Add a regress test for AEAD, based on Adam Langley's code.

author: jsing <> 2014-05-15 13:56:14 +0000
committer: jsing <> 2014-05-15 13:56:14 +0000
commit: 06e9116771d440a4cc40f2d8654de552543b9c00 (patch)
tree: ebdca1bcaf04ba676812b4f585ad4afb18e778a8
parent: 9135c0f787fcbeb8cc9c173e57e9659527be56c5 (diff)
download: openbsd-06e9116771d440a4cc40f2d8654de552543b9c00.tar.gz
openbsd-06e9116771d440a4cc40f2d8654de552543b9c00.tar.bz2
openbsd-06e9116771d440a4cc40f2d8654de552543b9c00.zip
3 files changed, 413 insertions, 0 deletions
diff --git a/src/regress/lib/libcrypto/aead/Makefile b/src/regress/lib/libcrypto/aead/Makefile
new file mode 100644
index 0000000000..3f4f302efe
--- /dev/null
+++ b/src/regress/lib/libcrypto/aead/Makefile
@@ -0,0 +1,12 @@
+#       $OpenBSD: Makefile,v 1.1 2014/05/15 13:56:14 jsing Exp $
+PROG=   aeadtest
+LDADD=  -lcrypto
+DPADD=  ${LIBCRYPTO}
+REGRESS_TARGETS=regress-aeadtest
+regress-aeadtest: ${PROG}
+        ./${PROG} ${.CURDIR}/aeadtests.txt
+.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/aead/aeadtest.c b/src/regress/lib/libcrypto/aead/aeadtest.c
new file mode 100644
index 0000000000..e74b9fca97
--- /dev/null
+++ b/src/regress/lib/libcrypto/aead/aeadtest.c
@@ -0,0 +1,362 @@
+/* ====================================================================
+ * Copyright (c) 2011-2013 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <openssl/evp.h>
+/* This program tests an AEAD against a series of test vectors from a file. The
+ * test vector file consists of key-value lines where the key and value are
+ * separated by a colon and optional whitespace. The keys are listed in
+ * |NAMES|, below. The values are hex-encoded data.
+ *
+ * After a number of key-value lines, a blank line or EOF indicates the end of
+ * the test case.
+ *
+ * For example, here's a valid test case:
+ *
+ *   AEAD: chacha20-poly1305
+ *   KEY: 5a19f3173586b4c42f8412f4d5a786531b3231753e9e00998aec12fda8df10e4
+ *   NONCE: 978105dfce667bf4
+ *   IN: 6a4583908d
+ *   AD: b654574932
+ *   CT: 5294265a60
+ *   TAG: 1d45758621762e061368e68868e2f929
+ */
+#define BUF_MAX 512
+/* These are the different types of line that are found in the input file. */
+enum {
+        AEAD = 0,       /* name of the AEAD algorithm. */
+        KEY,            /* hex encoded key. */
+        NONCE,          /* hex encoded nonce. */
+        IN,             /* hex encoded plaintext. */
+        AD,             /* hex encoded additional data. */
+        CT,             /* hex encoded ciphertext (not including the
+                         * authenticator, which is next. */
+        TAG,            /* hex encoded authenticator. */
+        NUM_TYPES
+};
+static const char NAMES[NUM_TYPES][6] = {
+        "AEAD",
+        "KEY",
+        "NONCE",
+        "IN",
+        "AD",
+        "CT",
+        "TAG",
+};
+static unsigned char
+hex_digit(char h) {
+        if (h >= '0' && h <= '9')
+                return h - '0';
+        else if (h >= 'a' && h <= 'f')
+                return h - 'a' + 10;
+        else if (h >= 'A' && h <= 'F')
+                return h - 'A' + 10;
+        else
+                return 16;
+}
+int
+aead_from_name(const EVP_AEAD **aead, const char *name){
+        *aead = NULL;
+        if (strcmp(name, "aes-128-gcm") == 0) {
+#ifndef OPENSSL_NO_AES
+                *aead = EVP_aead_aes_128_gcm();
+#else
+                fprintf(stderr, "No AES support.\n");
+#endif
+        } else if (strcmp(name, "aes-256-gcm") == 0) {
+#ifndef OPENSSL_NO_AES
+                *aead = EVP_aead_aes_256_gcm();
+#else
+                fprintf(stderr, "No AES support.\n");
+#endif
+        } else {
+                fprintf(stderr, "Unknown AEAD: %s\n", name);
+                return -1;
+        }
+        if (aead == NULL)
+                return 0;
+        return 1;
+}
+static int
+run_test_case(const EVP_AEAD* aead, unsigned char bufs[NUM_TYPES][BUF_MAX],
+    const unsigned int lengths[NUM_TYPES], unsigned int line_no)
+{
+        EVP_AEAD_CTX ctx;
+        ssize_t n;
+        size_t un;
