diff options
author | Niels Möller <nisse@lysator.liu.se> | 2023-02-12 16:26:00 +0100 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2023-04-21 15:04:45 +0200 |
commit | c34b7b0e582b9ee7a5cbdb39734df4205fb7789e (patch) | |
tree | ab3fc0e1adc9c45a22256d9ab3317124b0b15d16 | |
parent | 9226b48545080885acd4b4bf4acfc4f2f583db0e (diff) | |
download | nettle-c34b7b0e582b9ee7a5cbdb39734df4205fb7789e.tar.gz |
New test helper test_aead_message.
-rw-r--r-- | testsuite/ocb-test.c | 28 | ||||
-rw-r--r-- | testsuite/siv-gcm-test.c | 13 | ||||
-rw-r--r-- | testsuite/siv-test.c | 184 | ||||
-rw-r--r-- | testsuite/testutils.c | 121 | ||||
-rw-r--r-- | testsuite/testutils.h | 36 |
5 files changed, 202 insertions, 180 deletions
diff --git a/testsuite/ocb-test.c b/testsuite/ocb-test.c index d377b3ec..7a952a62 100644 --- a/testsuite/ocb-test.c +++ b/testsuite/ocb-test.c @@ -4,18 +4,18 @@ /* FIXME: Lots of almost duplicated code with siv tests. */ /* AEAD ciphers */ typedef void -nettle_encrypt_message_func(const void *ctx, - size_t nlength, const uint8_t *nonce, - size_t alength, const uint8_t *adata, - size_t tlength, - size_t clength, uint8_t *dst, const uint8_t *src); +ocb_encrypt_message_func(const void *ctx, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t tlength, + size_t clength, uint8_t *dst, const uint8_t *src); typedef int -nettle_decrypt_message_func(const void *encrypt_ctx, const void *decrypt_ctx, - size_t nlength, const uint8_t *nonce, - size_t alength, const uint8_t *adata, - size_t tlength, - size_t mlength, uint8_t *dst, const uint8_t *src); +ocb_decrypt_message_func(const void *encrypt_ctx, const void *decrypt_ctx, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t tlength, + size_t mlength, uint8_t *dst, const uint8_t *src); static void test_compare_results(const char *name, @@ -59,8 +59,8 @@ static void test_ocb_message(const char *name, nettle_set_key_func *set_encrypt_key, nettle_set_key_func *set_decrypt_key, - nettle_encrypt_message_func *encrypt, - nettle_decrypt_message_func *decrypt, + ocb_encrypt_message_func *encrypt, + ocb_decrypt_message_func *decrypt, size_t encrypt_context_size, size_t decrypt_context_size, size_t key_size, size_t digest_size, const struct tstring *key, @@ -138,8 +138,8 @@ test_ocb_message(const char *name, test_ocb_message("ocb_aes128", \ (nettle_set_key_func*)ocb_aes128_set_encrypt_key, \ (nettle_set_key_func*)aes128_set_decrypt_key, \ - (nettle_encrypt_message_func*)ocb_aes128_encrypt_message, \ - (nettle_decrypt_message_func*)ocb_aes128_decrypt_message, \ + (ocb_encrypt_message_func*)ocb_aes128_encrypt_message, \ + (ocb_decrypt_message_func*)ocb_aes128_decrypt_message, \ sizeof(struct ocb_aes128_ctx), sizeof(struct aes128_ctx), \ AES128_KEY_SIZE, OCB_DIGEST_SIZE, \ key, nonce, authdata, cleartext, ciphertext) diff --git a/testsuite/siv-gcm-test.c b/testsuite/siv-gcm-test.c index eba03f23..6b697443 100644 --- a/testsuite/siv-gcm-test.c +++ b/testsuite/siv-gcm-test.c @@ -41,19 +41,6 @@ #include "aes.h" #include "siv-gcm.h" -/* AEAD ciphers */ -typedef void -nettle_encrypt_message_func(void *ctx, - size_t nlength, const uint8_t *nonce, - size_t alength, const uint8_t *adata, - size_t clength, uint8_t *dst, const uint8_t *src); - -typedef int -nettle_decrypt_message_func(void *ctx, - size_t nlength, const uint8_t *nonce, - size_t alength, const uint8_t *adata, - size_t mlength, uint8_t *dst, const uint8_t *src); - static