3 #ifdef POLARSSL_CIPHER_C
7 #if defined(POLARSSL_GCM_C)
13 #if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
17 #if defined(WANT_NOT_RND_MPI)
18 #if defined(POLARSSL_BIGNUM_C)
21 #error "not_rnd_mpi() need bignum.c"
27 typedef UINT32 uint32_t;
40 #define GET_UINT32_BE(n,b,i) \
42 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
43 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
44 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
45 | ( (uint32_t) (b)[(i) + 3] ); \
50 #define PUT_UINT32_BE(n,b,i) \
52 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
53 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
54 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
55 (b)[(i) + 3] = (unsigned char) ( (n) ); \
59 static int unhexify(
unsigned char *obuf,
const char *ibuf)
62 int len = strlen(ibuf) / 2;
63 assert(!(strlen(ibuf) %1));
68 if( c >=
'0' && c <=
'9' )
70 else if( c >=
'a' && c <=
'f' )
72 else if( c >=
'A' && c <=
'F' )
78 if( c2 >=
'0' && c2 <=
'9' )
80 else if( c2 >=
'a' && c2 <=
'f' )
82 else if( c2 >=
'A' && c2 <=
'F' )
87 *obuf++ = ( c << 4 ) | c2;
93 static void hexify(
unsigned char *obuf,
const unsigned char *ibuf,
int len)
105 *obuf++ =
'a' + h - 10;
110 *obuf++ =
'a' + l - 10;
126 static int rnd_std_rand(
void *rng_state,
unsigned char *output,
size_t len )
130 if( rng_state != NULL )
133 for( i = 0; i < len; ++i )
144 static int rnd_zero_rand(
void *rng_state,
unsigned char *output,
size_t len )
146 if( rng_state != NULL )
149 memset( output, 0, len );
176 if( rng_state == NULL )
185 memcpy( output, info->
buf, use_len );
186 info->
buf += use_len;
190 if( len - use_len > 0 )
191 return(
rnd_std_rand( NULL, output + use_len, len - use_len ) );
220 uint32_t i, *k, sum, delta=0x9E3779B9;
221 unsigned char result[4];
223 if( rng_state == NULL )
230 size_t use_len = ( len > 4 ) ? 4 : len;
233 for( i = 0; i < 32; i++ )
235 info->
v0 += (((info->
v1 << 4) ^ (info->
v1 >> 5)) + info->
v1) ^ (sum + k[sum & 3]);
237 info->
v1 += (((info->
v0 << 4) ^ (info->
v0 >> 5)) + info->
v0) ^ (sum + k[(sum>>11) & 3]);
241 memcpy( output, result, use_len );
248 #if defined(WANT_NOT_RND_MPI)
257 #define ciL (sizeof(t_uint))
258 #define CHARS_TO_LIMBS(i) (((i) + ciL - 1) / ciL)
259 static int not_rnd_mpi(
void *in,
unsigned char *out,
size_t len )
261 char *str = (
char *) in;