+        unsigned char out[BUF_MAX+EVP_AEAD_MAX_TAG_LENGTH], out2[BUF_MAX];
+        if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY],
+            lengths[TAG], NULL)) {
+                fprintf(stderr, "Failed to init AEAD on line %u\n", line_no);
+                return 0;
+        }
+        n = EVP_AEAD_CTX_seal(&ctx, out, sizeof(out), bufs[NONCE],
+            lengths[NONCE], bufs[IN], lengths[IN], bufs[AD], lengths[AD]);
+        if (n < 0) {
+                fprintf(stderr, "Failed to run AEAD on line %u\n", line_no);
+                return 0;
+        }
+        un = (size_t)n;
+        if (un != lengths[CT] + lengths[TAG]) {
+                fprintf(stderr, "Bad output length on line %u: %u vs %u\n",
+                        line_no, (unsigned) un,
+                        (unsigned)(lengths[CT] + lengths[TAG]));
+                return 0;
+        }
+        if (memcmp(out, bufs[CT], lengths[CT]) != 0) {
+                fprintf(stderr, "Bad output on line %u\n", line_no);
+                return 0;
+        }
+        if (memcmp(out + lengths[CT], bufs[TAG], lengths[TAG]) != 0) {
+                fprintf(stderr, "Bad tag on line %u\n", line_no);
+                return 0;
+        }
+        n = EVP_AEAD_CTX_open(&ctx, out2, lengths[IN], bufs[NONCE],
+            lengths[NONCE], out, un, bufs[AD], lengths[AD]);
+        if (n < 0) {
+                fprintf(stderr, "Failed to decrypt on line %u\n", line_no);
+                return 0;
+        }
+        if ((size_t)n != lengths[IN]) {
+                fprintf(stderr, "Bad decrypt on line %u: %u\n", line_no,
+                        (unsigned) n);
+                return 0;
+        }
+        out[0] ^= 0x80;
+        n = EVP_AEAD_CTX_open(&ctx, out2, lengths[IN], bufs[NONCE],
+            lengths[NONCE], out, un, bufs[AD], lengths[AD]);
+        if (n >= 0) {
+                fprintf(stderr, "Decrypted bad data on line %u\n", line_no);
+                return 0;
+        }
+        EVP_AEAD_CTX_cleanup(&ctx);
+        return 1;
+}
+int
+main(int argc, char **argv)
+{
+        FILE *f;
+        const EVP_AEAD *aead = NULL;
+        unsigned int line_no = 0, num_tests = 0, j;
+        unsigned char bufs[NUM_TYPES][BUF_MAX];
+        unsigned int lengths[NUM_TYPES];
+        if (argc != 2) {
+                fprintf(stderr, "%s <test file.txt>\n", argv[0]);
+                return 1;
+        }
+        f = fopen(argv[1], "r");
+        if (f == NULL) {
+                perror("failed to open input");
+                return 1;
+        }
+        for (j = 0; j < NUM_TYPES; j++)
+                lengths[j] = 0;
+        for (;;) {
+                char line[4096];
+                unsigned int i, type_len = 0;
+                unsigned char *buf = NULL;
+                unsigned int *buf_len = NULL;
+                if (!fgets(line, sizeof(line), f))
+                        break;
+                line_no++;
+                if (line[0] == '#')
+                        continue;
+                if (line[0] == '\n' || line[0] == 0) {
+                        /* Run a test, if possible. */
+                        char any_values_set = 0;
+                        for (j = 0; j < NUM_TYPES; j++) {
+                                if (lengths[j] != 0) {
+                                        any_values_set = 1;
+                                        break;
+                                }
+                        }
+                        if (!any_values_set)
+                                continue;
+                        switch (aead_from_name(&aead, bufs[AEAD])) {
+                        case 0:
+                                fprintf(stderr, "Skipping test...\n");
+                                continue;
+                        case -1:
+                                fprintf(stderr, "Aborting...\n");
+                                return 4;
+                        }
+                        
+                        if (!run_test_case(aead, bufs, lengths, line_no))
