search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
crypto: add support for the twofish cipher algorithm
[qemu/rayw.git] / tests / test-crypto-cipher.c
blobf18bcaa1d4d6dbe932e5c2ed2bb2b7d9b66f751e
1 /*
2 * QEMU Crypto cipher algorithms
3 *
4 * Copyright (c) 2015 Red Hat, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 *
19 */
20
21 #include "qemu/osdep.h"
22 #include <glib.h>
23
24 #include "crypto/init.h"
25 #include "crypto/cipher.h"
26
27 typedef struct QCryptoCipherTestData QCryptoCipherTestData;
28 struct QCryptoCipherTestData {
29 const char *path;
30 QCryptoCipherAlgorithm alg;
31 QCryptoCipherMode mode;
32 const char *key;
33 const char *plaintext;
34 const char *ciphertext;
35 const char *iv;
36 };
37
38 /* AES test data comes from appendix F of:
39 *
40 * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
41 */
42 static QCryptoCipherTestData test_data[] = {
43 {
44 /* NIST F.1.1 ECB-AES128.Encrypt */
45 .path = "/crypto/cipher/aes-ecb-128",
46 .alg = QCRYPTO_CIPHER_ALG_AES_128,
47 .mode = QCRYPTO_CIPHER_MODE_ECB,
48 .key = "2b7e151628aed2a6abf7158809cf4f3c",
49 .plaintext =
50 "6bc1bee22e409f96e93d7e117393172a"
51 "ae2d8a571e03ac9c9eb76fac45af8e51"
52 "30c81c46a35ce411e5fbc1191a0a52ef"
53 "f69f2445df4f9b17ad2b417be66c3710",
54 .ciphertext =
55 "3ad77bb40d7a3660a89ecaf32466ef97"
56 "f5d3d58503b9699de785895a96fdbaaf"
57 "43b1cd7f598ece23881b00e3ed030688"
58 "7b0c785e27e8ad3f8223207104725dd4"
59 },
60 {
61 /* NIST F.1.3 ECB-AES192.Encrypt */
62 .path = "/crypto/cipher/aes-ecb-192",
63 .alg = QCRYPTO_CIPHER_ALG_AES_192,
64 .mode = QCRYPTO_CIPHER_MODE_ECB,
65 .key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b",
66 .plaintext =
67 "6bc1bee22e409f96e93d7e117393172a"
68 "ae2d8a571e03ac9c9eb76fac45af8e51"
69 "30c81c46a35ce411e5fbc1191a0a52ef"
70 "f69f2445df4f9b17ad2b417be66c3710",
71 .ciphertext =
72 "bd334f1d6e45f25ff712a214571fa5cc"
73 "974104846d0ad3ad7734ecb3ecee4eef"
74 "ef7afd2270e2e60adce0ba2face6444e"
75 "9a4b41ba738d6c72fb16691603c18e0e"
76 },
77 {
78 /* NIST F.1.5 ECB-AES256.Encrypt */
79 .path = "/crypto/cipher/aes-ecb-256",
80 .alg = QCRYPTO_CIPHER_ALG_AES_256,
81 .mode = QCRYPTO_CIPHER_MODE_ECB,
82 .key =
83 "603deb1015ca71be2b73aef0857d7781"
84 "1f352c073b6108d72d9810a30914dff4",
85 .plaintext =
86 "6bc1bee22e409f96e93d7e117393172a"
87 "ae2d8a571e03ac9c9eb76fac45af8e51"
88 "30c81c46a35ce411e5fbc1191a0a52ef"
89 "f69f2445df4f9b17ad2b417be66c3710",
90 .ciphertext =
91 "f3eed1bdb5d2a03c064b5a7e3db181f8"
92 "591ccb10d410ed26dc5ba74a31362870"
93 "b6ed21b99ca6f4f9f153e7b1beafed1d"
94 "23304b7a39f9f3ff067d8d8f9e24ecc7",
95 },
96 {
97 /* NIST F.2.1 CBC-AES128.Encrypt */
98 .path = "/crypto/cipher/aes-cbc-128",
99 .alg = QCRYPTO_CIPHER_ALG_AES_128,
100 .mode = QCRYPTO_CIPHER_MODE_CBC,
101 .key = "2b7e151628aed2a6abf7158809cf4f3c",
102 .iv = "000102030405060708090a0b0c0d0e0f",
103 .plaintext =
104 "6bc1bee22e409f96e93d7e117393172a"
105 "ae2d8a571e03ac9c9eb76fac45af8e51"
106 "30c81c46a35ce411e5fbc1191a0a52ef"
107 "f69f2445df4f9b17ad2b417be66c3710",
108 .ciphertext =
109 "7649abac8119b246cee98e9b12e9197d"
110 "5086cb9b507219ee95db113a917678b2"
111 "73bed6b8e3c1743b7116e69e22229516"
112 "3ff1caa1681fac09120eca307586e1a7",
113 },
114 {