270 X.
n = CHARS_TO_LIMBS( len );
276 assert( strlen( str ) / 2 == len );
288 #ifdef POLARSSL_CIPHER_C
290 #define TEST_SUITE_ACTIVE
298 if( test_errors == 1 )
299 printf(
"FAILED\n" );
300 printf(
" %s\n", test );
305 #define TEST_ASSERT( TEST ) \
306 do { test_assert( (TEST) ? 1 : 0, #TEST ); \
307 if( test_errors) return; \
312 if( (*str)[0] !=
'"' ||
313 (*str)[strlen( *str ) - 1] !=
'"' )
315 printf(
"Expected string (with \"\") for parameter and got: %s\n", *str );
320 (*str)[strlen( *str ) - 1] =
'\0';
332 for( i = 0; i < strlen( str ); i++ )
334 if( i == 0 && str[i] ==
'-' )
340 if( ( ( minus && i == 2 ) || ( !minus && i == 1 ) ) &&
341 str[i - 1] ==
'0' && str[i] ==
'x' )
347 if( str[i] <
'0' || str[i] >
'9' )
357 *value = strtol( str, NULL, 16 );
359 *value = strtol( str, NULL, 10 );
364 if( strcmp( str,
"POLARSSL_CIPHER_CAMELLIA_256_GCM" ) == 0 )
369 if( strcmp( str,
"POLARSSL_ERR_CIPHER_AUTH_FAILED" ) == 0 )
374 if( strcmp( str,
"POLARSSL_CIPHER_AES_256_GCM" ) == 0 )
379 if( strcmp( str,
"POLARSSL_CIPHER_AES_192_GCM" ) == 0 )
384 if( strcmp( str,
"POLARSSL_CIPHER_AES_128_GCM" ) == 0 )
389 if( strcmp( str,
"-1" ) == 0 )
394 if( strcmp( str,
"POLARSSL_CIPHER_CAMELLIA_192_GCM" ) == 0 )
399 if( strcmp( str,
"POLARSSL_CIPHER_CAMELLIA_128_GCM" ) == 0 )
406 printf(
"Expected integer for parameter and got: %s\n", str );
410 void test_suite_enc_dec_buf(
int cipher_id,
char *cipher_string,
int key_len,
411 int length_val,
int pad_mode )
413 size_t length = length_val, outlen, total_len, i;
414 unsigned char key[32];
415 unsigned char iv[16];
416 unsigned char ad[13];
417 unsigned char tag[16];
418 unsigned char inbuf[64];
419 unsigned char encbuf[64];
420 unsigned char decbuf[64];
429 memset( &ctx_dec, 0,
sizeof( ctx_dec ) );
430 memset( &ctx_enc, 0,
sizeof( ctx_enc ) );
432 memset( key, 0x2a,
sizeof( key ) );
446 #if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
459 for( i = 0; i < 3; i++ )
461 memset( iv , 0x00 + i,
sizeof( iv ) );
462 memset( ad, 0x10 + i,
sizeof( ad ) );
463 memset( inbuf, 0x20 + i,
sizeof( inbuf ) );
465 memset( encbuf, 0,
sizeof( encbuf ) );
466 memset( decbuf, 0,
sizeof( decbuf ) );
467 memset( tag, 0,
sizeof( tag ) );
475 #if defined(POLARSSL_CIPHER_MODE_AEAD)
486 total_len < length &&
492 #if defined(POLARSSL_CIPHER_MODE_AEAD)
498 total_len > length &&
507 total_len < length &&
513 #if defined(POLARSSL_CIPHER_MODE_AEAD)
529 void test_suite_enc_fail(
int cipher_id,
int pad_mode,
int key_len,
530 int length_val,
int ret )
532 size_t length = length_val;
533 unsigned char key[32];
534 unsigned char iv[16];
539 unsigned char inbuf[64];
540 unsigned char encbuf[64];
544 memset( key, 0, 32 );
545 memset( iv , 0, 16 );
547 memset( &ctx, 0,
sizeof( ctx ) );
549 memset( inbuf, 5, 64 );
550 memset( encbuf, 0, 64 );
559 #if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
566 #if defined(POLARSSL_CIPHER_MODE_AEAD)
578 void test_suite_dec_empty_buf()
580 unsigned char key[32];
581 unsigned char iv[16];
586 unsigned char encbuf[64];
587 unsigned char decbuf[64];
591 memset( key, 0, 32 );
592 memset( iv , 0, 16 );
594 memset( &ctx_dec, 0,
sizeof( ctx_dec ) );
596 memset( encbuf, 0, 64 );
597 memset( decbuf, 0, 64 );
