OLD | NEW |
1 /* | 1 /* |
2 * cipher.c | 2 * cipher.c |
3 * | 3 * |
4 * cipher meta-functions | 4 * cipher meta-functions |
5 * | 5 * |
6 * David A. McGrew | 6 * David A. McGrew |
7 * Cisco Systems, Inc. | 7 * Cisco Systems, Inc. |
8 * | 8 * |
9 */ | 9 */ |
10 | 10 |
11 /* | 11 /* |
12 * | 12 * |
13 * Copyright (c) 2001-2006, Cisco Systems, Inc. | 13 * Copyright (c) 2001-2006,2013 Cisco Systems, Inc. |
14 * All rights reserved. | 14 * All rights reserved. |
15 * | 15 * |
16 * Redistribution and use in source and binary forms, with or without | 16 * Redistribution and use in source and binary forms, with or without |
17 * modification, are permitted provided that the following conditions | 17 * modification, are permitted provided that the following conditions |
18 * are met: | 18 * are met: |
19 * | 19 * |
20 * Redistributions of source code must retain the above copyright | 20 * Redistributions of source code must retain the above copyright |
21 * notice, this list of conditions and the following disclaimer. | 21 * notice, this list of conditions and the following disclaimer. |
22 * | 22 * |
23 * Redistributions in binary form must reproduce the above | 23 * Redistributions in binary form must reproduce the above |
(...skipping 13 matching lines...) Loading... |
37 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | 37 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
38 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | 38 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
39 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 39 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
40 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | 40 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
41 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 41 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
42 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 42 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
43 * OF THE POSSIBILITY OF SUCH DAMAGE. | 43 * OF THE POSSIBILITY OF SUCH DAMAGE. |
44 * | 44 * |
45 */ | 45 */ |
46 | 46 |
| 47 #ifdef HAVE_CONFIG_H |
| 48 #include <config.h> |
| 49 #endif |
| 50 |
47 #include "cipher.h" | 51 #include "cipher.h" |
| 52 #include "crypto_types.h" |
48 #include "rand_source.h" /* used in invertibiltiy tests */ | 53 #include "rand_source.h" /* used in invertibiltiy tests */ |
49 #include "alloc.h" /* for crypto_alloc(), crypto_free() */ | 54 #include "alloc.h" /* for crypto_alloc(), crypto_free() */ |
50 | 55 |
51 debug_module_t mod_cipher = { | 56 debug_module_t mod_cipher = { |
52 0, /* debugging is off by default */ | 57 0, /* debugging is off by default */ |
53 "cipher" /* printable module name */ | 58 "cipher" /* printable module name */ |
54 }; | 59 }; |
55 | 60 |
56 err_status_t | 61 err_status_t |
57 cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output) { | 62 cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output) { |
(...skipping 22 matching lines...) Loading... |
80 #define NUM_RAND_TESTS 128 | 85 #define NUM_RAND_TESTS 128 |
81 #define MAX_KEY_LEN 64 | 86 #define MAX_KEY_LEN 64 |
82 | 87 |
83 err_status_t | 88 err_status_t |
84 cipher_type_test(const cipher_type_t *ct, const cipher_test_case_t *test_data) { | 89 cipher_type_test(const cipher_type_t *ct, const cipher_test_case_t *test_data) { |
85 const cipher_test_case_t *test_case = test_data; | 90 const cipher_test_case_t *test_case = test_data; |
86 cipher_t *c; | 91 cipher_t *c; |
87 err_status_t status; | 92 err_status_t status; |
88 uint8_t buffer[SELF_TEST_BUF_OCTETS]; | 93 uint8_t buffer[SELF_TEST_BUF_OCTETS]; |
89 uint8_t buffer2[SELF_TEST_BUF_OCTETS]; | 94 uint8_t buffer2[SELF_TEST_BUF_OCTETS]; |
| 95 int tag_len; |
90 unsigned int len; | 96 unsigned int len; |
91 int i, j, case_num = 0; | 97 int i, j, case_num = 0; |
92 | 98 |
93 debug_print(mod_cipher, "running self-test for cipher %s", | 99 debug_print(mod_cipher, "running self-test for cipher %s", |
94 ct->description); | 100 ct->description); |