void test_compare_results (const char *name, const struct tstring *adata, diff --git a/testsuite/siv-test.c b/testsuite/siv-test.c index 64f1ac5d..3d2ec865 100644 --- a/testsuite/siv-test.c +++ b/testsuite/siv-test.c @@ -42,143 +42,29 @@ #include "siv-cmac.h" #include "knuth-lfib.h" -/* AEAD ciphers */ -typedef void -nettle_encrypt_message_func(void *ctx, - size_t nlength, const uint8_t *nonce, - size_t alength, const uint8_t *adata, - size_t clength, uint8_t *dst, const uint8_t *src); - -typedef int -nettle_decrypt_message_func(void *ctx, - size_t nlength, const uint8_t *nonce, - size_t alength, const uint8_t *adata, - size_t mlength, uint8_t *dst, const uint8_t *src); - -static void -test_compare_results(const char *name, - const struct tstring *adata, - /* Expected results. */ - const struct tstring *e_clear, - const struct tstring *e_cipher, - /* Actual results. */ - const void *clear, - const void *cipher) -{ - if (!MEMEQ(e_cipher->length, e_cipher->data, cipher)) - { - fprintf(stderr, "%s: encryption failed\nAdata: ", name); - tstring_print_hex(adata); - fprintf(stderr, "\nInput: "); - tstring_print_hex(e_clear); - fprintf(stderr, "\nOutput: "); - print_hex(e_cipher->length, cipher); - fprintf(stderr, "\nExpected:"); - tstring_print_hex(e_cipher); - fprintf(stderr, "\n"); - FAIL(); - } - if (!MEMEQ(e_clear->length, e_clear->data, clear)) - { - fprintf(stderr, "%s decrypt failed:\nAdata:", name); - tstring_print_hex(adata); - fprintf(stderr, "\nInput: "); - tstring_print_hex(e_cipher); - fprintf(stderr, "\nOutput: "); - print_hex(e_clear->length, clear); - fprintf(stderr, "\nExpected:"); - tstring_print_hex(e_clear); - fprintf(stderr, "\n"); - FAIL(); - } -} /* test_compare_results */ - -static void -test_cipher_siv(const char *name, - nettle_set_key_func *siv_set_key, - nettle_encrypt_message_func *siv_encrypt, - nettle_decrypt_message_func *siv_decrypt, - size_t context_size, size_t key_size, - const struct tstring *key, - const struct tstring *nonce, - const struct tstring *authdata, - const struct tstring *cleartext, - const struct tstring *ciphertext) -{ - void *ctx = xalloc(context_size); - uint8_t *en_data; - uint8_t *de_data; - int ret; - - ASSERT (key->length == key_size); - ASSERT (cleartext->length + SIV_DIGEST_SIZE == ciphertext->length); - - de_data = xalloc(cleartext->length); - en_data = xalloc(ciphertext->length); - - /* Ensure we get the same answers using the all-in-one API. */ - memset(de_data, 0, cleartext->length); - memset(en_data, 0, ciphertext->length); - - siv_set_key(ctx, key->data); - siv_encrypt(ctx, nonce->length, nonce->data, - authdata->length, authdata->data, - ciphertext->length, en_data, cleartext->data); - - ret = siv_decrypt(ctx, nonce->length, nonce->data, - authdata->length, authdata->data, - cleartext->length, de_data, ciphertext->data); - - if (ret != 1) - { - fprintf(stderr, "siv_decrypt_message failed to validate message\n"); - FAIL(); - } - test_compare_results(name, authdata, - cleartext, ciphertext, de_data, en_data); - - /* Ensure that we can detect corrupted message or tag data. */ - en_data[0] ^= 1; - ret = siv_decrypt(ctx, nonce->length, nonce->data, - authdata->length, authdata->data, - cleartext->length, de_data, en_data); - if (ret != 0) - { - fprintf(stderr, "siv_decrypt_message failed to detect corrupted message\n"); - FAIL(); - } - - /* Ensure we can detect corrupted adata. */ - if (authdata->length) { - en_data[0] ^= 