1 /* Copyright (c) 2015, Google Inc. 2 * 3 * Permission to use, copy, modify, and/or distribute this software for any 4 * purpose with or without fee is hereby granted, provided that the above 5 * copyright notice and this permission notice appear in all copies. 6 * 7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 15 #include <stdio.h> 16 #include <string.h> 17 18 #include <memory> 19 #include <vector> 20 21 #include <gtest/gtest.h> 22 23 #include <openssl/aes.h> 24 25 #include "../../internal.h" 26 #include "../../test/file_test.h" 27 #include "../../test/test_util.h" 28 29 30 static void TestRaw(FileTest *t) { 31 std::vector<uint8_t> key, plaintext, ciphertext; 32 ASSERT_TRUE(t->GetBytes(&key, "Key")); 33 ASSERT_TRUE(t->GetBytes(&plaintext, "Plaintext")); 34 ASSERT_TRUE(t->GetBytes(&ciphertext, "Ciphertext")); 35 36 ASSERT_EQ(static_cast<unsigned>(AES_BLOCK_SIZE), plaintext.size()); 37 ASSERT_EQ(static_cast<unsigned>(AES_BLOCK_SIZE), ciphertext.size()); 38 39 AES_KEY aes_key; 40 ASSERT_EQ(0, AES_set_encrypt_key(key.data(), 8 * key.size(), &aes_key)); 41 42 // Test encryption. 43 uint8_t block[AES_BLOCK_SIZE]; 44 AES_encrypt(plaintext.data(), block, &aes_key); 45 EXPECT_EQ(Bytes(ciphertext), Bytes(block)); 46 47 // Test in-place encryption. 48 OPENSSL_memcpy(block, plaintext.data(), AES_BLOCK_SIZE); 49 AES_encrypt(block, block, &aes_key); 50 EXPECT_EQ(Bytes(ciphertext), Bytes(block)); 51 52 ASSERT_EQ(0, AES_set_decrypt_key(key.data(), 8 * key.size(), &aes_key)); 53 54 // Test decryption. 55 AES_decrypt(ciphertext.data(), block, &aes_key); 56 EXPECT_EQ(Bytes(plaintext), Bytes(block)); 57 58 // Test in-place decryption. 59 OPENSSL_memcpy(block, ciphertext.data(), AES_BLOCK_SIZE); 60 AES_decrypt(block, block, &aes_key); 61 EXPECT_EQ(Bytes(plaintext), Bytes(block)); 62 } 63 64 static void TestKeyWrap(FileTest *t) { 65 // All test vectors use the default IV, so test both with implicit and 66 // explicit IV. 67 // 68 // TODO(davidben): Find test vectors that use a different IV. 69 static const uint8_t kDefaultIV[] = { 70 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 71 }; 72 73 std::vector<uint8_t> key, plaintext, ciphertext; 74 ASSERT_TRUE(t->GetBytes(&key, "Key")); 75 ASSERT_TRUE(t->GetBytes(&plaintext, "Plaintext")); 76 ASSERT_TRUE(t->GetBytes(&ciphertext, "Ciphertext")); 77 78 ASSERT_EQ(plaintext.size() + 8, ciphertext.size()) 79 << "Invalid Plaintext and Ciphertext lengths."; 80 81 // Test encryption. 82 AES_KEY aes_key; 83 ASSERT_EQ(0, AES_set_encrypt_key(key.data(), 8 * key.size(), &aes_key)); 84 85 // Test with implicit IV. 86 std::unique_ptr<uint8_t[]> buf(new uint8_t[ciphertext.size()]); 87 int len = AES_wrap_key(&aes_key, nullptr /* iv */, buf.get(), 88 plaintext.data(), plaintext.size()); 89 ASSERT_GE(len, 0); 90 EXPECT_EQ(Bytes(ciphertext), Bytes(buf.get(), static_cast<size_t>(len))); 91 92 // Test with explicit IV. 93 OPENSSL_memset(buf.get(), 0, ciphertext.size()); 94 len = AES_wrap_key(&aes_key, kDefaultIV, buf.get(), plaintext.data(), 95 plaintext.size()); 96 ASSERT_GE(len, 0); 97 EXPECT_EQ(Bytes(ciphertext), Bytes(buf.get(), static_cast<size_t>(len))); 98 99 // Test decryption. 100 ASSERT_EQ(0, AES_set_decrypt_key(key.data(), 8 * key.size(), &aes_key)); 101 102 // Test with implicit IV. 103 buf.reset(new uint8_t[plaintext.size()]); 104 len = AES_unwrap_key(&aes_key, nullptr /* iv */, buf.get(), ciphertext.data(), 105 ciphertext.size()); 106 ASSERT_GE(len, 0); 107 EXPECT_EQ(Bytes(plaintext), Bytes(buf.get(), static_cast<size_t>(len))); 108 109 // Test with explicit IV. 110 OPENSSL_memset(buf.get(), 0, plaintext.size()); 111 len = AES_unwrap_key(&aes_key, kDefaultIV, buf.get(), ciphertext.data(), 112 ciphertext.size()); 113 ASSERT_GE(len, 0); 114 115 // Test corrupted ciphertext. 116 ciphertext[0] ^= 1; 117 EXPECT_EQ(-1, AES_unwrap_key(&aes_key, nullptr /* iv */, buf.get(), 118 ciphertext.data(), ciphertext.size())); 119 } 120 121 TEST(AESTest, TestVectors) { 122 FileTestGTest("crypto/fipsmodule/aes/aes_tests.txt", [](FileTest *t) { 123 if (t->GetParameter() == "Raw") { 124 TestRaw(t); 125 } else if (t->GetParameter() == "KeyWrap") { 126 TestKeyWrap(t); 127 } else { 128 ADD_FAILURE() << "Unknown mode " << t->GetParameter(); 129 } 130 }); 131 } 132