611 #if defined(POLARSSL_CIPHER_MODE_AEAD)
619 &ctx_dec, decbuf + outlen, &outlen ) );
625 void test_suite_enc_dec_buf_multipart(
int cipher_id,
int key_len,
int first_length_val,
626 int second_length_val )
628 size_t first_length = first_length_val;
629 size_t second_length = second_length_val;
630 size_t length = first_length + second_length;
631 unsigned char key[32];
632 unsigned char iv[16];
638 unsigned char inbuf[64];
639 unsigned char encbuf[64];
640 unsigned char decbuf[64];
643 size_t totaloutlen = 0;
645 memset( key, 0, 32 );
646 memset( iv , 0, 16 );
648 memset( &ctx_dec, 0,
sizeof( ctx_dec ) );
649 memset( &ctx_enc, 0,
sizeof( ctx_enc ) );
651 memset( inbuf, 5, 64 );
652 memset( encbuf, 0, 64 );
653 memset( decbuf, 0, 64 );
671 #if defined(POLARSSL_CIPHER_MODE_AEAD)
678 totaloutlen = outlen;
680 totaloutlen += outlen;
683 totaloutlen < length &&
687 totaloutlen += outlen;
690 totaloutlen > length &&
695 totaloutlen = outlen;
699 totaloutlen < length &&
703 totaloutlen += outlen;
713 void test_suite_decrypt_test_vec(
int cipher_id,
int pad_mode,
714 char *hex_key,
char *hex_iv,
715 char *hex_cipher,
char *hex_clear,
716 char *hex_ad,
char *hex_tag,
717 int finish_result,
int tag_result )
719 unsigned char key[50];
720 unsigned char iv[50];
721 unsigned char cipher[200];
722 unsigned char clear[200];
723 unsigned char ad[200];
724 unsigned char tag[20];
725 size_t key_len, iv_len, cipher_len, clear_len;
726 #if defined(POLARSSL_CIPHER_MODE_AEAD)
727 size_t ad_len, tag_len;
730 unsigned char output[200];
731 size_t outlen, total_len;
733 memset( key, 0x00,
sizeof( key ) );
734 memset( iv, 0x00,
sizeof( iv ) );
735 memset( cipher, 0x00,
sizeof( cipher ) );
736 memset( clear, 0x00,
sizeof( clear ) );
737 memset( ad, 0x00,
sizeof( ad ) );
738 memset( tag, 0x00,
sizeof( tag ) );
739 memset( output, 0x00,
sizeof( output ) );
743 cipher_len =
unhexify( cipher, hex_cipher );
744 clear_len =
unhexify( clear, hex_clear );
745 #if defined(POLARSSL_CIPHER_MODE_AEAD)
757 #if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
765 #if defined(POLARSSL_CIPHER_MODE_AEAD)
776 #if defined(POLARSSL_CIPHER_MODE_AEAD)
781 if( 0 == finish_result && 0 == tag_result )
784 TEST_ASSERT( 0 == memcmp( output, clear, clear_len ) );
790 void test_suite_test_vec_ecb(
int cipher_id,
int operation,
char *hex_key,
791 char *hex_input,
char *hex_result,
794 unsigned char key[50];
795 unsigned char input[16];
796 unsigned char result[16];
799 unsigned char output[32];
802 memset( key, 0x00,
sizeof( key ) );
803 memset( input, 0x00,
sizeof( input ) );
804 memset( result, 0x00,
sizeof( result ) );
805 memset( output, 0x00,
sizeof( output ) );
828 if( 0 == finish_result )
835 #ifdef POLARSSL_CIPHER_MODE_WITH_PADDING
836 void test_suite_set_padding(
int cipher_id,
int pad_mode,
int ret )
851 #ifdef POLARSSL_CIPHER_MODE_CBC
852 void test_suite_check_padding(
int pad_mode,
char *input_str,
int ret,
int dlen_check )
856 unsigned char input[16];
860 memset( &ctx, 0,
sizeof( ctx ) );
866 ilen =
unhexify( input, input_str );
874 #ifdef POLARSSL_SELF_TEST
875 void test_suite_cipher_selftest()
890 if( strcmp( str,
"POLARSSL_AES_C" ) == 0 )
892 #if defined(POLARSSL_AES_C)
898 if( strcmp( str,