1; - ret = siv_decrypt(ctx, nonce->length, nonce->data, - authdata->length-1, authdata->data, - cleartext->length, de_data, en_data); - if (ret != 0) - { - fprintf(stderr, "siv_decrypt_message failed to detect corrupted message\n"); - FAIL(); - } - } - - free(ctx); - free(en_data); - free(de_data); -} - -#define test_siv_aes128(name, key, nonce, authdata, cleartext, ciphertext) \ - test_cipher_siv(name, (nettle_set_key_func*)siv_cmac_aes128_set_key, \ - (nettle_encrypt_message_func*)siv_cmac_aes128_encrypt_message, \ - (nettle_decrypt_message_func*)siv_cmac_aes128_decrypt_message, \ - sizeof(struct siv_cmac_aes128_ctx), SIV_CMAC_AES128_KEY_SIZE, \ - key, nonce, authdata, cleartext, ciphertext) - -#define test_siv_aes256(name, key, nonce, authdata, cleartext, ciphertext) \ - test_cipher_siv(name, (nettle_set_key_func*)siv_cmac_aes256_set_key, \ - (nettle_encrypt_message_func*)siv_cmac_aes256_encrypt_message, \ - (nettle_decrypt_message_func*)siv_cmac_aes256_decrypt_message, \ - sizeof(struct siv_cmac_aes256_ctx), SIV_CMAC_AES256_KEY_SIZE, \ - key, nonce, authdata, cleartext, ciphertext) +static const struct nettle_aead_message +siv_cmac_aes128 = { + "siv_cmac_aes128", + sizeof(struct siv_cmac_aes128_ctx), + SIV_CMAC_AES128_KEY_SIZE, + SIV_DIGEST_SIZE, + (nettle_set_key_func*) siv_cmac_aes128_set_key, + (nettle_set_key_func*) siv_cmac_aes128_set_key, + (nettle_encrypt_message_func*) siv_cmac_aes128_encrypt_message, + (nettle_decrypt_message_func*) siv_cmac_aes128_decrypt_message, +}; + +static const struct nettle_aead_message +siv_cmac_aes256 = { + "siv_cmac_aes256", + sizeof(struct siv_cmac_aes256_ctx), + SIV_CMAC_AES256_KEY_SIZE, + SIV_DIGEST_SIZE, + (nettle_set_key_func*) siv_cmac_aes256_set_key, + (nettle_set_key_func*) siv_cmac_aes256_set_key, + (nettle_encrypt_message_func*) siv_cmac_aes256_encrypt_message, + (nettle_decrypt_message_func*) siv_cmac_aes256_decrypt_message, +}; void test_main(void) @@ -188,7 +74,7 @@ test_main(void) /* * Example with small nonce, no AD and no plaintext */ - test_siv_aes128("SIV_CMAC_AES128", + test_aead_message(&siv_cmac_aes128, SHEX("fffefdfc fbfaf9f8 f7f6f5f4 f3f2f1f0" "f0f1f2f3 f4f5f6f7 f8f9fafb fcfdfeff"), SHEX("01"), @@ -198,7 +84,7 @@ test_main(void) /* * Example with small nonce, no AD and plaintext */ - test_siv_aes128("SIV_CMAC_AES128", + test_aead_message(&siv_cmac_aes128, SHEX("fffefdfc fbfaf9f8 f7f6f5f4 f3f2f1f0" "f0f1f2f3 f4f5f6f7 f8f9fafb fcfdfeff"), SHEX("02"), @@ -210,7 +96,7 @@ test_main(void) /* * Example with length < 16 */ - test_siv_aes128("SIV_CMAC_AES128", + test_aead_message(&siv_cmac_aes128, SHEX("fffefdfc fbfaf9f8 f7f6f5f4 f3f2f1f0" "f0f1f2f3 f4f5f6f7 f8f9fafb fcfdfeff"), SHEX("02"), @@ -223,7 +109,7 @@ test_main(void) /* * Example with length > 16 */ - test_siv_aes128("SIV_CMAC_AES128", + test_aead_message(&siv_cmac_aes128, SHEX("7f7e7d7c 7b7a7978 77767574 73727170" "40414243 44454647 48494a4b 4c4d4e4f"), SHEX("020304"), @@ -241,7 +127,7 @@ test_main(void) /* * Example with single AAD, length > 16 */ - test_siv_aes128("SIV_CMAC_AES128", + test_aead_message(&siv_cmac_aes128, SHEX("7f7e7d7c 7b7a7978 77767574 73727170" "40414243 44454647 48494a4b 4c4d4e4f"), SHEX("09f91102 9d74e35b d84156c5 635688c0"), @@ -259,7 +145,7 @@ test_main(void) /* * Example with single AAD, length < 16 */ - test_siv_aes128("SIV_CMAC_AES128", + test_aead_message(&siv_cmac_aes128, SHEX("7f7e7d7c 7b7a7978 77767574 