95 | 101 |
96 /* | 102 /* |
97 * check to make sure that we have at least one test case, and | 103 * check to make sure that we have at least one test case, and |
98 * return an error if we don't - we need to be paranoid here | 104 * return an error if we don't - we need to be paranoid here |
99 */ | 105 */ |
100 if (test_case == NULL) | 106 if (test_case == NULL) |
101 return err_status_cant_check; | 107 return err_status_cant_check; |
102 | 108 |
103 /* | 109 /* |
104 * loop over all test cases, perform known-answer tests of both the | 110 * loop over all test cases, perform known-answer tests of both the |
105 * encryption and decryption functions | 111 * encryption and decryption functions |
106 */ | 112 */ |
107 while (test_case != NULL) { | 113 while (test_case != NULL) { |
108 | |
109 /* allocate cipher */ | 114 /* allocate cipher */ |
110 status = cipher_type_alloc(ct, &c, test_case->key_length_octets); | 115 status = cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->
tag_length_octets); |
111 if (status) | 116 if (status) |
112 return status; | 117 return status; |
113 | 118 |
114 /* | 119 /* |
115 * test the encrypt function | 120 * test the encrypt function |
116 */ | 121 */ |
117 debug_print(mod_cipher, "testing encryption", NULL); | 122 debug_print(mod_cipher, "testing encryption", NULL); |
118 | 123 |
119 /* initialize cipher */ | 124 /* initialize cipher */ |
120 status = cipher_init(c, test_case->key, direction_encrypt); | 125 status = cipher_init(c, test_case->key); |
121 if (status) { | 126 if (status) { |
122 cipher_dealloc(c); | 127 cipher_dealloc(c); |
123 return status; | 128 return status; |
124 } | 129 } |
125 | 130 |
126 /* copy plaintext into test buffer */ | 131 /* copy plaintext into test buffer */ |
127 if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) { | 132 if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) { |
128 cipher_dealloc(c); | 133 cipher_dealloc(c); |
129 return err_status_bad_param; | 134 return err_status_bad_param; |
130 } | 135 } |
131 for (i=0; i < test_case->plaintext_length_octets; i++) | 136 for (i=0; i < test_case->plaintext_length_octets; i++) |
132 buffer[i] = test_case->plaintext[i]; | 137 buffer[i] = test_case->plaintext[i]; |
133 | 138 |
134 debug_print(mod_cipher, "plaintext: %s", | 139 debug_print(mod_cipher, "plaintext: %s", |
135 octet_string_hex_string(buffer, | 140 octet_string_hex_string(buffer, |
136 test_case->plaintext_length_octets)); | 141 test_case->plaintext_length_octets)); |
137 | 142 |
138 /* set the initialization vector */ | 143 /* set the initialization vector */ |
139 status = cipher_set_iv(c, test_case->idx); | 144 status = cipher_set_iv(c, test_case->idx, direction_encrypt); |
140 if (status) { | 145 if (status) { |
141 cipher_dealloc(c); | 146 cipher_dealloc(c); |
142 return status; | 147 return status; |
143 } | 148 } |
144 | 149 |
| 150 if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) { |
| 151 debug_print(mod_cipher, "IV: %s", |
| 152 octet_string_hex_string(test_case->idx, 12)); |
| 153 |
| 154 /* |
| 155 * Set the AAD |
| 156 */ |
| 157 status = cipher_set_aad(c, test_case->aad, |
| 158 test_case->aad_length_octets); |
| 159 if (status) { |
| 160 cipher_dealloc(c); |
| 161 return status; |
| 162 } |
| 163 debug_print(mod_cipher, "AAD: %s", |
| 164 octet_string_hex_string(test_case->aad, |
| 165 test_case->aad_length_octets)); |
| 166 } |
| 167 |
145 /* encrypt */ | 168 /* encrypt */ |
146 len = test_case->plaintext_length_octets; | 169 len = test_case->plaintext_length_octets; |
147 status = cipher_encrypt(c, buffer, &len); | 170 status = cipher_encrypt(c, buffer, &len); |
148 if (status) { | 171 if (status) { |
149 cipher_dealloc(c); | 172 cipher_dealloc(c); |
150 return status; | 173 return status; |
151 } | 174 } |
152 | 175 |
| 176 if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) { |
| 177 /* |
| 178 * Get the GCM tag |
| 179 */ |
| 180 status = cipher_get_tag(c, buffer + len, &tag_len); |
| 181 if (status) { |
| 182 cipher_dealloc(c); |
