1 /* 2 * QEMU Crypto cipher algorithms 3 * 4 * Copyright (c) 2015 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #include "qemu/osdep.h" 22 23 #include "crypto/init.h" 24 #include "crypto/cipher.h" 25 #include "qapi/error.h" 26 27 typedef struct QCryptoCipherTestData QCryptoCipherTestData; 28 struct QCryptoCipherTestData { 29 const char *path; 30 QCryptoCipherAlgorithm alg; 31 QCryptoCipherMode mode; 32 const char *key; 33 const char *plaintext; 34 const char *ciphertext; 35 const char *iv; 36 }; 37 38 /* AES test data comes from appendix F of: 39 * 40 * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf 41 */ 42 static QCryptoCipherTestData test_data[] = { 43 { 44 /* NIST F.1.1 ECB-AES128.Encrypt */ 45 .path = "/crypto/cipher/aes-ecb-128", 46 .alg = QCRYPTO_CIPHER_ALG_AES_128, 47 .mode = QCRYPTO_CIPHER_MODE_ECB, 48 .key = "2b7e151628aed2a6abf7158809cf4f3c", 49 .plaintext = 50 "6bc1bee22e409f96e93d7e117393172a" 51 "ae2d8a571e03ac9c9eb76fac45af8e51" 52 "30c81c46a35ce411e5fbc1191a0a52ef" 53 "f69f2445df4f9b17ad2b417be66c3710", 54 .ciphertext = 55 "3ad77bb40d7a3660a89ecaf32466ef97" 56 "f5d3d58503b9699de785895a96fdbaaf" 57 "43b1cd7f598ece23881b00e3ed030688" 58 "7b0c785e27e8ad3f8223207104725dd4" 59 }, 60 { 61 /* NIST F.1.3 ECB-AES192.Encrypt */ 62 .path = "/crypto/cipher/aes-ecb-192", 63 .alg = QCRYPTO_CIPHER_ALG_AES_192, 64 .mode = QCRYPTO_CIPHER_MODE_ECB, 65 .key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", 66 .plaintext = 67 "6bc1bee22e409f96e93d7e117393172a" 68 "ae2d8a571e03ac9c9eb76fac45af8e51" 69 "30c81c46a35ce411e5fbc1191a0a52ef" 70 "f69f2445df4f9b17ad2b417be66c3710", 71 .ciphertext = 72 "bd334f1d6e45f25ff712a214571fa5cc" 73 "974104846d0ad3ad7734ecb3ecee4eef" 74 "ef7afd2270e2e60adce0ba2face6444e" 75 "9a4b41ba738d6c72fb16691603c18e0e" 76 }, 77 { 78 /* NIST F.1.5 ECB-AES256.Encrypt */ 79 .path = "/crypto/cipher/aes-ecb-256", 80 .alg = QCRYPTO_CIPHER_ALG_AES_256, 81 .mode = QCRYPTO_CIPHER_MODE_ECB, 82 .key = 83 "603deb1015ca71be2b73aef0857d7781" 84 "1f352c073b6108d72d9810a30914dff4", 85 .plaintext = 86 "6bc1bee22e409f96e93d7e117393172a" 87 "ae2d8a571e03ac9c9eb76fac45af8e51" 88 "30c81c46a35ce411e5fbc1191a0a52ef" 89 "f69f2445df4f9b17ad2b417be66c3710", 90 .ciphertext = 91 "f3eed1bdb5d2a03c064b5a7e3db181f8" 92 "591ccb10d410ed26dc5ba74a31362870" 93 "b6ed21b99ca6f4f9f153e7b1beafed1d" 94 "23304b7a39f9f3ff067d8d8f9e24ecc7", 95 }, 96 { 97 /* NIST F.2.1 CBC-AES128.Encrypt */ 98 .path = "/crypto/cipher/aes-cbc-128", 99 .alg = QCRYPTO_CIPHER_ALG_AES_128, 100 .mode = QCRYPTO_CIPHER_MODE_CBC, 101 .key = "2b7e151628aed2a6abf7158809cf4f3c", 102 .iv = "000102030405060708090a0b0c0d0e0f", 103 .plaintext = 104 "6bc1bee22e409f96e93d7e117393172a" 105 "ae2d8a571e03ac9c9eb76fac45af8e51" 106 "30c81c46a35ce411e5fbc1191a0a52ef" 107 "f69f2445df4f9b17ad2b417be66c3710", 108 .ciphertext = 109 "7649abac8119b246cee98e9b12e9197d" 110 "5086cb9b507219ee95db113a917678b2" 111 "73bed6b8e3c1743b7116e69e22229516" 112 "3ff1caa1681fac09120eca307586e1a7", 113 }, 114 { 115 /* NIST F.2.3 CBC-AES128.Encrypt */ 116 .path = "/crypto/cipher/aes-cbc-192", 