73727170" "40414243 44454647 48494a4b 4c4d4e4f"), SHEX("09f91102 9d74e35b d84156c5 635688c0"), @@ -272,7 +158,7 @@ test_main(void) /* AES-SIV-CMAC-512 (AES-256) from dchest/siv repo */ - test_siv_aes256("SIV_CMAC_AES256", + test_aead_message(&siv_cmac_aes256, SHEX("fffefdfc fbfaf9f8 f7f6f5f4 f3f2f1f0" "6f6e6d6c 6b6a6968 67666564 63626160" "f0f1f2f3 f4f5f6f7 f8f9fafb fcfdfeff" @@ -287,7 +173,7 @@ test_main(void) /* AES-SIV-CMAC-512 (AES-256) */ - test_siv_aes256("SIV_CMAC_AES256", + test_aead_message(&siv_cmac_aes256, SHEX("c27df2fd aec35d4a 2a412a50 c3e8c47d" "2d568e91 a38e5414 8abdc0b6 e86caf87" "695c0a8a df4c5f8e b2c6c8b1 36529864" @@ -302,7 +188,7 @@ test_main(void) /* * Example with length > 16 */ - test_siv_aes256("SIV_CMAC_AES256", + test_aead_message(&siv_cmac_aes256, SHEX("c27df2fd aec35d4a 2a412a50 c3e8c47d" "2d568e91 a38e5414 8abdc0b6 e86caf87" "695c0a8a df4c5f8e b2c6c8b1 36529864" @@ -322,7 +208,7 @@ test_main(void) /* * Example with single AAD, length > 16 */ - test_siv_aes256("SIV_CMAC_AES256", + test_aead_message(&siv_cmac_aes256, SHEX("c27df2fd aec35d4a 2a412a50 c3e8c47d" "2d568e91 a38e5414 8abdc0b6 e86caf87" "695c0a8a df4c5f8e b2c6c8b1 36529864" @@ -345,7 +231,7 @@ test_main(void) * Example from miscreant.js with no AD * https://github.com/miscreant/miscreant.js/blob/master/vectors/aes_siv_aead.tjson */ - test_siv_aes128("SIV_CMAC_AES128", + test_aead_message(&siv_cmac_aes128, SHEX("fffefdfc fbfaf9f8 f7f6f5f4 f3f2f1f0" "f0f1f2f3 f4f5f6f7 f8f9fafb fcfdfeff"), SHEX("10111213 1415161718191a1b1 c1d1e1f2" @@ -358,7 +244,7 @@ test_main(void) /* * Example from miscreant.js with AD */ - test_siv_aes128("SIV_CMAC_AES128", + test_aead_message(&siv_cmac_aes128, SHEX("7f7e7d7c 7b7a7978 77767574 73727170" "40414243 44454647 48494a4b 4c4d4e4f"), SHEX("09f91102 9d74e35b d84156c5 635688c0"), diff --git a/testsuite/testutils.c b/testsuite/testutils.c index 391f7b58..74059c53 100644 --- a/testsuite/testutils.c +++ b/testsuite/testutils.c @@ -908,6 +908,127 @@ test_aead(const struct nettle_aead *aead, } void +test_aead_message (const struct nettle_aead_message *aead, + const struct tstring *key, + const struct tstring *nonce, + const struct tstring *adata, + const struct tstring *clear, + const struct tstring *cipher) +{ + void *ctx = xalloc (aead->context_size); + uint8_t *buf = xalloc (cipher->length + 1); + int res; + + ASSERT (key->length == aead->key_size); + ASSERT (cipher->length > clear->length); + ASSERT (cipher->length - clear->length == aead->digest_size); + + aead->set_encrypt_key (ctx, key->data); + buf[cipher->length] = 0xae; + aead->encrypt (ctx, + nonce->length, nonce->data, + adata->length, adata->data, + cipher->length, buf, clear->data); + if (!MEMEQ (cipher->length, cipher->data, buf)) + { + fprintf(stderr, "aead->encrypt (message) failed:\n got: "); + print_hex (cipher->length, buf); + fprintf (stderr, " exp: "); + tstring_print_hex (cipher); + FAIL(); + } + if (buf[cipher->length] != 0xae) + { + fprintf (stderr, "aead->encrypt (message) wrote too much.