext =
 126             "4f021db243bc633d7178183a9fa071e8"
 127             "b4d9ada9ad7dedf4e5e738763f69145a"
 128             "571b242012fb7ae07fa9baac3df102e0"
 129             "08b0e27988598881d920a9e64f5615cd",
 130     },
 131     {
 132         /* NIST F.2.5 CBC-AES128.Encrypt */
 133         .path = "/crypto/cipher/aes-cbc-256",
 134         .alg = QCRYPTO_CIPHER_ALG_AES_256,
 135         .mode = QCRYPTO_CIPHER_MODE_CBC,
 136         .key =
 137             "603deb1015ca71be2b73aef0857d7781"
 138             "1f352c073b6108d72d9810a30914dff4",
 139         .iv = "000102030405060708090a0b0c0d0e0f",
 140         .plaintext  =
 141             "6bc1bee22e409f96e93d7e117393172a"
 142             "ae2d8a571e03ac9c9eb76fac45af8e51"
 143             "30c81c46a35ce411e5fbc1191a0a52ef"
 144             "f69f2445df4f9b17ad2b417be66c3710",
 145         .ciphertext =
 146             "f58c4c04d6e5f1ba779eabfb5f7bfbd6"
 147             "9cfc4e967edb808d679f777bc6702c7d"
 148             "39f23369a9d9bacfa530e26304231461"
 149             "b2eb05e2c39be9fcda6c19078c6a9d1b",
 150     },
 151     {
 152         .path = "/crypto/cipher/des-rfb-ecb-56",
 153         .alg = QCRYPTO_CIPHER_ALG_DES_RFB,
 154         .mode = QCRYPTO_CIPHER_MODE_ECB,
 155         .key = "0123456789abcdef",
 156         .plaintext =
 157             "6bc1bee22e409f96e93d7e117393172a"
 158             "ae2d8a571e03ac9c9eb76fac45af8e51"
 159             "30c81c46a35ce411e5fbc1191a0a52ef"
 160             "f69f2445df4f9b17ad2b417be66c3710",
 161         .ciphertext =
 162             "8f346aaf64eaf24040720d80648c52e7"
 163             "aefc616be53ab1a3d301e69d91e01838"
 164             "ffd29f1bb5596ad94ea2d8e6196b7f09"
 165             "30d8ed0bf2773af36dd82a6280c20926",
 166     },
 167 };
 168
 169
 170 static inline int unhex(char c)
 171 {
 172     if (c >= 'a' && c <= 'f') {
 173         return 10 + (c - 'a');
 174     }
 175     if (c >= 'A' && c <= 'F') {
 176         return 10 + (c - 'A');
 177     }
 178     return c - '0';
 179 }
 180
 181 static inline char hex(int i)
 182 {
 183     if (i < 10) {
 184         return '0' + i;
 185     }
 186     return 'a' + (i - 10);
 187 }
 188
 189 static size_t unhex_string(const char *hexstr,
 190                            uint8_t **data)
 191 {
 192     size_t len;
 193     size_t i;
 194
 195     if (!hexstr) {
 196         *data = NULL;
 197         return 0;
 198     }
 199
 200     len = strlen(hexstr);
 201     *data = g_new0(uint8_t, len / 2);
 202
 203     for (i = 0; i < len; i += 2) {
 204         (*data)[i/2] = (unhex(hexstr[i]) << 4) | unhex(hexstr[i+1]);
 205     }
 206     return len / 2;
 207 }
 208
 209 static char *hex_string(const uint8_t *bytes,
 210                         size_t len)
 211 {
 212     char *hexstr = g_new0(char, len * 2 + 1);
 213     size_t i;
 214
 215     for (i = 0; i < len; i++) {
 216         hexstr[i*2] = hex((bytes[i] >> 4) & 0xf);
 217         hexstr[i*2+1] = hex(bytes[i] & 0xf);
 218     }
 219     hexstr[len*2] = '\0';
 220
 221     return hexstr;
 222 }
 223
 224 static void test_cipher(const void *opaque)
 225 {
 226     const QCryptoCipherTestData *data = opaque;
 227
 228     QCryptoCipher *cipher;
 229     uint8_t *key, *iv, *ciphertext, *plaintext, *outtext;
 230     size_t nkey, niv, nciphertext, nplaintext;
 231     char *outtexthex;
 232     size_t ivsize, keysize, blocksize;
 233
 234     nkey = unhex_string(data->key, &key);
 235     niv = unhex_string(data->iv, &iv);
 236     nciphertext = unhex_string(data->ciphertext, &ciphertext);
 237     nplaintext = unhex_string(data->plaintext, &plaintext);
 238
 239     g_assert(nciphertext == nplaintext);
 240
 241     outtext = g_new0(uint8_t, nciphertext);
 242
 243     cipher = qcrypto_cipher_new(
 244         data->alg, data->mode,
 245         key, nkey,
 246         &error_abort);
 247     g_assert(cipher != NULL);
 248
 249     keysize = qcrypto_cipher_get_key_len(data->alg);
 250     blocksize = qcrypto_cipher_get_block_len(data->alg);
 251     ivsize = qcrypto_cipher_get_iv_len(data->alg, data->mode);
 252
 253     g_assert_cmpint(keysize, ==, nkey);
 254     g_assert_cmpint(ivsize, ==, niv);
 255     if (niv) {
 256         g_assert_cmpint(blocksize, ==, niv);
 257     }
 258
 259     if (iv) {
