1 /* 2 * QEMU Crypto cipher algorithms 3 * 4 * Copyright (c) 2015 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #include "qemu/osdep.h" 22 23 #include "crypto/init.h" 24 #include "crypto/cipher.h" 25 #include "qapi/error.h" 26 27 typedef struct QCryptoCipherTestData QCryptoCipherTestData; 28 struct QCryptoCipherTestData { 29 const char *path; 30 QCryptoCipherAlgorithm alg; 31 QCryptoCipherMode mode; 32 const char *key; 33 const char *plaintext; 34 const char *ciphertext; 35 const char *iv; 36 }; 37 38 /* AES test data comes from appendix F of: 39 * 40 * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf 41 */ 42 static QCryptoCipherTestData test_data[] = { 43 { 44 /* NIST F.1.1 ECB-AES128.Encrypt */ 45 .path = "/crypto/cipher/aes-ecb-128", 46 .alg = QCRYPTO_CIPHER_ALG_AES_128, 47 .mode = QCRYPTO_CIPHER_MODE_ECB, 48 .key = "2b7e151628aed2a6abf7158809cf4f3c", 49 .plaintext = 50 "6bc1bee22e409f96e93d7e117393172a" 51 "ae2d8a571e03ac9c9eb76fac45af8e51" 52 "30c81c46a35ce411e5fbc1191a0a52ef" 53 "f69f2445df4f9b17ad2b417be66c3710", 54 .ciphertext = 55 "3ad77bb40d7a3660a89ecaf32466ef97" 56 "f5d3d58503b9699de785895a96fdbaaf" 57 "43b1cd7f598ece23881b00e3ed030688" 58 "7b0c785e27e8ad3f8223207104725dd4" 59 }, 60 { 61 /* NIST F.1.3 ECB-AES192.Encrypt */ 62 .path = "/crypto/cipher/aes-ecb-192", 63 .alg = QCRYPTO_CIPHER_ALG_AES_192, 64 .mode = QCRYPTO_CIPHER_MODE_ECB, 65 .key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", 66 .plaintext = 67 "6bc1bee22e409f96e93d7e117393172a" 68 "ae2d8a571e03ac9c9eb76fac45af8e51" 69 "30c81c46a35ce411e5fbc1191a0a52ef" 70 "f69f2445df4f9b17ad2b417be66c3710", 71 .ciphertext = 72 "bd334f1d6e45f25ff712a214571fa5cc" 73 "974104846d0ad3ad7734ecb3ecee4eef" 74 "ef7afd2270e2e60adce0ba2face6444e" 75 "9a4b41ba738d6c72fb16691603c18e0e" 76 }, 77 { 78 /* NIST F.1.5 ECB-AES256.Encrypt */ 79 .path = "/crypto/cipher/aes-ecb-256", 80 .alg = QCRYPTO_CIPHER_ALG_AES_256, 81 .mode = QCRYPTO_CIPHER_MODE_ECB, 82 .key = 83 "603deb1015ca71be2b73aef0857d7781" 84 "1f352c073b6108d72d9810a30914dff4", 85 .plaintext = 86 "6bc1bee22e409f96e93d7e117393172a" 87 "ae2d8a571e03ac9c9eb76fac45af8e51" 88 "30c81c46a35ce411e5fbc1191a0a52ef" 89 "f69f2445df4f9b17ad2b417be66c3710", 90 .ciphertext = 91 "f3eed1bdb5d2a03c064b5a7e3db181f8" 92 "591ccb10d410ed26dc5ba74a31362870" 93 "b6ed21b99ca6f4f9f153e7b1beafed1d" 94 "23304b7a39f9f3ff067d8d8f9e24ecc7", 95 }, 96 { 97 /* NIST F.2.1 CBC-AES128.Encrypt */ 98 .path = "/crypto/cipher/aes-cbc-128", 99 .alg = QCRYPTO_CIPHER_ALG_AES_128, 100 .mode = QCRYPTO_CIPHER_MODE_CBC, 101 .key = "2b7e151628aed2a6abf7158809cf4f3c", 102 .iv = "000102030405060708090a0b0c0d0e0f", 103 .plaintext = 104 "6bc1bee22e409f96e93d7e117393172a" 105 "ae2d8a571e03ac9c9eb76fac45af8e51" 106 "30c81c46a35ce411e5fbc1191a0a52ef" 107 "f69f2445df4f9b17ad2b417be66c3710", 108 .ciphertext = 109 "7649abac8119b246cee98e9b12e9197d" 110 "5086cb9b507219ee95db113a917678b2" 111 "73bed6b8e3c1743b7116e69e22229516" 112 "3ff1caa1681fac09120eca307586e1a7", 113 }, 114 { 