"POLARSSL_CAMELLIA_C" ) == 0 )
900 #if defined(POLARSSL_CAMELLIA_C)
906 if( strcmp( str,
"POLARSSL_GCM_C" ) == 0 )
908 #if defined(POLARSSL_GCM_C)
925 #if defined(TEST_SUITE_ACTIVE)
926 if( strcmp( params[0],
"enc_dec_buf" ) == 0 )
930 char *param2 = params[2];
937 fprintf( stderr,
"\nIncorrect argument count (%d != %d)\n", cnt, 6 );
941 if(
verify_int( params[1], ¶m1 ) != 0 )
return( 2 );
943 if(
verify_int( params[3], ¶m3 ) != 0 )
return( 2 );
944 if(
verify_int( params[4], ¶m4 ) != 0 )
return( 2 );
945 if(
verify_int( params[5], ¶m5 ) != 0 )
return( 2 );
947 test_suite_enc_dec_buf( param1, param2, param3, param4, param5 );
953 if( strcmp( params[0],
"enc_fail" ) == 0 )
964 fprintf( stderr,
"\nIncorrect argument count (%d != %d)\n", cnt, 6 );
968 if(
verify_int( params[1], ¶m1 ) != 0 )
return( 2 );
969 if(
verify_int( params[2], ¶m2 ) != 0 )
return( 2 );
970 if(
verify_int( params[3], ¶m3 ) != 0 )
return( 2 );
971 if(
verify_int( params[4], ¶m4 ) != 0 )
return( 2 );
972 if(
verify_int( params[5], ¶m5 ) != 0 )
return( 2 );
974 test_suite_enc_fail( param1, param2, param3, param4, param5 );
980 if( strcmp( params[0],
"dec_empty_buf" ) == 0 )
986 fprintf( stderr,
"\nIncorrect argument count (%d != %d)\n", cnt, 1 );
991 test_suite_dec_empty_buf( );
997 if( strcmp( params[0],
"enc_dec_buf_multipart" ) == 0 )
1007 fprintf( stderr,
"\nIncorrect argument count (%d != %d)\n", cnt, 5 );
1011 if(
verify_int( params[1], ¶m1 ) != 0 )
return( 2 );
1012 if(
verify_int( params[2], ¶m2 ) != 0 )
return( 2 );
1013 if(
verify_int( params[3], ¶m3 ) != 0 )
return( 2 );
1014 if(
verify_int( params[4], ¶m4 ) != 0 )
return( 2 );
1016 test_suite_enc_dec_buf_multipart( param1, param2, param3, param4 );
1022 if( strcmp( params[0],
"decrypt_test_vec" ) == 0 )
1027 char *param3 = params[3];
1028 char *param4 = params[4];
1029 char *param5 = params[5];
1030 char *param6 = params[6];
1031 char *param7 = params[7];
1032 char *param8 = params[8];
1038 fprintf( stderr,
"\nIncorrect argument count (%d != %d)\n", cnt, 11 );
1042 if(
verify_int( params[1], ¶m1 ) != 0 )
return( 2 );
1043 if(
verify_int( params[2], ¶m2 ) != 0 )
return( 2 );
1050 if(
verify_int( params[9], ¶m9 ) != 0 )
return( 2 );
1051 if(
verify_int( params[10], ¶m10 ) != 0 )
return( 2 );
1053 test_suite_decrypt_test_vec( param1, param2, param3, param4, param5, param6, param7, param8, param9, param10 );
1059 if( strcmp( params[0],
"test_vec_ecb" ) == 0 )
1064 char *param3 = params[3];
1065 char *param4 = params[4];
1066 char *param5 = params[5];
1071 fprintf( stderr,
"\nIncorrect argument count (%d != %d)\n", cnt, 7 );
1075 if(
verify_int( params[1], ¶m1 ) != 0 )
return( 2 );
1076 if(
verify_int( params[2], ¶m2 ) != 0 )
return( 2 );
1080 if(
verify_int( params[6], ¶m6 ) != 0 )
return( 2 );
1082 test_suite_test_vec_ecb( param1, param2, param3, param4, param5, param6 );
1088 if( strcmp( params[0],
"set_padding" ) == 0 )
1090 #ifdef POLARSSL_CIPHER_MODE_WITH_PADDING
1098 fprintf( stderr,
"\nIncorrect argument count (%d != %d)\n", cnt, 4 );
1102 if(
verify_int( params[1], ¶m1 ) != 0 )
return( 2 );
1103 if(
verify_int( params[2], ¶m2 ) != 0 )
return( 2 );
1104 if(
verify_int( params[3], ¶m3 ) != 0 )
return( 2 );