117 .alg = QCRYPTO_CIPHER_ALG_AES_192, 118 .mode = QCRYPTO_CIPHER_MODE_CBC, 119 .key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", 120 .iv = "000102030405060708090a0b0c0d0e0f", 121 .plaintext = 122 "6bc1bee22e409f96e93d7e117393172a" 123 "ae2d8a571e03ac9c9eb76fac45af8e51" 124 "30c81c46a35ce411e5fbc1191a0a52ef" 125 "f69f2445df4f9b17ad2b417be66c3710", 126 .ciphertext = 127 "4f021db243bc633d7178183a9fa071e8" 128 "b4d9ada9ad7dedf4e5e738763f69145a" 129 "571b242012fb7ae07fa9baac3df102e0" 130 "08b0e27988598881d920a9e64f5615cd", 131 }, 132 { 133 /* NIST F.2.5 CBC-AES128.Encrypt */ 134 .path = "/crypto/cipher/aes-cbc-256", 135 .alg = QCRYPTO_CIPHER_ALG_AES_256, 136 .mode = QCRYPTO_CIPHER_MODE_CBC, 137 .key = 138 "603deb1015ca71be2b73aef0857d7781" 139 "1f352c073b6108d72d9810a30914dff4", 140 .iv = "000102030405060708090a0b0c0d0e0f", 141 .plaintext = 142 "6bc1bee22e409f96e93d7e117393172a" 143 "ae2d8a571e03ac9c9eb76fac45af8e51" 144 "30c81c46a35ce411e5fbc1191a0a52ef" 145 "f69f2445df4f9b17ad2b417be66c3710", 146 .ciphertext = 147 "f58c4c04d6e5f1ba779eabfb5f7bfbd6" 148 "9cfc4e967edb808d679f777bc6702c7d" 149 "39f23369a9d9bacfa530e26304231461" 150 "b2eb05e2c39be9fcda6c19078c6a9d1b", 151 }, 152 { 153 /* 154 * Testing 'password' as plaintext fits 155 * in single AES block, and gives identical 156 * ciphertext in ECB and CBC modes 157 */ 158 .path = "/crypto/cipher/des-ecb-56-one-block", 159 .alg = QCRYPTO_CIPHER_ALG_DES, 160 .mode = QCRYPTO_CIPHER_MODE_ECB, 161 .key = "80c4a2e691d5b3f7", 162 .plaintext = "70617373776f7264", 163 .ciphertext = "73fa80b66134e403", 164 }, 165 { 166 /* See previous comment */ 167 .path = "/crypto/cipher/des-cbc-56-one-block", 168 .alg = QCRYPTO_CIPHER_ALG_DES, 169 .mode = QCRYPTO_CIPHER_MODE_CBC, 170 .key = "80c4a2e691d5b3f7", 171 .iv = "0000000000000000", 172 .plaintext = "70617373776f7264", 173 .ciphertext = "73fa80b66134e403", 174 }, 175 { 176 .path = "/crypto/cipher/des-ecb-56", 177 .alg = QCRYPTO_CIPHER_ALG_DES, 178 .mode = QCRYPTO_CIPHER_MODE_ECB, 179 .key = "80c4a2e691d5b3f7", 180 .plaintext = 181 "6bc1bee22e409f96e93d7e117393172a" 182 "ae2d8a571e03ac9c9eb76fac45af8e51" 183 "30c81c46a35ce411e5fbc1191a0a52ef" 184 "f69f2445df4f9b17ad2b417be66c3710", 185 .ciphertext = 186 "8f346aaf64eaf24040720d80648c52e7" 187 "aefc616be53ab1a3d301e69d91e01838" 188 "ffd29f1bb5596ad94ea2d8e6196b7f09" 189 "30d8ed0bf2773af36dd82a6280c20926", 190 }, 191 { 192 /* Borrowed from linux-kernel crypto/testmgr.h */ 193 .path = "/crypto/cipher/3des-cbc", 194 .alg = QCRYPTO_CIPHER_ALG_3DES, 195 .mode = QCRYPTO_CIPHER_MODE_CBC, 196 .key = 197 "e9c0ff2e760b6424444d995a12d640c0" 198 "eac284e81495dbe8", 199 .iv = 200 "7d3388930f93b242", 201 .plaintext = 202 "6f54206f614d796e5320636565727374" 203 "54206f6f4d206e612079655372637465" 204 "20736f54206f614d796e532063656572" 205 "737454206f6f4d206e61207965537263" 206 "746520736f54206f614d796e53206365" 207 "6572737454206f6f4d206e6120796553" 208 "7263746520736f54206f614d796e5320" 209 "63656572737454206f6f4d206e610a79", 210 .ciphertext = 211 "0e2db6973c5633f4671721c76e8ad549" 212 "74b34905c51cd0ed12565c5396b6007d" 213 "9048fcf58d2939cc8ad5351836234ed7" 214 "76d1da0c9467bb048bf2036ca8cfb6ea" 215 "226447aa8f7513bf9fc2c3f0c956c57a" 216 "71632e897b1e12cae25fafd8a4f8c97a" 217 "d6f92131624445a6d6bc5ad32d5443cc" 218 "9ddea570e942458a6bfab19113b0d919", 219 }, 220 { 221 /* Borrowed from linux-kernel crypto/testmgr.h */ 222 .path = "/crypto/cipher/3des-ecb", 223 .alg = QCRYPTO_CIPHER_ALG_3DES, 224 .mode = QCRYPTO_CIPHER_MODE_ECB, 225 .key = 226 "0123456789abcdef5555555555555555" 227 "fedcba9876543210", 228 .plaintext = 229 "736f6d6564617461", 230 .ciphertext = 231 "18d748e563620572", 232 }, 233 { 234 /* Borrowed from linux-kernel crypto/testmgr.h */ 235 .path = "/crypto/cipher/3des-ctr", 236 .alg = QCRYPTO_CIPHER_ALG_3DES, 237 .mode = QCRYPTO_CIPHER_MODE_CTR, 238 .key = 239 "9cd6f39cb95a67005a67002dceeb2dce" 240 "ebb45172b451721f", 241 .iv = 242 "ffffffffffffffff", 243 .plaintext = 244 "05ec77fb42d559208b128669f05bcf56" 245 "39ad349f66ea7dc448d3ba0db118e34a" 246 "fe41285c278e11856cf75ec2553ca00b" 247 "9265e970db4fd6b900b41fe649fd442f" 248 "533a8d149863ca5dc1a833a70e9178ec" 249 "77de42d5bc078b12e54cf05b22563980" 250 "6b9f66c950c4af36ba0d947fe34add41" 251 "28b31a8e11f843f75e21553c876e9265" 252 "cc57dba235b900eb72e649d0442fb619" 253 "8d14ff46ca5d24a8339a6d9178c377de" 254 "a108bc07ee71e54cd75b22b51c806bf2" 255 "45c9503baf369960947fc64adda40fb3" 256 "1aed74f8432a5e218813876ef158cc57" 257 "3ea2359c67eb72c549d0bb02b619e04b" 258 "ff46295d248f169a6df45fc3aa3da108" 259 "937aee71d84cd7be01b51ce74ef2452c" 260 "503b82159960cb52c6a930a40f9679ed" 261 "74df432abd048813fa4df15823573e81" 262 "689c67ce51c5ac37bb02957ce04bd246" 263 "29b01b8f16f940f45f26aa3d846f937a" 264 "cd54d8a30abe01e873e74ed1452cb71e" 265 "8215fc47cb5225a9309b629679c074df" 266 "a609bd04ef76fa4dd458238a1d8168f3" 267 "5ace5138ac379e61957cc74bd2a50cb0" 268 "1be275f9402b5f268910846ff659cd54" 269 "3fa30a9d64e873da4ed1b803b71ee148" 270 "fc472e52258c179b62f55cc0ab32a609" 271 "907bef76d94dd4bf068a1de44ff35a2d" 272 "5138836a9e61c853c7ae31a50c977ee2" 273 "75dc402bb2058910fb42f65920543f86" 274 "699d64cf56daad34b803ea7de148d347", 275 .ciphertext = 276 "07c20820721f49ef19cd6f3253052215" 277 "a2852bdb85d2d8b9dd0d1b45cb6911d4" 278 "eabeb2455d0caebea0c127ac659f537e" 279 "afc21bb5b86d360c25c0f86d0b2901da" 280 "1378dc89121243faf612ef8d87627883" 281 "e2be41204c6d351bd10c30cfe2de2b03" 282 "bf4573d4e55995d1b39b276297bdde7f" 283 "a4d23980aa5023f074883da86a18793b" 284 "c4966c8d2240926ed6ad2a1fde63c0e7" 285 "07f72df7b5f3f0cc017c2a9bc210caaa" 286 "fd2b3fc5f3f6fc9b45db53e45bf3c97b" 287 "8e52ffc802b8ac9da10039da3d2d0e01" 288 "097d8d5ebe53b9b08ee7e2966ab278ea" 289 "de238ba5fa5ce3dabf8e316a55d16ab2" 290 "b5466fa5f0eeba1f9f98b0664fd03fa9" 291 "df5f58c4f4ff755c403a097e6e1c97d4" 292 "cce7e771cf0b150871fa0797cde6ca1d" 293 "14280ccf99137af1ebfafa9207de1da1" 294 "d33669fe514d9f2e83374f1f4830ed04" 295 "4da4ef3aca76f41c418f6337782f86a6" 296 "ef417ed2af88ab675271c38ef8269372" 297 "aad60ee70b46b13ab408a9a8a0cf200c" 298 "52bc8b0556b2bc319b74b92929969a50" 299 "dc45dc1aeb0c64d4d3057e5955c3f490" 300 "c2abf89b8adacea1c3f4ad77dd44c8ac" 301 "a3f1c9d2195cb0caa234c1f76cfdac65" 302 "32dc48c4f2006b77f17d76acc031632a" 303 "a53a62c891b10365cb43d106dfc367bc" 304 "dce0cd35ce4965a0527ba70d07a91bb0" 305 "407772c2ea0e3a7846b991b6e73d5142" 306 "fd51b0c62c6313785ceefccfc4700034", 307 }, 308 { 309 /* RFC 2144, Appendix B.1 */ 310 .path = "/crypto/cipher/cast5-128", 311 .alg = QCRYPTO_CIPHER_ALG_CAST5_128, 312 .mode = QCRYPTO_CIPHER_MODE_ECB, 313 .key = "0123456712345678234567893456789A", 314 .plaintext = "0123456789abcdef", 315 .ciphertext = "238b4fe5847e44b2", 316 }, 317 { 318 /* libgcrypt serpent.c */ 319 .path = "/crypto/cipher/serpent-128", 320 .alg = QCRYPTO_CIPHER_ALG_SERPENT_128, 321 .mode = QCRYPTO_CIPHER_MODE_ECB, 322 .key = "00000000000000000000000000000000", 323 .plaintext = "d29d576fcea3a3a7ed9099f29273d78e", 324 .ciphertext = "b2288b968ae8b08648d1ce9606fd992d", 325 }, 326 { 327 /* libgcrypt serpent.c */ 328 .path = "/crypto/cipher/serpent-192", 329 .alg = QCRYPTO_CIPHER_ALG_SERPENT_192, 330 .mode = QCRYPTO_CIPHER_MODE_ECB, 331 .key = "00000000000000000000000000000000" 332 "0000000000000000", 333 .plaintext = "d29d576fceaba3a7ed9899f2927bd78e", 334 .ciphertext = "130e353e1037c22405e8faefb2c3c3e9", 335 }, 336 { 337 /* libgcrypt serpent.c */ 338 .path = "/crypto/cipher/serpent-256a", 339 .alg = QCRYPTO_CIPHER_ALG_SERPENT_256, 340 .mode = QCRYPTO_CIPHER_MODE_ECB, 341 .key = "00000000000000000000000000000000" 342 "00000000000000000000000000000000", 343 .plaintext = "d095576fcea3e3a7ed98d9f29073d78e", 344 .ciphertext = "b90ee5862de69168f2bdd5125b45472b", 345 }, 346 { 347 /* libgcrypt serpent.c */ 348 .path = "/crypto/cipher/serpent-256b", 349 .alg = QCRYPTO_CIPHER_ALG_SERPENT_256, 350 .mode = QCRYPTO_CIPHER_MODE_ECB, 351 .key = "00000000000000000000000000000000" 352 "00000000000000000000000000000000", 353 .plaintext = "00000000010000000200000003000000", 354 .ciphertext = "2061a42782bd52ec691ec383b03ba77c", 355 }, 356 { 357 /* Twofish paper "Known Answer Test" */ 358 .path = "/crypto/cipher/twofish-128", 359 .alg = QCRYPTO_CIPHER_ALG_TWOFISH_128, 360 .mode = QCRYPTO_CIPHER_MODE_ECB, 361 .key = "d491db16e7b1c39e86cb086b789f5419", 362 .plaintext = "019f9809de1711858faac3a3ba20fbc3", 363 .ciphertext = "6363977de839486297e661c6c9d668eb", 364 }, 365 { 366 /* Twofish paper "Known Answer Test", I=3 */ 367 .path = "/crypto/cipher/twofish-192", 368 .alg = QCRYPTO_CIPHER_ALG_TWOFISH_192, 369 .mode = QCRYPTO_CIPHER_MODE_ECB, 370 .key = "88b2b2706b105e36b446bb6d731a1e88" 371 "efa71f788965bd44", 372 .plaintext = "39da69d6ba4997d585b6dc073ca341b2", 373 .ciphertext = "182b02d81497ea45f9daacdc29193a65", 374 }, 375 { 376 /* Twofish paper "Known Answer Test", I=4 */ 377 .path = "/crypto/cipher/twofish-256", 378 .alg = QCRYPTO_CIPHER_ALG_TWOFISH_256, 379 .mode = QCRYPTO_CIPHER_MODE_ECB, 380 .key = "d43bb7556ea32e46f2a282b7d45b4e0d" 381 "57ff739d4dc92c1bd7fc01700cc8216f", 382 .plaintext = "90afe91bb288544f2c32dc239b2635e6", 383 .ciphertext = "6cb4561c40bf0a9705931cb6d408e7fa", 384 }, 385 { 386 /* #1 32 byte key, 32 byte PTX */ 387 .path = "/crypto/cipher/aes-xts-128-1", 388 .alg = QCRYPTO_CIPHER_ALG_AES_128, 389 .mode = QCRYPTO_CIPHER_MODE_XTS, 390 .key = 391 "00000000000000000000000000000000" 392 "00000000000000000000000000000000", 393 .iv = 394 "00000000000000000000000000000000", 395 .plaintext = 396 "00000000000000000000000000000000" 397 "00000000000000000000000000000000", 398 .ciphertext = 399 "917cf69ebd68b2ec9b9fe9a3eadda692" 400 "cd43d2f59598ed858c02c2652fbf922e", 401 }, 402 { 403 /* #2, 32 byte key, 32 byte PTX */ 404 .path = "/crypto/cipher/aes-xts-128-2", 405 .alg = QCRYPTO_CIPHER_ALG_AES_128, 406 .mode = QCRYPTO_CIPHER_MODE_XTS, 407 .key = 408 "11111111111111111111111111111111" 409 "22222222222222222222222222222222", 410 .iv = 411 "33333333330000000000000000000000", 412 .plaintext = 413 "44444444444444444444444444444444" 414 "44444444444444444444444444444444", 415 .ciphertext = 416 "c454185e6a16936e39334038acef838b" 417 "fb186fff7480adc4289382ecd6d394f0", 418 }, 419 { 420 /* #5 from xts.7, 32 byte key, 32 byte PTX */ 421 .path = "/crypto/cipher/aes-xts-128-3", 422 .alg = QCRYPTO_CIPHER_ALG_AES_128, 423 .mode = QCRYPTO_CIPHER_MODE_XTS, 424 .key = 425 "fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0" 426 "bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0", 427 .iv = 428 "9a785634120000000000000000000000", 429 .plaintext = 430 "44444444444444444444444444444444" 431 "44444444444444444444444444444444", 432 .ciphertext = 433 "b01f86f8edc1863706fa8a4253e34f28" 434 "af319de38334870f4dd1f94cbe9832f1", 435 }, 436 { 437 /* #4, 32 byte key, 512 byte PTX */ 438 .path = "/crypto/cipher/aes-xts-128-4", 439 .alg = QCRYPTO_CIPHER_ALG_AES_128, 440 .mode = QCRYPTO_CIPHER_MODE_XTS, 441 .key = 442 "27182818284590452353602874713526" 443 "31415926535897932384626433832795", 444 .iv = 445 "00000000000000000000000000000000", 446 .plaintext = 447 "000102030405060708090a0b0c0d0e0f" 448 "101112131415161718191a1b1c1d1e1f" 449 "202122232425262728292a2b2c2d2e2f" 450 "303132333435363738393a3b3c3d3e3f" 451 "404142434445464748494a4b4c4d4e4f" 452 "505152535455565758595a5b5c5d5e5f" 453 "606162636465666768696a6b6c6d6e6f" 454 "707172737475767778797a7b7c7d7e7f" 455 "808182838485868788898a8b8c8d8e8f" 456 "909192939495969798999a9b9c9d9e9f" 457 "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf" 458 "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf" 459 "c0c1c2c3c4c5c6c7c8c9cacbcccdcecf" 460 "d0d1d2d3d4d5d6d7d8d9dadbdcdddedf" 461 "e0e1e2e3e4e5e6e7e8e9eaebecedeeef" 462 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff" 463 "000102030405060708090a0b0c0d0e0f" 464 "101112131415161718191a1b1c1d1e1f" 465 "202122232425262728292a2b2c2d2e2f" 466 "303132333435363738393a3b3c3d3e3f" 467 "404142434445464748494a4b4c4d4e4f" 468 "505152535455565758595a5b5c5d5e5f" 469 "606162636465666768696a6b6c6d6e6f" 470 "707172737475767778797a7b7c7d7e7f" 471 "808182838485868788898a8b8c8d8e8f" 472 "909192939495969798999a9b9c9d9e9f" 473 "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf" 474 "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf" 475 "c0c1c2c3c4c5c6c7c8c9cacbcccdcecf" 476 "d0d1d2d3d4d5d6d7d8d9dadbdcdddedf" 477 "e0e1e2e3e4e5e6e7e8e9eaebecedeeef" 478 "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", 479 .ciphertext = 480 "27a7479befa1d476489f308cd4cfa6e2" 481 "a96e4bbe3208ff25287dd3819616e89c" 482 "c78cf7f5e543445f8333d8fa7f560000" 483 "05279fa5d8b5e4ad40e736ddb4d35412" 484 "328063fd2aab53e5ea1e0a9f332500a5" 485 "df9487d07a5c92cc512c8866c7e860ce" 486 "93fdf166a24912b422976146ae20ce84" 487 "6bb7dc9ba94a767aaef20c0d61ad0265" 488 "5ea92dc4c4e41a8952c651d33174be51" 489 "a10c421110e6d81588ede82103a252d8" 490 "a750e8768defffed9122810aaeb99f91" 491 "72af82b604dc4b8e51bcb08235a6f434" 492 "1332e4ca60482a4ba1a03b3e65008fc5" 493 "da76b70bf1690db4eae29c5f1badd03c" 494 "5ccf2a55d705ddcd86d449511ceb7ec3" 495 "0bf12b1fa35b913f9f747a8afd1b130e" 496 "94bff94effd01a91735ca1726acd0b19" 497 "7c4e5b03393697e126826fb6bbde8ecc" 498 "1e08298516e2c9ed03ff3c1b7860f6de" 499 "76d4cecd94c8119855ef5297ca67e9f3" 500 "e7ff72b1e99785ca0a7e7720c5b36dc6" 501 "d72cac9574c8cbbc2f801e23e56fd344" 502 "b07f22154beba0f08ce8891e643ed995" 503 "c94d9a69c9f1b5f499027a78572aeebd" 504 "74d20cc39881c213ee770b1010e4bea7" 505 "18846977ae119f7a023ab58cca0ad752" 506 "afe656bb3c17256a9f6e9bf19fdd5a38" 507 "fc82bbe872c5539edb609ef4f79c203e" 508 "bb140f2e583cb2ad15b4aa5b655016a8" 509 "449277dbd477ef2c8d6c017db738b18d" 510 "eb4a427d1923ce3ff262735779a418f2" 511 "0a282df920147beabe421ee5319d0568", 512 }, 513 { 514 /* Bad config - cast5-128 has 8 byte block size 515 * which is incompatible with XTS 516 */ 517 .path = "/crypto/cipher/cast5-xts-128", 518 .alg = QCRYPTO_CIPHER_ALG_CAST5_128, 519 .mode = QCRYPTO_CIPHER_MODE_XTS, 520 .key = 521 "27182818284590452353602874713526" 522 "31415926535897932384626433832795", 523 }, 524 { 525 /* NIST F.5.1 CTR-AES128.Encrypt */ 526 .path = "/crypto/cipher/aes-ctr-128", 527 .alg = QCRYPTO_CIPHER_ALG_AES_128, 528 .mode = QCRYPTO_CIPHER_MODE_CTR, 529 .key = "2b7e151628aed2a6abf7158809cf4f3c", 530 .iv = "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", 531 .plaintext = 532 "6bc1bee22e409f96e93d7e117393172a" 533 "ae2d8a571e03ac9c9eb76fac45af8e51" 534 "30c81c46a35ce411e5fbc1191a0a52ef" 535 "f69f2445df4f9b17ad2b417be66c3710", 536 .ciphertext = 537 "874d6191b620e3261bef6864990db6ce" 538 "9806f66b7970fdff8617187bb9fffdff" 539 "5ae4df3edbd5d35e5b4f09020db03eab" 540 "1e031dda2fbe03d1792170a0f3009cee", 541 }, 542 { 543 /* NIST F.5.3 CTR-AES192.Encrypt */ 544 .path = "/crypto/cipher/aes-ctr-192", 545 .alg = QCRYPTO_CIPHER_ALG_AES_192, 546 .mode = QCRYPTO_CIPHER_MODE_CTR, 547 .key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", 548 .iv = "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", 549 .plaintext = 550 "6bc1bee22e409f96e93d7e117393172a" 551 "ae2d8a571e03ac9c9eb76fac45af8e51" 552 "30c81c46a35ce411e5fbc1191a0a52ef" 553 "f69f2445df4f9b17ad2b417be66c3710", 554 .ciphertext = 555 "1abc932417521ca24f2b0459fe7e6e0b" 556 "090339ec0aa6faefd5ccc2c6f4ce8e94" 557 "1e36b26bd1ebc670d1bd1d665620abf7" 558 "4f78a7f6d29809585a97daec58c6b050", 559 }, 560 { 561 /* NIST F.5.5 CTR-AES256.Encrypt */ 562 .path = "/crypto/cipher/aes-ctr-256", 563 .alg = QCRYPTO_CIPHER_ALG_AES_256, 564 .mode = QCRYPTO_CIPHER_MODE_CTR, 565 .key = "603deb1015ca71be2b73aef0857d7781" 566 "1f352c073b6108d72d9810a30914dff4", 567 .iv = "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", 568 .plaintext = 569 "6bc1bee22e409f96e93d7e117393172a" 570 "ae2d8a571e03ac9c9eb76fac45af8e51" 571 "30c81c46a35ce411e5fbc1191a0a52ef" 572 "f69f2445df4f9b17ad2b417be66c3710", 573 .ciphertext = 574 "601ec313775789a5b7a7f504bbf3d228" 575 "f443e3ca4d62b59aca84e990cacaf5c5" 576 "2b0930daa23de94ce87017ba2d84988d" 577 "dfc9c58db67aada613c2dd08457941a6", 578 } 579 }; 580 581 582 static inline int unhex(char c) 583 { 584 if (c >= 'a' && c <= 'f') { 585 return 10 + (c - 'a'); 586 } 587 if (c >= 'A' && c <= 'F') { 588 return 10 + (c - 'A'); 589 } 590 return c - '0'; 591 } 592 593 static inline char hex(int i) 594 { 595 if (i < 10) { 596 return '0' + i; 597 } 598 return 'a' + (i - 10); 599 } 600 601 static size_t unhex_string(const char *hexstr, 602 uint8_t **data) 603 { 604 size_t len; 605 size_t i; 606 607 if (!hexstr) { 608 *data = NULL; 609 return 0; 610 } 611 612 len = strlen(hexstr); 613 *data = g_new0(uint8_t, len / 2); 614 615 for (i = 0; i < len; i += 2) { 616 (*data)[i/2] = (unhex(hexstr[i]) << 4) | unhex(hexstr[i+1]); 617 } 618 return len / 2; 619 } 620 621 static char *hex_string(const uint8_t *bytes, 622 size_t len) 623 { 624 char *hexstr = g_new0(char, len * 2 + 1); 625 size_t i; 626 627 for (i = 0; i < len; i++) { 628 hexstr[i*2] = hex((bytes[i] >> 4) & 0xf); 629 hexstr[i*2+1] = hex(bytes[i] & 0xf); 630 } 631 hexstr[len*2] = '\0'; 632 633 return hexstr; 634 } 635 636 static void test_cipher(const void *opaque) 637 { 638 const QCryptoCipherTestData *data = opaque; 639 640 QCryptoCipher *cipher; 641 uint8_t *key, *iv = NULL, *ciphertext = NULL, 642 *plaintext = NULL, *outtext = NULL; 643 size_t nkey, niv = 0, nciphertext = 0, nplaintext = 0; 644 char *outtexthex = NULL; 645 size_t ivsize, keysize, blocksize; 646 Error *err = NULL; 647 648 nkey = unhex_string(data->key, &key); 649 if (data->iv) { 650 niv = unhex_string(data->iv, &iv); 651 } 652 if (data->ciphertext) { 653 nciphertext = unhex_string(data->ciphertext, &ciphertext); 654 } 655 if (data->plaintext) { 656 nplaintext = unhex_string(data->plaintext, &plaintext); 657 } 658 659 g_assert(nciphertext == nplaintext); 660 661 outtext = g_new0(uint8_t, nciphertext); 662 663 cipher = qcrypto_cipher_new( 664 data->alg, data->mode, 665 key, nkey, 666 &err); 667 if (data->plaintext) { 668 g_assert(err == NULL); 669 g_assert(cipher != NULL); 670 } else { 671 error_free_or_abort(&err); 672 g_assert(cipher == NULL); 673 goto cleanup; 674 } 675 676 keysize = qcrypto_cipher_get_key_len(data->alg); 677 blocksize = qcrypto_cipher_get_block_len(data->alg); 678 ivsize = qcrypto_cipher_get_iv_len(data->alg, data->mode); 679 680 if (data->mode == QCRYPTO_CIPHER_MODE_XTS) { 681 g_assert_cmpint(keysize * 2, ==, nkey); 682 } else { 683 g_assert_cmpint(keysize, ==, nkey); 684 } 685 g_assert_cmpint(ivsize, ==, niv); 686 if (niv) { 687 