115 /* NIST F.2.3 CBC-AES128.Encrypt */ 116 .path = "/crypto/cipher/aes-cbc-192", 117 .alg = QCRYPTO_CIPHER_ALG_AES_192, 118 .mode = QCRYPTO_CIPHER_MODE_CBC, 119 .key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", 120 .iv = "000102030405060708090a0b0c0d0e0f", 121 .plaintext = 122 "6bc1bee22e409f96e93d7e117393172a" 123 "ae2d8a571e03ac9c9eb76fac45af8e51" 124 "30c81c46a35ce411e5fbc1191a0a52ef" 125 "f69f2445df4f9b17ad2b417be66c3710", 126 .ciphertext = 127 "4f021db243bc633d7178183a9fa071e8" 128 "b4d9ada9ad7dedf4e5e738763f69145a" 129 "571b242012fb7ae07fa9baac3df102e0" 130 "08b0e27988598881d920a9e64f5615cd", 131 }, 132 { 133 /* NIST F.2.5 CBC-AES128.Encrypt */ 134 .path = "/crypto/cipher/aes-cbc-256", 135 .alg = QCRYPTO_CIPHER_ALG_AES_256, 136 .mode = QCRYPTO_CIPHER_MODE_CBC, 137 .key = 138 "603deb1015ca71be2b73aef0857d7781" 139 "1f352c073b6108d72d9810a30914dff4", 140 .iv = "000102030405060708090a0b0c0d0e0f", 141 .plaintext = 142 "6bc1bee22e409f96e93d7e117393172a" 143 "ae2d8a571e03ac9c9eb76fac45af8e51" 144 "30c81c46a35ce411e5fbc1191a0a52ef" 145 "f69f2445df4f9b17ad2b417be66c3710", 146 .ciphertext = 147 "f58c4c04d6e5f1ba779eabfb5f7bfbd6" 148 "9cfc4e967edb808d679f777bc6702c7d" 149 "39f23369a9d9bacfa530e26304231461" 150 "b2eb05e2c39be9fcda6c19078c6a9d1b", 151 }, 152 { 153 .path = "/crypto/cipher/des-rfb-ecb-56", 154 .alg = QCRYPTO_CIPHER_ALG_DES_RFB, 155 .mode = QCRYPTO_CIPHER_MODE_ECB, 156 .key = "0123456789abcdef", 157 .plaintext = 158 "6bc1bee22e409f96e93d7e117393172a" 159 "ae2d8a571e03ac9c9eb76fac45af8e51" 160 "30c81c46a35ce411e5fbc1191a0a52ef" 161 "f69f2445df4f9b17ad2b417be66c3710", 162 .ciphertext = 163 "8f346aaf64eaf24040720d80648c52e7" 164 "aefc616be53ab1a3d301e69d91e01838" 165 "ffd29f1bb5596ad94ea2d8e6196b7f09" 166 "30d8ed0bf2773af36dd82a6280c20926", 167 }, 168 #if defined(CONFIG_NETTLE) || defined(CONFIG_GCRYPT) 169 { 170 /* Borrowed from linux-kernel crypto/testmgr.h */ 171 .path = "/crypto/cipher/3des-cbc", 172 .alg = QCRYPTO_CIPHER_ALG_3DES, 173 .mode = QCRYPTO_CIPHER_MODE_CBC, 174 .key = 175 "e9c0ff2e760b6424444d995a12d640c0" 176 "eac284e81495dbe8", 177 .iv = 178 "7d3388930f93b242", 179 .plaintext = 180 "6f54206f614d796e5320636565727374" 181 "54206f6f4d206e612079655372637465" 182 "20736f54206f614d796e532063656572" 183 "737454206f6f4d206e61207965537263" 184 "746520736f54206f614d796e53206365" 185 "6572737454206f6f4d206e6120796553" 186 "7263746520736f54206f614d796e5320" 187 "63656572737454206f6f4d206e610a79", 188 .ciphertext = 189 "0e2db6973c5633f4671721c76e8ad549" 190 "74b34905c51cd0ed12565c5396b6007d" 191 "9048fcf58d2939cc8ad5351836234ed7" 192 "76d1da0c9467bb048bf2036ca8cfb6ea" 193 "226447aa8f7513bf9fc2c3f0c956c57a" 194 "71632e897b1e12cae25fafd8a4f8c97a" 195 "d6f92131624445a6d6bc5ad32d5443cc" 196 "9ddea570e942458a6bfab19113b0d919", 197 }, 198 { 199 /* Borrowed from linux-kernel crypto/testmgr.h */ 200 .path = "/crypto/cipher/3des-ecb", 201 .alg = QCRYPTO_CIPHER_ALG_3DES, 202 .mode = QCRYPTO_CIPHER_MODE_ECB, 203 .key = 204 "0123456789abcdef5555555555555555" 205 "fedcba9876543210", 206 .plaintext = 207 "736f6d6564617461", 208 .ciphertext = 209 "18d748e563620572", 210 }, 211 { 212 /* Borrowed from linux-kernel crypto/testmgr.h */ 213 .path = "/crypto/cipher/3des-ctr", 214 .alg = QCRYPTO_CIPHER_ALG_3DES, 215 .mode = QCRYPTO_CIPHER_MODE_CTR, 216 .key = 217 "9cd6f39cb95a67005a67002dceeb2dce" 218 "ebb45172b451721f", 219 .iv = 220 "ffffffffffffffff", 221 .plaintext = 222 "05ec77fb42d559208b128669f05bcf56" 223 "39ad349f66ea7dc448d3ba0db118e34a" 224 "fe41285c278e11856cf75ec2553ca00b" 225 "9265e970db4fd6b900b41fe649fd442f" 226 "533a8d149863ca5dc1a833a70e9178ec" 227 "77de42d5bc078b12e54cf05b22563980" 228 "6b9f66c950c4af36ba0d947fe34add41" 229 "28b31a8e11f843f75e21553c876e9265" 230 "cc57dba235b900eb72e649d0442fb619" 231 "8d14ff46ca5d24a8339a6d9178c377de" 232 "a108bc07ee71e54cd75b22b51c806bf2" 233 "45c9503baf369960947fc64adda40fb3" 234 "1aed74f8432a5e218813876ef158cc57" 235 "3ea2359c67eb72c549d0bb02b619e04b" 236 "ff46295d248f169a6df45fc3aa3da108" 237 "937aee71d84cd7be01b51ce74ef2452c" 238 "503b82159960cb52c6a930a40f9679ed" 239 "74df432abd048813fa4df15823573e81" 240 "689c67ce51c5ac37bb02957ce04bd246" 241 "29b01b8f16f940f45f26aa3d846f937a" 242 "cd54d8a30abe01e873e74ed1452cb71e" 243 "8215fc47cb5225a9309b629679c074df" 244 "a609bd04ef76fa4dd458238a1d8168f3" 245 "5ace5138ac379e61957cc74bd2a50cb0" 246 "1be275f9402b5f268910846ff659cd54" 247 "3fa30a9d64e873da4ed1b803b71ee148" 248 "fc472e52258c179b62f55cc0ab32a609" 249 "907bef76d94dd4bf068a1de44ff35a2d" 250 "5138836a9e61c853c7ae31a50c977ee2" 251 "75dc402bb2058910fb42f65920543f86" 252 "699d64cf56daad34b803ea7de148d347", 253 .ciphertext = 254 "07c20820721f49ef19cd6f3253052215" 255 "a2852bdb85d2d8b9dd0d1b45cb6911d4" 256 "eabeb2455d0caebea0c127ac659f537e" 257 "afc21bb5b86d360c25c0f86d0b2901da" 258 "1378dc89121243faf612ef8d87627883" 259 "e2be41204c6d351bd10c30cfe2de2b03" 260 "bf4573d4e55995d1b39b276297bdde7f" 261 "a4d23980aa5023f074883da86a18793b" 262 "c4966c8d2240926ed6ad2a1fde63c0e7" 263 "07f72df7b5f3f0cc017c2a9bc210caaa" 264 "fd2b3fc5f3f6fc9b45db53e45bf3c97b" 265 "8e52ffc802b8ac9da10039da3d2d0e01" 266 "097d8d5ebe53b9b08ee7e2966ab278ea" 267 "de238ba5fa5ce3dabf8e316a55d16ab2" 268 "b5466fa5f0eeba1f9f98b0664fd03fa9" 269 "df5f58c4f4ff755c403a097e6e1c97d4" 270 "cce7e771cf0b150871fa0797cde6ca1d" 271 "14280ccf99137af1ebfafa9207de1da1" 272 "d33669fe514d9f2e83374f1f4830ed04" 273 "4da4ef3aca76f41c418f6337782f86a6" 274 "ef417ed2af88ab675271c38ef8269372" 275 "aad60ee70b46b13ab408a9a8a0cf200c" 276 "52bc8b0556b2bc319b74b92929969a50" 277 "dc45dc1aeb0c64d4d3057e5955c3f490" 278 "c2abf89b8adacea1c3f4ad77dd44c8ac" 279 "a3f1c9d2195cb0caa234c1f76cfdac65" 280 "32dc48c4f2006b77f17d76acc031632a" 281 "a53a62c891b10365cb43d106dfc367bc" 282 "dce0cd35ce4965a0527ba70d07a91bb0" 283 "407772c2ea0e3a7846b991b6e73d5142" 284 "fd51b0c62c6313785ceefccfc4700034", 285 }, 286 #endif 287 { 288 /* RFC 2144, Appendix B.1 */ 289 .path = "/crypto/cipher/cast5-128", 290 .alg = QCRYPTO_CIPHER_ALG_CAST5_128, 