From 9dd346c90d4db6d5db23c143fcbb95c6a7fd05e1 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 8 Feb 2011 18:15:59 +0000 Subject: [PATCH] Experimental incomplete AES GCM algorithm test program. --- fips/aes/Makefile | 2 +- fips/aes/fips_gcmtest.c | 228 ++++++++++++++++++++++++++++++++++++++++ fips/fips_utl.h | 5 + test/Makefile | 11 +- 4 files changed, 242 insertions(+), 4 deletions(-) create mode 100644 fips/aes/fips_gcmtest.c diff --git a/fips/aes/Makefile b/fips/aes/Makefile index 7b8b3a26de..2d53e3dfb4 100644 --- a/fips/aes/Makefile +++ b/fips/aes/Makefile @@ -21,7 +21,7 @@ AFLAGS= $(ASFLAGS) CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile -TEST=fips_aesavs.c +TEST=fips_aesavs.c fips_gcmtest.c APPS= LIB=$(TOP)/libcrypto.a diff --git a/fips/aes/fips_gcmtest.c b/fips/aes/fips_gcmtest.c new file mode 100644 index 0000000000..9a10e18d7a --- /dev/null +++ b/fips/aes/fips_gcmtest.c @@ -0,0 +1,228 @@ +/* fips/aes/fips_gcmtest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + + +#define OPENSSL_FIPSAPI +#include + +#ifndef OPENSSL_FIPS +#include + +int main(int argc, char **argv) +{ + printf("No FIPS GCM support\n"); + return(0); +} +#else + +#include +#include +#include +#include +#include +#include +#include + +#include "fips_utl.h" + +static void gcmtest(int encrypt) + { + char buf[2048]; + char lbuf[2048]; + char *keyword, *value; + int keylen = -1, ivlen = -1, aadlen = -1, taglen = -1, ptlen = -1; + int rv; + long l; + unsigned char *key = NULL, *iv = NULL, *aad = NULL, *tag = NULL; + unsigned char *ct = NULL, *pt = NULL; + EVP_CIPHER_CTX ctx; + const EVP_CIPHER *gcm; + EVP_CIPHER_CTX_init(&ctx); + + while(fgets(buf,sizeof buf,stdin) != NULL) + { + fputs(buf,stdout); + if (!parse_line(&keyword, &value, lbuf, buf)) + continue; + if(!strcmp(keyword,"[Keylen")) + { + keylen = atoi(value); + if (keylen == 128) + gcm = EVP_aes_128_gcm(); + else if (keylen == 192) + gcm = EVP_aes_192_gcm(); + else if (keylen == 256) + gcm = EVP_aes_256_gcm(); + else + { + fprintf(stderr, "Unsupported keylen %d\n", + keylen); + } + keylen >>= 3; + } + else if (!strcmp(keyword, "[IVlen")) + ivlen = atoi(value) >> 3; + else if (!strcmp(keyword, "[AADlen")) + aadlen = atoi(value) >> 3; + else if (!strcmp(keyword, "[Taglen")) + taglen = atoi(value) >> 3; + else if (!strcmp(keyword, "[PTlen")) + ptlen = atoi(value) >> 3; + else if(!strcmp(keyword,"Key")) + { + key = hex2bin_m(value, &l); + if (l != keylen) + { + fprintf(stderr, "Inconsistent Key length\n"); + exit(1); + } + } + else if(!strcmp(keyword,"IV")) + { + iv = hex2bin_m(value, &l); + if (l != ivlen) + { + fprintf(stderr, "Inconsistent IV length\n"); + exit(1); + } + } + else if(!strcmp(keyword,"CT")) + { + ct = hex2bin_m(value, &l); + if (l != ptlen) + { + fprintf(stderr, "Inconsistent CT length\n"); + exit(1); + } + } + else if(!strcmp(keyword,"AAD")) + { + aad = hex2bin_m(value, &l); + if (l != aadlen) + { + fprintf(stderr, "Inconsistent AAD length\n"); + exit(1); + } + } + else if(!strcmp(keyword,"Tag")) + { + tag = hex2bin_m(value, &l); + if (l != taglen) + { + fprintf(stderr, "Inconsistent Tag length\n"); + exit(1); + } + if (encrypt) + { + fprintf(stderr, "Parse Error for Encrypt\n"); + exit(1); + } + EVP_CipherInit_ex(&ctx, gcm, NULL, NULL, NULL, 0); + EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0); + EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, 0); + EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag); + if (aadlen) + EVP_Cipher(&ctx, NULL, aad, aadlen); + if (ptlen) + { + pt = OPENSSL_malloc(ptlen); + rv = EVP_Cipher(&ctx, pt, ct, ptlen); + } + rv = EVP_Cipher(&ctx, NULL, NULL, 0); + if (rv < 0) + printf("FAIL\n"); + else + OutputValue("PT", pt, ptlen, stdout, 0); + if (iv) + OPENSSL_free(iv); + if (aad) + OPENSSL_free(aad); + if (ct) + OPENSSL_free(ct); + if (pt) + OPENSSL_free(pt); + if (key) + OPENSSL_free(key); + if (tag) + OPENSSL_free(tag); + } + } + } + +int main(int argc,char **argv) + { + int encrypt; + if(argc != 2) + { + fprintf(stderr,"%s [-encrypt|-decrypt]\n",argv[0]); + exit(1); + } + fips_set_error_print(); + if(!FIPS_mode_set(1)) + exit(1); + if(!strcmp(argv[1],"-encrypt")) + encrypt = 1; + else if(!strcmp(argv[1],"-decrypt")) + encrypt = 0; + else + { + fprintf(stderr,"Don't know how to %s.\n",argv[1]); + exit(1); + } + + gcmtest(encrypt); + + return 0; +} + +#endif diff --git a/fips/fips_utl.h b/fips/fips_utl.h index eccc8ddf44..7ead612478 100644 --- a/fips/fips_utl.h +++ b/fips/fips_utl.h @@ -134,6 +134,11 @@ int hex2bin(const char *in, unsigned char *out) unsigned char *hex2bin_m(const char *in, long *plen) { unsigned char *p; + if (strlen(in) == 0) + { + *plen = 0; + return OPENSSL_malloc(1); + } p = OPENSSL_malloc((strlen(in) + 1)/2); *plen = hex2bin(in, p); return p; diff --git a/test/Makefile b/test/Makefile index 98acae28cb..4cbbf72895 100644 --- a/test/Makefile +++ b/test/Makefile @@ -66,6 +66,7 @@ FIPS_SHATEST= fips_shatest FIPS_DESTEST= fips_desmovs FIPS_RANDTEST= fips_randtest FIPS_AESTEST= fips_aesavs +FIPS_GCMTEST= fips_gcmtest FIPS_HMACTEST= fips_hmactest FIPS_RSAVTEST= fips_rsavtest FIPS_RSASTEST= fips_rsastest @@ -90,7 +91,8 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) $(FIPS_HMACTEST)$(EXE_EXT) $(FIPS_RSAVTEST)$(EXE_EXT) \ $(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT) \ $(FIPS_DSSVS)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) \ - $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) + $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) \ + $(FIPS_GCMTEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -104,7 +106,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ $(FIPS_SHATEST).o $(FIPS_DESTEST).o $(FIPS_RANDTEST).o \ $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \ - $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o \ + $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o $(FIPS_GCMTEST).o \ $(FIPS_DSSVS).o $(FIPS_DSATEST).o $(FIPS_RNGVS).o $(FIPS_TEST_SUITE).o \ $(EVPTEST).o $(IGETEST).o $(JPAKETEST).o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ @@ -116,7 +118,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ $(FIPS_SHATEST).c $(FIPS_DESTEST).c $(FIPS_RANDTEST).c \ $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \ - $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c \ + $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c $(FIPS_GCMTEST).c \ $(FIPS_DSSVS).c $(FIPS_DSATEST).c $(FIPS_RNGVS).c $(FIPS_TEST_SUITE).c \ $(EVPTEST).c $(IGETEST).c $(JPAKETEST).c @@ -434,6 +436,9 @@ $(FIPS_SHATEST)$(EXE_EXT): $(FIPS_SHATEST).o $(DLIBCRYPTO) $(FIPS_AESTEST)$(EXE_EXT): $(FIPS_AESTEST).o $(DLIBCRYPTO) @target=$(FIPS_AESTEST); $(FIPS_BUILD_CMD) +$(FIPS_GCMTEST)$(EXE_EXT): $(FIPS_GCMTEST).o $(DLIBCRYPTO) + @target=$(FIPS_GCMTEST); $(FIPS_BUILD_CMD) + $(FIPS_DESTEST)$(EXE_EXT): $(FIPS_DESTEST).o $(DLIBCRYPTO) @target=$(FIPS_DESTEST); $(FIPS_BUILD_CMD) -- GitLab