115 /* NIST F.2.3 CBC-AES128.Encrypt */
116 .path = "/crypto/cipher/aes-cbc-192",
117 .alg = QCRYPTO_CIPHER_ALG_AES_192,
118 .mode = QCRYPTO_CIPHER_MODE_CBC,
119 .key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b",
120 .iv = "000102030405060708090a0b0c0d0e0f",
121 .plaintext =
122 "6bc1bee22e409f96e93d7e117393172a"
123 "ae2d8a571e03ac9c9eb76fac45af8e51"
124 "30c81c46a35ce411e5fbc1191a0a52ef"
125 "f69f2445df4f9b17ad2b417be66c3710",
126 .ciphertext =
127 "4f021db243bc633d7178183a9fa071e8"
128 "b4d9ada9ad7dedf4e5e738763f69145a"
129 "571b242012fb7ae07fa9baac3df102e0"
130 "08b0e27988598881d920a9e64f5615cd",
131 },
132 {
133 /* NIST F.2.5 CBC-AES128.Encrypt */
134 .path = "/crypto/cipher/aes-cbc-256",
135 .alg = QCRYPTO_CIPHER_ALG_AES_256,
136 .mode = QCRYPTO_CIPHER_MODE_CBC,
137 .key =
138 "603deb1015ca71be2b73aef0857d7781"
139 "1f352c073b6108d72d9810a30914dff4",
140 .iv = "000102030405060708090a0b0c0d0e0f",
141 .plaintext =
142 "6bc1bee22e409f96e93d7e117393172a"
143 "ae2d8a571e03ac9c9eb76fac45af8e51"
144 "30c81c46a35ce411e5fbc1191a0a52ef"
145 "f69f2445df4f9b17ad2b417be66c3710",
146 .ciphertext =
147 "f58c4c04d6e5f1ba779eabfb5f7bfbd6"
148 "9cfc4e967edb808d679f777bc6702c7d"
149 "39f23369a9d9bacfa530e26304231461"
150 "b2eb05e2c39be9fcda6c19078c6a9d1b",
151 },
152 {
153 .path = "/crypto/cipher/des-rfb-ecb-56",
154 .alg = QCRYPTO_CIPHER_ALG_DES_RFB,
155 .mode = QCRYPTO_CIPHER_MODE_ECB,
156 .key = "0123456789abcdef",
157 .plaintext =
158 "6bc1bee22e409f96e93d7e117393172a"
159 "ae2d8a571e03ac9c9eb76fac45af8e51"
160 "30c81c46a35ce411e5fbc1191a0a52ef"
161 "f69f2445df4f9b17ad2b417be66c3710",
162 .ciphertext =
163 "8f346aaf64eaf24040720d80648c52e7"
164 "aefc616be53ab1a3d301e69d91e01838"
165 "ffd29f1bb5596ad94ea2d8e6196b7f09"
166 "30d8ed0bf2773af36dd82a6280c20926",
167 },
168 {
169 /* RFC 2144, Appendix B.1 */
170 .path = "/crypto/cipher/cast5-128",
171 .alg = QCRYPTO_CIPHER_ALG_CAST5_128,
172 .mode = QCRYPTO_CIPHER_MODE_ECB,
173 .key = "0123456712345678234567893456789A",
174 .plaintext = "0123456789abcdef",
175 .ciphertext = "238b4fe5847e44b2",
176 },
177 {
178 /* libgcrypt serpent.c */
179 .path = "/crypto/cipher/serpent-128",
180 .alg = QCRYPTO_CIPHER_ALG_SERPENT_128,
181 .mode = QCRYPTO_CIPHER_MODE_ECB,
182 .key = "00000000000000000000000000000000",
183 .plaintext = "d29d576fcea3a3a7ed9099f29273d78e",
184 .ciphertext = "b2288b968ae8b08648d1ce9606fd992d",
185 },
186 {
187 /* libgcrypt serpent.c */
188 .path = "/crypto/cipher/serpent-192",
189 .alg = QCRYPTO_CIPHER_ALG_SERPENT_192,
190 .mode = QCRYPTO_CIPHER_MODE_ECB,
191 .key = "00000000000000000000000000000000"
192 "0000000000000000",
193 .plaintext = "d29d576fceaba3a7ed9899f2927bd78e",
194 .ciphertext = "130e353e1037c22405e8faefb2c3c3e9",
195 },
196 {
197 /* libgcrypt serpent.c */
198 .path = "/crypto/cipher/serpent-256a",
199 .alg = QCRYPTO_CIPHER_ALG_SERPENT_256,
200 .mode = QCRYPTO_CIPHER_MODE_ECB,
201 .key = "00000000000000000000000000000000"
202 "00000000000000000000000000000000",
203 .plaintext = "d095576fcea3e3a7ed98d9f29073d78e",
204 .ciphertext = "b90ee5862de69168f2bdd5125b45472b",
205 },
206 {
207 /* libgcrypt serpent.c */
208 .path = "/crypto/cipher/serpent-256b",
209 .alg = QCRYPTO_CIPHER_ALG_SERPENT_256,