291 .mode = QCRYPTO_CIPHER_MODE_ECB, 292 .key = "0123456712345678234567893456789A", 293 .plaintext = "0123456789abcdef", 294 .ciphertext = "238b4fe5847e44b2", 295 }, 296 { 297 /* libgcrypt serpent.c */ 298 .path = "/crypto/cipher/serpent-128", 299 .alg = QCRYPTO_CIPHER_ALG_SERPENT_128, 300 .mode = QCRYPTO_CIPHER_MODE_ECB, 301 .key = "00000000000000000000000000000000", 302 .plaintext = "d29d576fcea3a3a7ed9099f29273d78e", 303 .ciphertext = "b2288b968ae8b08648d1ce9606fd992d", 304 }, 305 { 306 /* libgcrypt serpent.c */ 307 .path = "/crypto/cipher/serpent-192", 308 .alg = QCRYPTO_CIPHER_ALG_SERPENT_192, 309 .mode = QCRYPTO_CIPHER_MODE_ECB, 310 .key = "00000000000000000000000000000000" 311 "0000000000000000", 312 .plaintext = "d29d576fceaba3a7ed9899f2927bd78e", 313 .ciphertext = "130e353e1037c22405e8faefb2c3c3e9", 314 }, 315 { 316 /* libgcrypt serpent.c */ 317 .path = "/crypto/cipher/serpent-256a", 318 .alg = QCRYPTO_CIPHER_ALG_SERPENT_256, 319 .mode = QCRYPTO_CIPHER_MODE_ECB, 320 .key = "00000000000000000000000000000000" 321 "00000000000000000000000000000000", 322 .plaintext = "d095576fcea3e3a7ed98d9f29073d78e", 323 .ciphertext = "b90ee5862de69168f2bdd5125b45472b", 324 }, 325 { 326 /* libgcrypt serpent.c */ 327 .path = "/crypto/cipher/serpent-256b", 328 .alg = QCRYPTO_CIPHER_ALG_SERPENT_256, 329 .mode = QCRYPTO_CIPHER_MODE_ECB, 330 .key = "00000000000000000000000000000000" 331 "00000000000000000000000000000000", 332 .plaintext = "00000000010000000200000003000000", 333 .ciphertext = "2061a42782bd52ec691ec383b03ba77c", 334 }, 335 { 336 /* Twofish paper "Known Answer Test" */ 337 .path = "/crypto/cipher/twofish-128", 338 .alg = QCRYPTO_CIPHER_ALG_TWOFISH_128, 339 .mode = QCRYPTO_CIPHER_MODE_ECB, 340 .key = "d491db16e7b1c39e86cb086b789f5419", 341 .plaintext = "019f9809de1711858faac3a3ba20fbc3", 342 .ciphertext = "6363977de839486297e661c6c9d668eb", 343 }, 344 { 345 /* Twofish paper "Known Answer Test", I=3 */ 346 .path = "/crypto/cipher/twofish-192", 347 .alg = QCRYPTO_CIPHER_ALG_TWOFISH_192, 348 .mode = QCRYPTO_CIPHER_MODE_ECB, 349 .key = "88b2b2706b105e36b446bb6d731a1e88" 350 "efa71f788965bd44", 351 .plaintext = "39da69d6ba4997d585b6dc073ca341b2", 352 .ciphertext = "182b02d81497ea45f9daacdc29193a65", 353 }, 354 { 355 /* Twofish paper "Known Answer Test", I=4 */ 356 .path = "/crypto/cipher/twofish-256", 357 .alg = QCRYPTO_CIPHER_ALG_TWOFISH_256, 358 .mode = QCRYPTO_CIPHER_MODE_ECB, 359 .key = "d43bb7556ea32e46f2a282b7d45b4e0d" 360 "57ff739d4dc92c1bd7fc01700cc8216f", 361 .plaintext = "90afe91bb288544f2c32dc239b2635e6", 362 .ciphertext = "6cb4561c40bf0a9705931cb6d408e7fa", 363 }, 364 { 365 /* #1 32 byte key, 32 byte PTX */ 366 .path = "/crypto/cipher/aes-xts-128-1", 367 .alg = QCRYPTO_CIPHER_ALG_AES_128, 368 .mode = QCRYPTO_CIPHER_MODE_XTS, 369 .key = 370 "00000000000000000000000000000000" 371 "00000000000000000000000000000000", 372 .iv = 373 "00000000000000000000000000000000", 374 .plaintext = 375 "00000000000000000000000000000000" 376 "00000000000000000000000000000000", 377 .ciphertext = 378 "917cf69ebd68b2ec9b9fe9a3eadda692" 379 "cd43d2f59598ed858c02c2652fbf922e", 380 }, 381 { 382 /* #2, 32 byte key, 32 byte PTX */ 383 .path = "/crypto/cipher/aes-xts-128-2", 384 .alg = QCRYPTO_CIPHER_ALG_AES_128, 385 .mode = QCRYPTO_CIPHER_MODE_XTS, 386 .key = 387 "11111111111111111111111111111111" 388 "22222222222222222222222222222222", 389 .iv = 390 "33333333330000000000000000000000", 391 .plaintext = 392 "44444444444444444444444444444444" 393 "44444444444444444444444444444444", 394 .ciphertext = 395 "c454185e6a16936e39334038acef838b" 396 "fb186fff7480adc4289382ecd6d394f0", 397 }, 398 { 399 /* #5 from xts.7, 32 byte key, 32 byte PTX */ 400 .path = "/crypto/cipher/aes-xts-128-3", 401 .alg = QCRYPTO_CIPHER_ALG_AES_128, 402 .mode = QCRYPTO_CIPHER_MODE_XTS, 403 .key = 404 "fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0" 405 "bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0", 406 .iv = 407 "9a785634120000000000000000000000", 408 .plaintext = 409 "44444444444444444444444444444444" 410 "44444444444444444444444444444444", 411 .ciphertext = 412 "b01f86f8edc1863706fa8a4253e34f28" 413 "af319de38334870f4dd1f94cbe9832f1", 414 }, 415 { 416 /* #4, 32 byte key, 512 byte PTX */ 417 .path = "/crypto/cipher/aes-xts-128-4", 418 .alg = QCRYPTO_CIPHER_ALG_AES_128, 419 .mode = QCRYPTO_CIPHER_MODE_XTS, 420 .key = 421 "27182818284590452353602874713526" 422 "31415926535897932384626433832795", 423 .iv = 424 "00000000000000000000000000000000", 425 .plaintext = 426 "000102030405060708090a0b0c0d0e0f" 427 "101112131415161718191a1b1c1d1e1f" 428 "202122232425262728292a2b2c2d2e2f" 429 "303132333435363738393a3b3c3d3e3f" 430 "404142434445464748494a4b4c4d4e4f" 431 "505152535455565758595a5b5c5d5e5f" 432 "606162636465666768696a6b6c6d6e6f" 433 "707172737475767778797a7b7c7d7e7f" 434 "808182838485868788898a8b8c8d8e8f" 435 "909192939495969798999a9b9c9d9e9f" 436 "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf" 437 "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf" 438 "c0c1c2c3c4c5c6c7c8c9cacbcccdcecf" 439 "d0d1d2d3d4d5d6d7d8d9dadbdcdddedf" 440 "e0e1e2e3e4e5e6e7e8e9eaebecedeeef" 441 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff" 442 "000102030405060708090a0b0c0d0e0f" 443 "101112131415161718191a1b1c1d1e1f" 444 "202122232425262728292a2b2c2d2e2f" 445 "303132333435363738393a3b3c3d3e3f" 446 "404142434445464748494a4b4c4d4e4f" 447 "505152535455565758595a5b5c5d5e5f" 448 "606162636465666768696a6b6c6d6e6f" 449 "707172737475767778797a7b7c7d7e7f" 450 "808182838485868788898a8b8c8d8e8f" 451 "909192939495969798999a9b9c9d9e9f" 452 "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf" 453 "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf" 454 "c0c1c2c3c4c5c6c7c8c9cacbcccdcecf" 455 "d0d1d2d3d4d5d6d7d8d9dadbdcdddedf" 456 "e0e1e2e3e4e5e6e7e8e9eaebecedeeef" 457 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", 458 .ciphertext = 459 "27a7479befa1d476489f308cd4cfa6e2" 460 "a96e4bbe3208ff25287dd3819616e89c" 