\n "); + FAIL(); + } + aead->set_decrypt_key (ctx, key->data); +#if 0 + /* First try in-place decrypt. FIXME: Not supported for SIV. */ + res = aead->decrypt (ctx, + nonce->length, nonce->data, + adata->length, adata->data, + clear->length, buf, buf); + if (!res) + { + fprintf (stderr, "in-place decrypting valid ciphertext failed:\n "); + tstring_print_hex (cipher); + } + if (!MEMEQ (clear->length, clear->data, buf)) + { + fprintf(stderr, "aead->decrypt (in place message) failed:\n got: "); + print_hex (clear->length, buf); + fprintf (stderr, " exp: "); + tstring_print_hex (clear); + FAIL(); + } +#endif + memset (buf, 0xae, clear->length + 1); + + res = aead->decrypt (ctx, + nonce->length, nonce->data, + adata->length, adata->data, + clear->length, buf, cipher->data); + if (!res) + { + fprintf (stderr, "decrypting valid ciphertext failed:\n "); + tstring_print_hex (cipher); + } + if (!MEMEQ (clear->length, clear->data, buf)) + { + fprintf(stderr, "aead->decrypt (message) failed:\n got: "); + print_hex (clear->length, buf); + fprintf (stderr, " exp: "); + tstring_print_hex (clear); + FAIL(); + } + + /* Invalid messages */ + if (clear->length > 0 + && aead->decrypt (ctx, + nonce->length, nonce->data, + adata->length, adata->data, + clear->length - 1, buf, cipher->data)) + { + fprintf (stderr, "Invalid message (truncated) not rejected\n"); + FAIL(); + } + memcpy (buf, cipher->data, cipher->length); + buf[0] ^= 4; + if (aead->decrypt (ctx, + nonce->length, nonce->data, + adata->length, adata->data, + clear->length, buf, buf)) + { + fprintf (stderr, "Invalid message (first byte modified) not rejected\n"); + FAIL(); + } + + memcpy (buf, cipher->data, cipher->length); + buf[cipher->length - 1] ^= 4; + if (aead->decrypt (ctx, + nonce->length, nonce->data, + adata->length, adata->data, + clear->length, buf, buf)) + { + fprintf (stderr, "Invalid message (last byte modified) not rejected\n"); + FAIL(); + } + + memcpy (buf, adata->data, adata->length); + if (adata->length == 0) + buf[0] = 0; + if (aead->decrypt (ctx, + nonce->length, nonce->data, + adata->length ? adata->length /* - 1 */ : 1, buf, + clear->length, buf, cipher->data)) + { + fprintf (stderr, "Invalid adata not rejected\n"); + FAIL(); + } +} + +void test_hash(const struct nettle_hash *hash, const struct tstring *msg, const struct tstring *digest) diff --git a/testsuite/testutils.h b/testsuite/testutils.h index 00555b3a..7606cc3a 100644 --- a/testsuite/testutils.h +++ b/testsuite/testutils.h @@ -37,9 +37,6 @@ #include "nettle-meta.h" -/* Forward declare */ -struct nettle_aead; - #ifdef __cplusplus extern "C" { #endif @@ -82,7 +79,30 @@ test_main(void); extern int verbose; -/* Test functions deallocate their inputs when finished.*/ +typedef void +nettle_encrypt_message_func(void *ctx, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t clength, uint8_t *dst, const uint8_t *src); + +typedef int +nettle_decrypt_message_func(void *ctx, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t mlength, uint8_t *dst, const uint8_t *src); + +struct nettle_aead_message +{ + const char *name; + unsigned context_size; + unsigned key_size; + unsigned digest_size; + nettle_set_key_func *set_encrypt_key; + nettle_set_key_func *set_decrypt_key; + nettle_encrypt_message_func *encrypt; + nettle_decrypt_message_func *decrypt; +}; + void test_cipher(const struct nettle_cipher *cipher, const struct tstring *key, @@ -134,6 +154,14 @@ test_aead(const struct nettle_aead *aead, const struct tstring *digest); void +test_aead_message(const struct nettle_aead_message *aead, + const struct tstring *key, + const struct tstring *adata, + const struct tstring *nonce, + const struct tstring *clear, + const struct tstring *cipher); + +void test_hash(const struct nettle_hash *hash, const struct tstring *msg, const struct tstring *digest); |