1106 test_suite_set_padding( param1, param2, param3 );
1113 if( strcmp( params[0],
"check_padding" ) == 0 )
1115 #ifdef POLARSSL_CIPHER_MODE_CBC
1118 char *param2 = params[2];
1124 fprintf( stderr,
"\nIncorrect argument count (%d != %d)\n", cnt, 5 );
1128 if(
verify_int( params[1], ¶m1 ) != 0 )
return( 2 );
1130 if(
verify_int( params[3], ¶m3 ) != 0 )
return( 2 );
1131 if(
verify_int( params[4], ¶m4 ) != 0 )
return( 2 );
1133 test_suite_check_padding( param1, param2, param3, param4 );
1140 if( strcmp( params[0],
"cipher_selftest" ) == 0 )
1142 #ifdef POLARSSL_SELF_TEST
1147 fprintf( stderr,
"\nIncorrect argument count (%d != %d)\n", cnt, 1 );
1152 test_suite_cipher_selftest( );
1161 fprintf( stdout,
"FAILED\nSkipping unknown test function '%s'\n", params[0] );
1175 ret = fgets( buf, len, f );
1179 if( strlen( buf ) && buf[strlen(buf) - 1] ==
'\n' )
1180 buf[strlen(buf) - 1] =
'\0';
1181 if( strlen( buf ) && buf[strlen(buf) - 1] ==
'\r' )
1182 buf[strlen(buf) - 1] =
'\0';
1193 params[cnt++] = cur;
1195 while( *p !=
'\0' && p < buf + len )
1205 if( p + 1 < buf + len )
1208 params[cnt++] = cur;
1217 for( i = 0; i < cnt; i++ )
1224 if( *p ==
'\\' && *(p + 1) ==
'n' )
1229 else if( *p ==
'\\' && *(p + 1) ==
':' )
1234 else if( *p ==
'\\' && *(p + 1) ==
'?' )
1250 int ret, i, cnt, total_errors = 0, total_tests = 0, total_skipped = 0;
1251 const char *filename =
"/tmp/B.6b9404fc-5e27-486e-9bbd-77463d7343ee/BUILD/polarssl-1.3.2/tests/suites/test_suite_cipher.gcm.data";
1256 #if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
1257 unsigned char alloc_buf[1000000];
1258 memory_buffer_alloc_init( alloc_buf,
sizeof(alloc_buf) );
1261 file = fopen( filename,
"r" );
1264 fprintf( stderr,
"Failed to open\n" );
1268 while( !feof( file ) )
1272 if( ( ret =
get_line( file, buf,
sizeof(buf) ) ) != 0 )
1274 fprintf( stdout,
"%s%.66s", test_errors ?
"\n" :
"", buf );
1275 fprintf( stdout,
" " );
1276 for( i = strlen( buf ) + 1; i < 67; i++ )
1277 fprintf( stdout,
"." );
1278 fprintf( stdout,
" " );
1283 if( ( ret =
get_line( file, buf,
sizeof(buf) ) ) != 0 )
1287 if( strcmp( params[0],
"depends_on" ) == 0 )
1289 for( i = 1; i < cnt; i++ )
1293 if( ( ret =
get_line( file, buf,
sizeof(buf) ) ) != 0 )
1304 if( skip == 1 || ret == 3 )
1307 fprintf( stdout,
"----\n" );
1310 else if( ret == 0 && test_errors == 0 )
1312 fprintf( stdout,
"PASS\n" );
1317 fprintf( stderr,
"FAILED: FATAL PARSE ERROR\n" );
1324 if( ( ret =
get_line( file, buf,
sizeof(buf) ) ) != 0 )
1326 if( strlen(buf) != 0 )
1328 fprintf( stderr,
"Should be empty %d\n", (
int) strlen(buf) );
1334 fprintf( stdout,
"\n----------------------------------------------------------------------------\n\n");
1335 if( total_errors == 0 )
1336 fprintf( stdout,
"PASSED" );
1338 fprintf( stdout,
"FAILED" );
1340 fprintf( stdout,
" (%d / %d tests (%d skipped))\n",
1341 total_tests - total_errors, total_tests, total_skipped );
1343 #if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
1344 #if defined(POLARSSL_MEMORY_DEBUG)
1345 memory_buffer_alloc_status();
1347 memory_buffer_alloc_free();
1350 return( total_errors != 0 );
int cipher_finish(cipher_context_t *ctx, unsigned char *output, size_t *olen)
Generic cipher finalisation function.