| 183 return status; |
| 184 } |
| 185 len += tag_len; |
| 186 } |
| 187 |
153 debug_print(mod_cipher, "ciphertext: %s", | 188 debug_print(mod_cipher, "ciphertext: %s", |
154 octet_string_hex_string(buffer, | 189 octet_string_hex_string(buffer, |
155 test_case->ciphertext_length_octets)); | 190 test_case->ciphertext_length_octets)); |
156 | 191 |
157 /* compare the resulting ciphertext with that in the test case */ | 192 /* compare the resulting ciphertext with that in the test case */ |
158 if (len != test_case->ciphertext_length_octets) | 193 if (len != test_case->ciphertext_length_octets) |
159 return err_status_algo_fail; | 194 return err_status_algo_fail; |
160 status = err_status_ok; | 195 status = err_status_ok; |
161 for (i=0; i < test_case->ciphertext_length_octets; i++) | 196 for (i=0; i < test_case->ciphertext_length_octets; i++) |
162 if (buffer[i] != test_case->ciphertext[i]) { | 197 if (buffer[i] != test_case->ciphertext[i]) { |
(...skipping 14 matching lines...) Loading... |
177 cipher_dealloc(c); | 212 cipher_dealloc(c); |
178 return err_status_algo_fail; | 213 return err_status_algo_fail; |
179 } | 214 } |
180 | 215 |
181 /* | 216 /* |
182 * test the decrypt function | 217 * test the decrypt function |
183 */ | 218 */ |
184 debug_print(mod_cipher, "testing decryption", NULL); | 219 debug_print(mod_cipher, "testing decryption", NULL); |
185 | 220 |
186 /* re-initialize cipher for decryption */ | 221 /* re-initialize cipher for decryption */ |
187 status = cipher_init(c, test_case->key, direction_decrypt); | 222 status = cipher_init(c, test_case->key); |
188 if (status) { | 223 if (status) { |
189 cipher_dealloc(c); | 224 cipher_dealloc(c); |
190 return status; | 225 return status; |
191 } | 226 } |
192 | 227 |
193 /* copy ciphertext into test buffer */ | 228 /* copy ciphertext into test buffer */ |
194 if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) { | 229 if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) { |
195 cipher_dealloc(c); | 230 cipher_dealloc(c); |
196 return err_status_bad_param; | 231 return err_status_bad_param; |
197 } | 232 } |
198 for (i=0; i < test_case->ciphertext_length_octets; i++) | 233 for (i=0; i < test_case->ciphertext_length_octets; i++) |
199 buffer[i] = test_case->ciphertext[i]; | 234 buffer[i] = test_case->ciphertext[i]; |
200 | 235 |
201 debug_print(mod_cipher, "ciphertext: %s", | 236 debug_print(mod_cipher, "ciphertext: %s", |
202 octet_string_hex_string(buffer, | 237 octet_string_hex_string(buffer, |
203 test_case->plaintext_length_octets)); | 238 test_case->plaintext_length_octets)); |
204 | 239 |
205 /* set the initialization vector */ | 240 /* set the initialization vector */ |
206 status = cipher_set_iv(c, test_case->idx); | 241 status = cipher_set_iv(c, test_case->idx, direction_decrypt); |
207 if (status) { | 242 if (status) { |
208 cipher_dealloc(c); | 243 cipher_dealloc(c); |
209 return status; | 244 return status; |
210 } | 245 } |
211 | 246 |
| 247 if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) { |
| 248 /* |
| 249 * Set the AAD |
| 250 */ |
| 251 status = cipher_set_aad(c, test_case->aad, |
| 252 test_case->aad_length_octets); |
| 253 if (status) { |
| 254 cipher_dealloc(c); |
| 255 return status; |
| 256 } |
| 257 debug_print(mod_cipher, "AAD: %s", |
| 258 octet_string_hex_string(test_case->aad, |
| 259 test_case->aad_length_octets)); |
| 260 } |
| 261 |
212 /* decrypt */ | 262 /* decrypt */ |
213 len = test_case->ciphertext_length_octets; | 263 len = test_case->ciphertext_length_octets; |
214 status = cipher_decrypt(c, buffer, &len); | 264 status = cipher_decrypt(c, buffer, &len); |
215 if (status) { | 265 if (status) { |
216 cipher_dealloc(c); | 266 cipher_dealloc(c); |
217 return status; | 267 return status; |
218 } | 268 } |
219 | 269 |
220 debug_print(mod_cipher, "plaintext: %s", | 270 debug_print(mod_cipher, "plaintext: %s", |
221 octet_string_hex_string(buffer, | 271 octet_string_hex_string(buffer, |
(...skipping 32 matching lines...) Loading... |