210 .mode = QCRYPTO_CIPHER_MODE_ECB,
211 .key = "00000000000000000000000000000000"
212 "00000000000000000000000000000000",
213 .plaintext = "00000000010000000200000003000000",
214 .ciphertext = "2061a42782bd52ec691ec383b03ba77c",
215 },
216 {
217 /* Twofish paper "Known Answer Test" */
218 .path = "/crypto/cipher/twofish-128",
219 .alg = QCRYPTO_CIPHER_ALG_TWOFISH_128,
220 .mode = QCRYPTO_CIPHER_MODE_ECB,
221 .key = "d491db16e7b1c39e86cb086b789f5419",
222 .plaintext = "019f9809de1711858faac3a3ba20fbc3",
223 .ciphertext = "6363977de839486297e661c6c9d668eb",
224 },
225 {
226 /* Twofish paper "Known Answer Test", I=3 */
227 .path = "/crypto/cipher/twofish-192",
228 .alg = QCRYPTO_CIPHER_ALG_TWOFISH_192,
229 .mode = QCRYPTO_CIPHER_MODE_ECB,
230 .key = "88b2b2706b105e36b446bb6d731a1e88"
231 "efa71f788965bd44",
232 .plaintext = "39da69d6ba4997d585b6dc073ca341b2",
233 .ciphertext = "182b02d81497ea45f9daacdc29193a65",
234 },
235 {
236 /* Twofish paper "Known Answer Test", I=4 */
237 .path = "/crypto/cipher/twofish-256",
238 .alg = QCRYPTO_CIPHER_ALG_TWOFISH_256,
239 .mode = QCRYPTO_CIPHER_MODE_ECB,
240 .key = "d43bb7556ea32e46f2a282b7d45b4e0d"
241 "57ff739d4dc92c1bd7fc01700cc8216f",
242 .plaintext = "90afe91bb288544f2c32dc239b2635e6",
243 .ciphertext = "6cb4561c40bf0a9705931cb6d408e7fa",
244 },
245 };
246
247
248 static inline int unhex(char c)
249 {
250 if (c >= 'a' && c <= 'f') {
251 return 10 + (c - 'a');
252 }
253 if (c >= 'A' && c <= 'F') {
254 return 10 + (c - 'A');
255 }
256 return c - '0';
257 }
258
259 static inline char hex(int i)
260 {
261 if (i < 10) {
262 return '0' + i;
263 }
264 return 'a' + (i - 10);
265 }
266
267 static size_t unhex_string(const char *hexstr,
268 uint8_t **data)
269 {
270 size_t len;
271 size_t i;
272
273 if (!hexstr) {
274 *data = NULL;
275 return 0;
276 }
277
278 len = strlen(hexstr);
279 *data = g_new0(uint8_t, len / 2);
280
281 for (i = 0; i < len; i += 2) {
282 (*data)[i/2] = (unhex(hexstr[i]) << 4) | unhex(hexstr[i+1]);
283 }
284 return len / 2;
285 }
286
287 static char *hex_string(const uint8_t *bytes,
288 size_t len)
289 {
290 char *hexstr = g_new0(char, len * 2 + 1);
291 size_t i;
292
293 for (i = 0; i < len; i++) {
294 hexstr[i*2] = hex((bytes[i] >> 4) & 0xf);
295 hexstr[i*2+1] = hex(bytes[i] & 0xf);
296 }
297 hexstr[len*2] = '\0';
298
299 return hexstr;
300 }
301
302 static void test_cipher(const void *opaque)
303 {
304 const QCryptoCipherTestData *data = opaque;
305
306 QCryptoCipher *cipher;
307 uint8_t *key, *iv, *ciphertext, *plaintext, *outtext;
308 size_t nkey, niv, nciphertext, nplaintext;
309 char *outtexthex;
310 size_t ivsize, keysize, blocksize;
311
312 nkey = unhex_string(data->key, &key);
313 niv = unhex_string(data->iv, &iv);
314 nciphertext = unhex_string(data->ciphertext, &ciphertext);
315 nplaintext = unhex_string(data->plaintext, &plaintext);
316
317 g_assert(nciphertext == nplaintext);
318
319 outtext = g_new0(uint8_t, nciphertext);
320
321 cipher = qcrypto_cipher_new(
322 data->alg, data->mode,
323 key, nkey,
324 &error_abort);
325 g_assert(cipher != NULL);
326
327 keysize = qcrypto_cipher_get_key_len(data->alg);
328 blocksize = qcrypto_cipher_get_block_len(data->alg);
329 ivsize = qcrypto_cipher_get_iv_len(data->alg, data->mode);