static void hexify(unsigned char *obuf, const unsigned char *ibuf, int len)
Info structure for the pseudo random function.
int cipher_write_tag(cipher_context_t *ctx, unsigned char *tag, size_t tag_len)
Write tag for AEAD ciphers.
const cipher_info_t * cipher_info_from_type(const cipher_type_t cipher_type)
Returns the cipher information structure associated with the given cipher type.
static unsigned int cipher_get_block_size(const cipher_context_t *ctx)
Returns the block size of the given cipher.
const cipher_info_t * cipher_info_from_string(const char *cipher_name)
Returns the cipher information structure associated with the given cipher name.
static int rnd_buffer_rand(void *rng_state, unsigned char *output, size_t len)
This function returns random based on a buffer it receives.
int(* get_padding)(unsigned char *input, size_t ilen, size_t *data_len)
Configuration options (set of defines)
#define PUT_UINT32_BE(n, b, i)
static int unhexify(unsigned char *obuf, const char *ibuf)
static int test_assert(int correct, char *test)
int main(int argc, char *argv[])
Multi-precision integer library.
const cipher_info_t * cipher_info
Information about the associated cipher.
#define TEST_ASSERT(TEST)
int cipher_free_ctx(cipher_context_t *ctx)
Free the cipher-specific context of ctx.
int cipher_update_ad(cipher_context_t *ctx, const unsigned char *ad, size_t ad_len)
Add additional data (for AEAD ciphers).
int cipher_set_iv(cipher_context_t *ctx, const unsigned char *iv, size_t iv_len)
Set the initialization vector (IV) or nonce.
int cipher_update(cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
Generic cipher update function.
static int rnd_zero_rand(void *rng_state, unsigned char *output, size_t len)
This function only returns zeros.
#define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED
Decryption of block requires a full block.
int parse_arguments(char *buf, size_t len, char *params[50])
int cipher_reset(cipher_context_t *ctx)
Finish preparation of the given context.
int cipher_set_padding_mode(cipher_context_t *ctx, cipher_padding_t mode)
Set padding mode, for cipher modes that use padding.
cipher_mode_t mode
Cipher mode (e.g.
int mpi_read_string(mpi *X, int radix, const char *s)
Import from an ASCII string.
int cipher_init_ctx(cipher_context_t *ctx, const cipher_info_t *cipher_info)
Initialises and fills the cipher context structure with the appropriate values.
int cipher_setkey(cipher_context_t *ctx, const unsigned char *key, int key_length, const operation_t operation)
Set the key to use with the given context.
int verify_string(char **str)
int dispatch_test(int cnt, char *params[50])
Galois/Counter mode for 128-bit block ciphers.
static int rnd_std_rand(void *rng_state, unsigned char *output, size_t len)
This function just returns data from rand().
int verify_int(char *str, int *value)
int cipher_self_test(int verbose)
Checkup routine.
static int rnd_pseudo_rand(void *rng_state, unsigned char *output, size_t len)
This function returns random based on a pseudo random function.
int cipher_check_tag(cipher_context_t *ctx, const unsigned char *tag, size_t tag_len)
Check tag for AEAD ciphers.
#define POLARSSL_ERR_CIPHER_AUTH_FAILED
Authentication failed (for AEAD modes).
int get_line(FILE *f, char *buf, size_t len)