254 * case in the list; if NULL, we'l proceed to the next test | 304 * case in the list; if NULL, we'l proceed to the next test |
255 */ | 305 */ |
256 test_case = test_case->next_test_case; | 306 test_case = test_case->next_test_case; |
257 ++case_num; | 307 ++case_num; |
258 } | 308 } |
259 | 309 |
260 /* now run some random invertibility tests */ | 310 /* now run some random invertibility tests */ |
261 | 311 |
262 /* allocate cipher, using paramaters from the first test case */ | 312 /* allocate cipher, using paramaters from the first test case */ |
263 test_case = test_data; | 313 test_case = test_data; |
264 status = cipher_type_alloc(ct, &c, test_case->key_length_octets); | 314 status = cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->ta
g_length_octets); |
265 if (status) | 315 if (status) |
266 return status; | 316 return status; |
267 | 317 |
268 rand_source_init(); | 318 rand_source_init(); |
269 | 319 |
270 for (j=0; j < NUM_RAND_TESTS; j++) { | 320 for (j=0; j < NUM_RAND_TESTS; j++) { |
271 unsigned length; | 321 unsigned length; |
272 int plaintext_len; | 322 int plaintext_len; |
273 uint8_t key[MAX_KEY_LEN]; | 323 uint8_t key[MAX_KEY_LEN]; |
274 uint8_t iv[MAX_KEY_LEN]; | 324 uint8_t iv[MAX_KEY_LEN]; |
(...skipping 15 matching lines...) Loading... |
290 if (test_case->key_length_octets > MAX_KEY_LEN) | 340 if (test_case->key_length_octets > MAX_KEY_LEN) |
291 return err_status_cant_check; | 341 return err_status_cant_check; |
292 status = rand_source_get_octet_string(key, test_case->key_length_octets); | 342 status = rand_source_get_octet_string(key, test_case->key_length_octets); |
293 if (status) return status; | 343 if (status) return status; |
294 | 344 |
295 /* chose a random initialization vector */ | 345 /* chose a random initialization vector */ |
296 status = rand_source_get_octet_string(iv, MAX_KEY_LEN); | 346 status = rand_source_get_octet_string(iv, MAX_KEY_LEN); |
297 if (status) return status; | 347 if (status) return status; |
298 | 348 |
299 /* initialize cipher */ | 349 /* initialize cipher */ |
300 status = cipher_init(c, key, direction_encrypt); | 350 status = cipher_init(c, key); |
301 if (status) { | 351 if (status) { |
302 cipher_dealloc(c); | 352 cipher_dealloc(c); |
303 return status; | 353 return status; |
304 } | 354 } |
305 | 355 |
306 /* set initialization vector */ | 356 /* set initialization vector */ |
307 status = cipher_set_iv(c, test_case->idx); | 357 status = cipher_set_iv(c, test_case->idx, direction_encrypt); |
308 if (status) { | 358 if (status) { |
309 cipher_dealloc(c); | 359 cipher_dealloc(c); |
310 return status; | 360 return status; |
311 } | 361 } |
312 | 362 |
| 363 if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) { |
| 364 /* |
| 365 * Set the AAD |
| 366 */ |
| 367 status = cipher_set_aad(c, test_case->aad, |
| 368 test_case->aad_length_octets); |
| 369 if (status) { |
| 370 cipher_dealloc(c); |
| 371 return status; |
| 372 } |
| 373 debug_print(mod_cipher, "AAD: %s", |
| 374 octet_string_hex_string(test_case->aad, |
| 375 test_case->aad_length_octets)); |
| 376 } |
| 377 |
313 /* encrypt buffer with cipher */ | 378 /* encrypt buffer with cipher */ |
314 plaintext_len = length; | 379 plaintext_len = length; |
315 status = cipher_encrypt(c, buffer, &length); | 380 status = cipher_encrypt(c, buffer, &length); |
316 if (status) { | 381 if (status) { |
317 cipher_dealloc(c); | 382 cipher_dealloc(c); |
318 return status; | 383 return status; |
319 } | 384 } |
| 385 if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) { |
| 386 /* |
| 387 * Get the GCM tag |
| 388 */ |
| 389 status = cipher_get_tag(c, buffer + length, &tag_len); |
| 390 if (status) { |
| 391 cipher_dealloc(c); |
| 392 return status; |
| 393 } |
| 394 length += tag_len; |
| 395 } |
320 debug_print(mod_cipher, "ciphertext: %s", | 396 debug_print(mod_cipher, "ciphertext: %s", |
321 octet_string_hex_string(buffer, length)); | 397 octet_string_hex_string(buffer, length)); |
322 | 398 |
323 /* | 399 /* |