461 "c78cf7f5e543445f8333d8fa7f560000" 462 "05279fa5d8b5e4ad40e736ddb4d35412" 463 "328063fd2aab53e5ea1e0a9f332500a5" 464 "df9487d07a5c92cc512c8866c7e860ce" 465 "93fdf166a24912b422976146ae20ce84" 466 "6bb7dc9ba94a767aaef20c0d61ad0265" 467 "5ea92dc4c4e41a8952c651d33174be51" 468 "a10c421110e6d81588ede82103a252d8" 469 "a750e8768defffed9122810aaeb99f91" 470 "72af82b604dc4b8e51bcb08235a6f434" 471 "1332e4ca60482a4ba1a03b3e65008fc5" 472 "da76b70bf1690db4eae29c5f1badd03c" 473 "5ccf2a55d705ddcd86d449511ceb7ec3" 474 "0bf12b1fa35b913f9f747a8afd1b130e" 475 "94bff94effd01a91735ca1726acd0b19" 476 "7c4e5b03393697e126826fb6bbde8ecc" 477 "1e08298516e2c9ed03ff3c1b7860f6de" 478 "76d4cecd94c8119855ef5297ca67e9f3" 479 "e7ff72b1e99785ca0a7e7720c5b36dc6" 480 "d72cac9574c8cbbc2f801e23e56fd344" 481 "b07f22154beba0f08ce8891e643ed995" 482 "c94d9a69c9f1b5f499027a78572aeebd" 483 "74d20cc39881c213ee770b1010e4bea7" 484 "18846977ae119f7a023ab58cca0ad752" 485 "afe656bb3c17256a9f6e9bf19fdd5a38" 486 "fc82bbe872c5539edb609ef4f79c203e" 487 "bb140f2e583cb2ad15b4aa5b655016a8" 488 "449277dbd477ef2c8d6c017db738b18d" 489 "eb4a427d1923ce3ff262735779a418f2" 490 "0a282df920147beabe421ee5319d0568", 491 }, 492 { 493 /* Bad config - cast5-128 has 8 byte block size 494 * which is incompatible with XTS 495 */ 496 .path = "/crypto/cipher/cast5-xts-128", 497 .alg = QCRYPTO_CIPHER_ALG_CAST5_128, 498 .mode = QCRYPTO_CIPHER_MODE_XTS, 499 .key = 500 "27182818284590452353602874713526" 501 "31415926535897932384626433832795", 502 }, 503 { 504 /* NIST F.5.1 CTR-AES128.Encrypt */ 505 .path = "/crypto/cipher/aes-ctr-128", 506 .alg = QCRYPTO_CIPHER_ALG_AES_128, 507 .mode = QCRYPTO_CIPHER_MODE_CTR, 508 .key = "2b7e151628aed2a6abf7158809cf4f3c", 509 .iv = "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", 510 .plaintext = 511 "6bc1bee22e409f96e93d7e117393172a" 512 "ae2d8a571e03ac9c9eb76fac45af8e51" 513 "30c81c46a35ce411e5fbc1191a0a52ef" 514 "f69f2445df4f9b17ad2b417be66c3710", 515 .ciphertext = 516 "874d6191b620e3261bef6864990db6ce" 517 "9806f66b7970fdff8617187bb9fffdff" 518 "5ae4df3edbd5d35e5b4f09020db03eab" 519 "1e031dda2fbe03d1792170a0f3009cee", 520 }, 521 { 522 /* NIST F.5.3 CTR-AES192.Encrypt */ 523 .path = "/crypto/cipher/aes-ctr-192", 524 .alg = QCRYPTO_CIPHER_ALG_AES_192, 525 .mode = QCRYPTO_CIPHER_MODE_CTR, 526 .key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", 527 .iv = "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", 528 .plaintext = 529 "6bc1bee22e409f96e93d7e117393172a" 530 "ae2d8a571e03ac9c9eb76fac45af8e51" 531 "30c81c46a35ce411e5fbc1191a0a52ef" 532 "f69f2445df4f9b17ad2b417be66c3710", 533 .ciphertext = 534 "1abc932417521ca24f2b0459fe7e6e0b" 535 "090339ec0aa6faefd5ccc2c6f4ce8e94" 536 "1e36b26bd1ebc670d1bd1d665620abf7" 537 "4f78a7f6d29809585a97daec58c6b050", 538 }, 539 { 540 /* NIST F.5.5 CTR-AES256.Encrypt */ 541 .path = "/crypto/cipher/aes-ctr-256", 542 .alg = QCRYPTO_CIPHER_ALG_AES_256, 543 .mode = QCRYPTO_CIPHER_MODE_CTR, 544 .key = "603deb1015ca71be2b73aef0857d7781" 545 "1f352c073b6108d72d9810a30914dff4", 546 .iv = "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", 547 .plaintext = 548 "6bc1bee22e409f96e93d7e117393172a" 549 "ae2d8a571e03ac9c9eb76fac45af8e51" 550 "30c81c46a35ce411e5fbc1191a0a52ef" 551 "f69f2445df4f9b17ad2b417be66c3710", 552 .ciphertext = 553 "601ec313775789a5b7a7f504bbf3d228" 554 "f443e3ca4d62b59aca84e990cacaf5c5" 555 "2b0930daa23de94ce87017ba2d84988d" 556 "dfc9c58db67aada613c2dd08457941a6", 557 } 558 }; 559 560 561 static inline int unhex(char c) 562 { 563 if (c >= 'a' && c <= 'f') { 564 return 10 + (c - 'a'); 565 } 566 if (c >= 'A' && c <= 'F') { 567 return 10 + (c - 'A'); 568 } 569 return c - '0'; 570 } 571 572 static inline char hex(int i) 573 { 574 if (i < 10) { 575 return '0' + i; 576 } 577 return 'a' + (i - 10); 578 } 579 580 static size_t unhex_string(const char *hexstr, 581 uint8_t **data) 582 { 583 size_t len; 584 size_t i; 585 586 if (!hexstr) { 587 *data = NULL; 588 return 0; 589 } 590 591 len = strlen(hexstr); 592 *data = g_new0(uint8_t, len / 2); 593 594 for (i = 0; i < len; i += 2) { 595 (*data)[i/2] = (unhex(hexstr[i]) << 4) | unhex(hexstr[i+1]); 596 } 597 return len / 2; 598 } 599 600 static char *hex_string(const uint8_t *bytes, 601 size_t len) 602 { 603 char *hexstr = g_new0(char, len * 2 + 1); 604 size_t i; 605 606 for (i = 0; i < len; i++) { 607 hexstr[i*2] = hex((bytes[i] >> 4) & 0xf); 608 hexstr[i*2+1] = hex(bytes[i] & 0xf); 609 } 610 hexstr[len*2] = '\0'; 611 612 return hexstr; 613 } 614 615 static void test_cipher(const void *opaque) 616 { 617 const QCryptoCipherTestData *data = opaque; 618 619 QCryptoCipher *cipher; 620 uint8_t *key, *iv = NULL, *ciphertext = NULL, 621 *plaintext = NULL, *outtext = NULL; 622 size_t nkey, niv = 0, nciphertext = 0, nplaintext = 0; 623 char *outtexthex = NULL; 624 size_t ivsize, keysize, blocksize; 625 Error *err = NULL; 626 627 nkey = unhex_string(data->key, &key); 628 if (data->iv) { 629 niv = unhex_string(data->iv, &iv); 630 } 631 if (data->ciphertext) { 632 nciphertext = unhex_string(data->ciphertext, &ciphertext); 633 } 634 if (data->plaintext) { 635 nplaintext = unhex_string(data->plaintext, &plaintext); 636 } 637 638 g_assert(nciphertext == nplaintext); 639 640 outtext = g_new0(uint8_t, nciphertext); 641 642 cipher = qcrypto_cipher_new( 643 data->alg, data->mode, 644 key, nkey, 645 &err); 646 if (data->plaintext) { 647 g_assert(err == NULL); 648 g_assert(cipher != NULL); 649 } else { 650 error_free_or_abort(&err); 651 g_assert(cipher == NULL); 652 goto cleanup; 653 } 654 655 keysize = qcrypto_cipher_get_key_len(data->alg); 656 blocksize = qcrypto_cipher_get_block_len(data->alg); 657 ivsize = qcrypto_cipher_get_iv_len(data->alg, data->mode); 658 659 if (data->mode == QCRYPTO_CIPHER_MODE_XTS) { 660 g_assert_cmpint(keysize * 2, ==, nkey); 661 } else { 662 g_assert_cmpint(keysize, ==, nkey); 663 } 664 g_assert_cmpint(ivsize, ==, niv); 665 if (niv) { 666 g_assert_cmpint(blocksize, ==, niv); 667 } 668 669 if (iv) { 670 