330
331 g_assert_cmpint(keysize, ==, nkey);
332 g_assert_cmpint(ivsize, ==, niv);
333 if (niv) {
334 g_assert_cmpint(blocksize, ==, niv);
335 }
336
337 if (iv) {
338 g_assert(qcrypto_cipher_setiv(cipher,
339 iv, niv,
340 &error_abort) == 0);
341 }
342 g_assert(qcrypto_cipher_encrypt(cipher,
343 plaintext,
344 outtext,
345 nplaintext,
346 &error_abort) == 0);
347
348 outtexthex = hex_string(outtext, nciphertext);
349
350 g_assert_cmpstr(outtexthex, ==, data->ciphertext);
351
352 g_free(outtexthex);
353
354 if (iv) {
355 g_assert(qcrypto_cipher_setiv(cipher,
356 iv, niv,
357 &error_abort) == 0);
358 }
359 g_assert(qcrypto_cipher_decrypt(cipher,
360 ciphertext,
361 outtext,
362 nplaintext,
363 &error_abort) == 0);
364
365 outtexthex = hex_string(outtext, nplaintext);
366
367 g_assert_cmpstr(outtexthex, ==, data->plaintext);
368
369 g_free(outtext);
370 g_free(outtexthex);
371 g_free(key);
372 g_free(iv);
373 g_free(ciphertext);
374 g_free(plaintext);
375 qcrypto_cipher_free(cipher);
376 }
377
378
379 static void test_cipher_null_iv(void)
380 {
381 QCryptoCipher *cipher;
382 uint8_t key[32] = { 0 };
383 uint8_t plaintext[32] = { 0 };
384 uint8_t ciphertext[32] = { 0 };
385
386 cipher = qcrypto_cipher_new(
387 QCRYPTO_CIPHER_ALG_AES_256,
388 QCRYPTO_CIPHER_MODE_CBC,
389 key, sizeof(key),
390 &error_abort);
391 g_assert(cipher != NULL);
392
393 /* Don't call qcrypto_cipher_setiv */
394
395 qcrypto_cipher_encrypt(cipher,
396 plaintext,
397 ciphertext,
398 sizeof(plaintext),
399 &error_abort);
400
401 qcrypto_cipher_free(cipher);
402 }
403
404 static void test_cipher_short_plaintext(void)
405 {
406 Error *err = NULL;
407 QCryptoCipher *cipher;
408 uint8_t key[32] = { 0 };
409 uint8_t plaintext1[20] = { 0 };
410 uint8_t ciphertext1[20] = { 0 };
411 uint8_t plaintext2[40] = { 0 };
412 uint8_t ciphertext2[40] = { 0 };
413 int ret;
414
415 cipher = qcrypto_cipher_new(
416 QCRYPTO_CIPHER_ALG_AES_256,
417 QCRYPTO_CIPHER_MODE_CBC,
418 key, sizeof(key),
419 &error_abort);
420 g_assert(cipher != NULL);
421
422 /* Should report an error as plaintext is shorter
423 * than block size
424 */
425 ret = qcrypto_cipher_encrypt(cipher,
426 plaintext1,
427 ciphertext1,
428 sizeof(plaintext1),
429 &err);
430 g_assert(ret == -1);
431 g_assert(err != NULL);
432
433 error_free(err);
434 err = NULL;
435
436 /* Should report an error as plaintext is larger than
437 * block size, but not a multiple of block size
438 */
439 ret = qcrypto_cipher_encrypt(cipher,
440 plaintext2,
441 ciphertext2,
442 sizeof(plaintext2),
443 &err);
444 g_assert(ret == -1);
445 g_assert(err != NULL);
446
447 error_free(err);
448 qcrypto_cipher_free(cipher);
449 }
450
451 int main(int argc, char **argv)
452 {
453 size_t i;
454
455 g_test_init(&argc, &argv, NULL);
456
457 g_assert(qcrypto_init(NULL) == 0);
458
459 for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
460 if (qcrypto_cipher_supports(test_data[i].alg)) {
461 g_test_add_data_func(test_data[i].path, &test_data[i], test_cipher);
462 }
463 }
464
465 g_test_add_func("/crypto/cipher/null-iv",
466 test_cipher_null_iv);
467
468 g_test_add_func("/crypto/cipher/short-plaintext",
469 test_cipher_short_plaintext);
470
471 return g_test_run();
472 }
Ray Wang's QEMU Repository