+                                return 4;
+                        for (j = 0; j < NUM_TYPES; j++)
+                                lengths[j] = 0;
+                        num_tests++;
+                        continue;
+                }
+                /* Each line looks like:
+                 *   TYPE: 0123abc
+                 * Where "TYPE" is the type of the data on the line,
+                 * e.g. "KEY". */
+                for (i = 0; line[i] != 0 && line[i] != '\n'; i++) {
+                        if (line[i] == ':') {
+                                type_len = i;
+                                break;
+                        }
+                }
+                i++;
+                if (type_len == 0) {
+                        fprintf(stderr, "Parse error on line %u\n", line_no);
+                        return 3;
+                }
+                /* After the colon, there's optional whitespace. */
+                for (; line[i] != 0 && line[i] != '\n'; i++) {
+                        if (line[i] != ' ' && line[i] != '\t')
+                                break;
+                }
+                line[type_len] = 0;
+                for (j = 0; j < NUM_TYPES; j++) {
+                        if (strcmp(line, NAMES[j]) != 0)
+                                continue;
+                        if (lengths[j] != 0) {
+                                fprintf(stderr, "Duplicate value on line %u\n",
+                                    line_no);
+                                return 3;
+                        }
+                        buf = bufs[j];
+                        buf_len = &lengths[j];
+                        break;
+                }
+                if (buf == NULL) {
+                        fprintf(stderr, "Unknown line type on line %u\n",
+                            line_no);
+                        return 3;
+                }
+                if (j == AEAD) {
+                        *buf_len = strlcpy(buf, line + i, BUF_MAX);
+                        for (j = 0; j < BUF_MAX; j++) {
+                                if (buf[j] == '\n')
+                                        buf[j] = '\0';
+                        }
+                        continue;
+                }
+                for (j = 0; line[i] != 0 && line[i] != '\n'; i++) {
+                        unsigned char v, v2;
+                        v = hex_digit(line[i++]);
+                        if (line[i] == 0 || line[i] == '\n') {
+                                fprintf(stderr, "Odd-length hex data on "
+                                    "line %u\n", line_no);
+                                return 3;
+                        }
+                        v2 = hex_digit(line[i]);
+                        if (v > 15 || v2 > 15) {
+                                fprintf(stderr, "Invalid hex char on line %u\n",
+                                    line_no);
+                                return 3;
+                        }
+                        v <<= 4;
+                        v |= v2;
+                        if (j == BUF_MAX) {
+                                fprintf(stderr, "Too much hex data on line %u "
+                                    "(max is %u bytes)\n",
+                                    line_no, (unsigned) BUF_MAX);
+                                return 3;
+                        }
+                        buf[j++] = v;
+                        *buf_len = *buf_len + 1;
+                }
+        }
+        printf("Completed %u test cases\n", num_tests);
+        printf("PASS\n");
+        fclose(f);
+        return 0;
+}
diff --git a/src/regress/lib/libcrypto/aead/aeadtests.txt b/src/regress/lib/libcrypto/aead/aeadtests.txt
new file mode 100644
index 0000000000..ec06430121
--- /dev/null
+++ b/src/regress/lib/libcrypto/aead/aeadtests.txt
@@ -0,0 +1,39 @@
+# MACsec GCM-AES Test Vectors (bn-randall-test-vectors-0511-v1.pdf)
+# 2.5.1 65-byte Packet Authentication Using GCM-AES-128
+AEAD: aes-128-gcm
+KEY: 013FE00B5F11BE7F866D0CBBC55A7A90
+NONCE: 7CFDE9F9E33724C68932D612