g_assert(qcrypto_cipher_setiv(cipher, 671 iv, niv, 672 &error_abort) == 0); 673 } 674 g_assert(qcrypto_cipher_encrypt(cipher, 675 plaintext, 676 outtext, 677 nplaintext, 678 &error_abort) == 0); 679 680 outtexthex = hex_string(outtext, nciphertext); 681 682 g_assert_cmpstr(outtexthex, ==, data->ciphertext); 683 684 g_free(outtexthex); 685 686 if (iv) { 687 g_assert(qcrypto_cipher_setiv(cipher, 688 iv, niv, 689 &error_abort) == 0); 690 } 691 g_assert(qcrypto_cipher_decrypt(cipher, 692 ciphertext, 693 outtext, 694 nplaintext, 695 &error_abort) == 0); 696 697 outtexthex = hex_string(outtext, nplaintext); 698 699 g_assert_cmpstr(outtexthex, ==, data->plaintext); 700 701 cleanup: 702 g_free(outtext); 703 g_free(outtexthex); 704 g_free(key); 705 g_free(iv); 706 g_free(ciphertext); 707 g_free(plaintext); 708 qcrypto_cipher_free(cipher); 709 } 710 711 712 static void test_cipher_null_iv(void) 713 { 714 QCryptoCipher *cipher; 715 uint8_t key[32] = { 0 }; 716 uint8_t plaintext[32] = { 0 }; 717 uint8_t ciphertext[32] = { 0 }; 718 719 cipher = qcrypto_cipher_new( 720 QCRYPTO_CIPHER_ALG_AES_256, 721 QCRYPTO_CIPHER_MODE_CBC, 722 key, sizeof(key), 723 &error_abort); 724 g_assert(cipher != NULL); 725 726 /* Don't call qcrypto_cipher_setiv */ 727 728 qcrypto_cipher_encrypt(cipher, 729 plaintext, 730 ciphertext, 731 sizeof(plaintext), 732 &error_abort); 733 734 qcrypto_cipher_free(cipher); 735 } 736 737 static void test_cipher_short_plaintext(void) 738 { 739 Error *err = NULL; 740 QCryptoCipher *cipher; 741 uint8_t key[32] = { 0 }; 742 uint8_t plaintext1[20] = { 0 }; 743 uint8_t ciphertext1[20] = { 0 }; 744 uint8_t plaintext2[40] = { 0 }; 745 uint8_t ciphertext2[40] = { 0 }; 746 int ret; 747 748 cipher = qcrypto_cipher_new( 749 QCRYPTO_CIPHER_ALG_AES_256, 750 QCRYPTO_CIPHER_MODE_CBC, 751 key, sizeof(key), 752 &error_abort); 753 g_assert(cipher != NULL); 754 755 /* Should report an error as plaintext is shorter 756 * than block size 757 */ 758 ret = qcrypto_cipher_encrypt(cipher, 759 plaintext1, 760 ciphertext1, 761 sizeof(plaintext1), 762 &err); 763 g_assert(ret == -1); 764 error_free_or_abort(&err); 765 766 /* Should report an error as plaintext is larger than 767 * block size, but not a multiple of block size 768 */ 769 ret = qcrypto_cipher_encrypt(cipher, 770 plaintext2, 771 ciphertext2, 772 sizeof(plaintext2), 773 &err); 774 g_assert(ret == -1); 775 error_free_or_abort(&err); 776 777 qcrypto_cipher_free(cipher); 778 } 779 780 int main(int argc, char **argv) 781 { 782 size_t i; 783 784 g_test_init(&argc, &argv, NULL); 785 786 g_assert(qcrypto_init(NULL) == 0); 787 788 for (i = 0; i < G_N_ELEMENTS(test_data); i++) { 789 if (qcrypto_cipher_supports(test_data[i].alg, test_data[i].mode)) { 790 g_test_add_data_func(test_data[i].path, &test_data[i], test_cipher); 791 } 792 } 793 794 g_test_add_func("/crypto/cipher/null-iv", 795 test_cipher_null_iv); 796 797 g_test_add_func("/crypto/cipher/short-plaintext", 798 test_cipher_short_plaintext); 799 800 return g_test_run(); 801 } 802