g_assert_cmpint(blocksize, ==, niv); 688 } 689 690 if (iv) { 691 g_assert(qcrypto_cipher_setiv(cipher, 692 iv, niv, 693 &error_abort) == 0); 694 } 695 g_assert(qcrypto_cipher_encrypt(cipher, 696 plaintext, 697 outtext, 698 nplaintext, 699 &error_abort) == 0); 700 701 outtexthex = hex_string(outtext, nciphertext); 702 703 g_assert_cmpstr(outtexthex, ==, data->ciphertext); 704 705 g_free(outtexthex); 706 707 if (iv) { 708 g_assert(qcrypto_cipher_setiv(cipher, 709 iv, niv, 710 &error_abort) == 0); 711 } 712 g_assert(qcrypto_cipher_decrypt(cipher, 713 ciphertext, 714 outtext, 715 nplaintext, 716 &error_abort) == 0); 717 718 outtexthex = hex_string(outtext, nplaintext); 719 720 g_assert_cmpstr(outtexthex, ==, data->plaintext); 721 722 cleanup: 723 g_free(outtext); 724 g_free(outtexthex); 725 g_free(key); 726 g_free(iv); 727 g_free(ciphertext); 728 g_free(plaintext); 729 qcrypto_cipher_free(cipher); 730 } 731 732 733 static void test_cipher_null_iv(void) 734 { 735 QCryptoCipher *cipher; 736 uint8_t key[32] = { 0 }; 737 uint8_t plaintext[32] = { 0 }; 738 uint8_t ciphertext[32] = { 0 }; 739 740 cipher = qcrypto_cipher_new( 741 QCRYPTO_CIPHER_ALG_AES_256, 742 QCRYPTO_CIPHER_MODE_CBC, 743 key, sizeof(key), 744 &error_abort); 745 g_assert(cipher != NULL); 746 747 /* Don't call qcrypto_cipher_setiv */ 748 749 qcrypto_cipher_encrypt(cipher, 750 plaintext, 751 ciphertext, 752 sizeof(plaintext), 753 &error_abort); 754 755 qcrypto_cipher_free(cipher); 756 } 757 758 static void test_cipher_short_plaintext(void) 759 { 760 Error *err = NULL; 761 QCryptoCipher *cipher; 762 uint8_t key[32] = { 0 }; 763 uint8_t plaintext1[20] = { 0 }; 764 uint8_t ciphertext1[20] = { 0 }; 765 uint8_t plaintext2[40] = { 0 }; 766 uint8_t ciphertext2[40] = { 0 }; 767 int ret; 768 769 cipher = qcrypto_cipher_new( 770 QCRYPTO_CIPHER_ALG_AES_256, 771 QCRYPTO_CIPHER_MODE_CBC, 772 key, sizeof(key), 773 &error_abort); 774 g_assert(cipher != NULL); 775 776 /* Should report an error as plaintext is shorter 777 * than block size 778 */ 779 ret = qcrypto_cipher_encrypt(cipher, 780 plaintext1, 781 ciphertext1, 782 sizeof(plaintext1), 783 &err); 784 g_assert(ret == -1); 785 error_free_or_abort(&err); 786 787 /* Should report an error as plaintext is larger than 788 * block size, but not a multiple of block size 789 */ 790 ret = qcrypto_cipher_encrypt(cipher, 791 plaintext2, 792 ciphertext2, 793 sizeof(plaintext2), 794 &err); 795 g_assert(ret == -1); 796 error_free_or_abort(&err); 797 798 qcrypto_cipher_free(cipher); 799 } 800 801 int main(int argc, char **argv) 802 { 803 size_t i; 804 805 g_test_init(&argc, &argv, NULL); 806 807 g_assert(qcrypto_init(NULL) == 0); 808 809 for (i = 0; i < G_N_ELEMENTS(test_data); i++) { 810 if (qcrypto_cipher_supports(test_data[i].alg, test_data[i].mode)) { 811 g_test_add_data_func(test_data[i].path, &test_data[i], test_cipher); 812 } 813 } 814 815 g_test_add_func("/crypto/cipher/null-iv", 816 test_cipher_null_iv); 817 818 g_test_add_func("/crypto/cipher/short-plaintext", 819 test_cipher_short_plaintext); 820 821 return g_test_run(); 822 } 823