324 * re-initialize cipher for decryption, re-set the iv, then | 400 * re-initialize cipher for decryption, re-set the iv, then |
325 * decrypt the ciphertext | 401 * decrypt the ciphertext |
326 */ | 402 */ |
327 status = cipher_init(c, key, direction_decrypt); | 403 status = cipher_init(c, key); |
328 if (status) { | 404 if (status) { |
329 cipher_dealloc(c); | 405 cipher_dealloc(c); |
330 return status; | 406 return status; |
331 } | 407 } |
332 status = cipher_set_iv(c, test_case->idx); | 408 status = cipher_set_iv(c, test_case->idx, direction_decrypt); |
333 if (status) { | 409 if (status) { |
334 cipher_dealloc(c); | 410 cipher_dealloc(c); |
335 return status; | 411 return status; |
336 } | 412 } |
| 413 if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) { |
| 414 /* |
| 415 * Set the AAD |
| 416 */ |
| 417 status = cipher_set_aad(c, test_case->aad, |
| 418 test_case->aad_length_octets); |
| 419 if (status) { |
| 420 cipher_dealloc(c); |
| 421 return status; |
| 422 } |
| 423 debug_print(mod_cipher, "AAD: %s", |
| 424 octet_string_hex_string(test_case->aad, |
| 425 test_case->aad_length_octets)); |
| 426 } |
337 status = cipher_decrypt(c, buffer, &length); | 427 status = cipher_decrypt(c, buffer, &length); |
338 if (status) { | 428 if (status) { |
339 cipher_dealloc(c); | 429 cipher_dealloc(c); |
340 return status; | 430 return status; |
341 } | 431 } |
342 | 432 |
343 debug_print(mod_cipher, "plaintext[2]: %s", | 433 debug_print(mod_cipher, "plaintext[2]: %s", |
344 octet_string_hex_string(buffer, length)); | 434 octet_string_hex_string(buffer, length)); |
345 | 435 |
346 /* compare the resulting plaintext with the original one */ | 436 /* compare the resulting plaintext with the original one */ |
347 if (length != plaintext_len) | 437 if (length != plaintext_len) { |
348 return err_status_algo_fail; | 438 return err_status_algo_fail; |
| 439 } |
349 status = err_status_ok; | 440 status = err_status_ok; |
350 for (i=0; i < plaintext_len; i++) | 441 for (i=0; i < plaintext_len; i++) |
351 if (buffer[i] != buffer2[i]) { | 442 if (buffer[i] != buffer2[i]) { |
352 status = err_status_algo_fail; | 443 status = err_status_algo_fail; |
353 debug_print(mod_cipher, "random test case %d failed", case_num); | 444 debug_print(mod_cipher, "random test case %d failed", case_num); |
354 debug_print(mod_cipher, "(failure at byte %d)", i); | 445 debug_print(mod_cipher, "(failure at byte %d)", i); |
355 } | 446 } |
356 if (status) { | 447 if (status) { |
357 cipher_dealloc(c); | 448 cipher_dealloc(c); |
358 return err_status_algo_fail; | 449 return err_status_algo_fail; |
(...skipping 39 matching lines...) Loading... |
398 unsigned int len = octets_in_buffer; | 489 unsigned int len = octets_in_buffer; |
399 | 490 |
400 enc_buf = (unsigned char*) crypto_alloc(octets_in_buffer); | 491 enc_buf = (unsigned char*) crypto_alloc(octets_in_buffer); |
401 if (enc_buf == NULL) | 492 if (enc_buf == NULL) |
402 return 0; /* indicate bad parameters by returning null */ | 493 return 0; /* indicate bad parameters by returning null */ |
403 | 494 |
404 /* time repeated trials */ | 495 /* time repeated trials */ |
405 v128_set_to_zero(&nonce); | 496 v128_set_to_zero(&nonce); |
406 timer = clock(); | 497 timer = clock(); |
407 for(i=0; i < num_trials; i++, nonce.v32[3] = i) { | 498 for(i=0; i < num_trials; i++, nonce.v32[3] = i) { |
408 cipher_set_iv(c, &nonce); | 499 cipher_set_iv(c, &nonce, direction_encrypt); |
409 cipher_encrypt(c, enc_buf, &len); | 500 cipher_encrypt(c, enc_buf, &len); |
410 } | 501 } |
411 timer = clock() - timer; | 502 timer = clock() - timer; |
412 | 503 |
413 crypto_free(enc_buf); | 504 crypto_free(enc_buf); |
414 | 505 |
415 if (timer == 0) { | 506 if (timer == 0) { |
416 /* Too fast! */ | 507 /* Too fast! */ |
417 return 0; | 508 return 0; |
418 } | 509 } |
419 | 510 |
420 return (uint64_t)CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer; | 511 return (uint64_t)CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer; |
421 } | 512 } |
OLD | NEW |