 260         g_assert(qcrypto_cipher_setiv(cipher,
 261                                       iv, niv,
 262                                       &error_abort) == 0);
 263     }
 264     g_assert(qcrypto_cipher_encrypt(cipher,
 265                                     plaintext,
 266                                     outtext,
 267                                     nplaintext,
 268                                     &error_abort) == 0);
 269
 270     outtexthex = hex_string(outtext, nciphertext);
 271
 272     g_assert_cmpstr(outtexthex, ==, data->ciphertext);
 273
 274     g_free(outtexthex);
 275
 276     if (iv) {
 277         g_assert(qcrypto_cipher_setiv(cipher,
 278                                       iv, niv,
 279                                       &error_abort) == 0);
 280     }
 281     g_assert(qcrypto_cipher_decrypt(cipher,
 282                                     ciphertext,
 283                                     outtext,
 284                                     nplaintext,
 285                                     &error_abort) == 0);
 286
 287     outtexthex = hex_string(outtext, nplaintext);
 288
 289     g_assert_cmpstr(outtexthex, ==, data->plaintext);
 290
 291     g_free(outtext);
 292     g_free(outtexthex);
 293     g_free(key);
 294     g_free(iv);
 295     g_free(ciphertext);
 296     g_free(plaintext);
 297     qcrypto_cipher_free(cipher);
 298 }
 299
 300
 301 static void test_cipher_null_iv(void)
 302 {
 303     QCryptoCipher *cipher;
 304     uint8_t key[32] = { 0 };
 305     uint8_t plaintext[32] = { 0 };
 306     uint8_t ciphertext[32] = { 0 };
 307
 308     cipher = qcrypto_cipher_new(
 309         QCRYPTO_CIPHER_ALG_AES_256,
 310         QCRYPTO_CIPHER_MODE_CBC,
 311         key, sizeof(key),
 312         &error_abort);
 313     g_assert(cipher != NULL);
 314
 315     /* Don't call qcrypto_cipher_setiv */
 316
 317     qcrypto_cipher_encrypt(cipher,
 318                            plaintext,
 319                            ciphertext,
 320                            sizeof(plaintext),
 321                            &error_abort);
 322
 323     qcrypto_cipher_free(cipher);
 324 }
 325
 326 static void test_cipher_short_plaintext(void)
 327 {
 328     Error *err = NULL;
 329     QCryptoCipher *cipher;
 330     uint8_t key[32] = { 0 };
 331     uint8_t plaintext1[20] = { 0 };
 332     uint8_t ciphertext1[20] = { 0 };
 333     uint8_t plaintext2[40] = { 0 };
 334     uint8_t ciphertext2[40] = { 0 };
 335     int ret;
 336
 337     cipher = qcrypto_cipher_new(
 338         QCRYPTO_CIPHER_ALG_AES_256,
 339         QCRYPTO_CIPHER_MODE_CBC,
 340         key, sizeof(key),
 341         &error_abort);
 342     g_assert(cipher != NULL);
 343
 344     /* Should report an error as plaintext is shorter
 345      * than block size
 346      */
 347     ret = qcrypto_cipher_encrypt(cipher,
 348                                  plaintext1,
 349                                  ciphertext1,
 350                                  sizeof(plaintext1),
 351                                  &err);
 352     g_assert(ret == -1);
 353     g_assert(err != NULL);
 354
 355     error_free(err);
 356     err = NULL;
 357
 358     /* Should report an error as plaintext is larger than
 359      * block size, but not a multiple of block size
 360      */
 361     ret = qcrypto_cipher_encrypt(cipher,
 362                                  plaintext2,
 363                                  ciphertext2,
 364                                  sizeof(plaintext2),
 365                                  &err);
 366     g_assert(ret == -1);
 367     g_assert(err != NULL);
 368
 369     error_free(err);
 370     qcrypto_cipher_free(cipher);
 371 }
 372
 373 int main(int argc, char **argv)
 374 {
 375     size_t i;
 376
 377     g_test_init(&argc, &argv, NULL);
 378
 379     g_assert(qcrypto_init(NULL) == 0);
 380
 381     for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
 382         g_test_add_data_func(test_data[i].path, &test_data[i], test_cipher);
 383     }
 384
 385     g_test_add_func("/crypto/cipher/null-iv",
 386                     test_cipher_null_iv);
 387
 388     g_test_add_func("/crypto/cipher/short-plaintext",
 389                     test_cipher_short_plaintext);
 390
 391     return g_test_run();
 392 }