+IN:
+AD: 84C5D513D2AAF6E5BBD2727788E523008932D6127CFDE9F9E33724C608000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F0005
+CT:
+TAG: 217867E50C2DAD74C28C3B50ABDF695A
+# MACsec GCM-AES Test Vectors (bn-randall-test-vectors-0511-v1.pdf)
+# 2.5.2 65-byte Packet Authentication Using GCM-AES-256
+AEAD: aes-256-gcm
+KEY: 83C093B58DE7FFE1C0DA926AC43FB3609AC1C80FEE1B624497EF942E2F79A823
+NONCE: 7CFDE9F9E33724C68932D612
+IN:
+AD: 84C5D513D2AAF6E5BBD2727788E523008932D6127CFDE9F9E33724C608000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F0005
+CT:
+TAG: 6EE160E8FAECA4B36C86B234920CA975
+# MACsec GCM-AES Test Vectors (bn-randall-test-vectors-0511-v1.pdf)
+# 2.8.1 75-byte Packet Encryption Using GCM-AES-128
+AEAD: aes-128-gcm
+KEY: 88EE087FD95DA9FBF6725AA9D757B0CD
+NONCE: 7AE8E2CA4EC500012E58495C
+IN: 08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748490008
+AD: 68F2E77696CE7AE8E2CA4EC588E54D002E58495C
+CT: C31F53D99E5687F7365119B832D2AAE70741D593F1F9E2AB3455779B078EB8FEACDFEC1F8E3E5277F8180B43361F6512ADB16D2E38548A2C719DBA7228D840
+TAG: 88F8757ADB8AA788D8F65AD668BE70E7
+# MACsec GCM-AES Test Vectors (bn-randall-test-vectors-0511-v1.pdf)
+# 2.8.2 75-byte Packet Encryption Using GCM-AES-256
+AEAD: aes-256-gcm
+KEY: 4C973DBC7364621674F8B5B89E5C15511FCED9216490FB1C1A2CAA0FFE0407E5
+NONCE: 7AE8E2CA4EC500012E58495C
+IN: 08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748490008
+AD: 68F2E77696CE7AE8E2CA4EC588E54D002E58495C
+CT: BA8AE31BC506486D6873E4FCE460E7DC57591FF00611F31C3834FE1C04AD80B66803AFCF5B27E6333FA67C99DA47C2F0CED68D531BD741A943CFF7A6713BD0
+TAG: 2611CD7DAA01D61C5C886DC1A8170107
author	jsing <>	2014-05-15 13:56:14 +0000
committer	jsing <>	2014-05-15 13:56:14 +0000
commit	06e9116771d440a4cc40f2d8654de552543b9c00 (patch)
tree	ebdca1bcaf04ba676812b4f585ad4afb18e778a8
parent	9135c0f787fcbeb8cc9c173e57e9659527be56c5 (diff)
download	openbsd-06e9116771d440a4cc40f2d8654de552543b9c00.tar.gz openbsd-06e9116771d440a4cc40f2d8654de552543b9c00.tar.bz2 openbsd-06e9116771d440a4cc40f2d8654de552543b9c00.zip

diff --git a/src/regress/lib/libcrypto/aead/Makefile b/src/regress/lib/libcrypto/aead/Makefile new file mode 100644 index 0000000000..3f4f302efe --- /dev/null +++ b/src/regress/lib/libcrypto/aead/Makefile
@@ -0,0 +1,12 @@
	1	# $OpenBSD: Makefile,v 1.1 2014/05/15 13:56:14 jsing Exp $
	2
	3	PROG= aeadtest
	4	LDADD= -lcrypto
	5	DPADD= ${LIBCRYPTO}
	6
	7	REGRESS_TARGETS=regress-aeadtest
	8
	9	regress-aeadtest: ${PROG}
	10	./${PROG} ${.CURDIR}/aeadtests.txt
	11
	12	.include <bsd.regress.mk>


diff --git a/src/regress/lib/libcrypto/aead/aeadtest.c b/src/regress/lib/libcrypto/aead/aeadtest.c new file mode 100644 index 0000000000..e74b9fca97 --- /dev/null +++ b/src/regress/lib/libcrypto/aead/aeadtest.c
@@ -0,0 +1,362 @@
	1	/* ====================================================================
	2	* Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved.
	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	*
	8	* 1. Redistributions of source code must retain the above copyright
	9	* notice, this list of conditions and the following disclaimer.
	10	*
	11	* 2. Redistributions in binary form must reproduce the above copyright
	12	* notice, this list of conditions and the following disclaimer in
	13	* the documentation and/or other materials provided with the
	14	* distribution.
	15	*
	16	* 3. All advertising materials mentioning features or use of this
	17	* software must display the following acknowledgment:
	18	* "This product includes software developed by the OpenSSL Project
	19	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	20	*
	21	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	22	* endorse or promote products derived from this software without
	23	* prior written permission. For written permission, please contact
	24	* licensing@OpenSSL.org.
	25	*
	26	* 5. Products derived from this software may not be called "OpenSSL"
	27	* nor may "OpenSSL" appear in their names without prior written
	28	* permission of the OpenSSL Project.
	29	*
	30	* 6. Redistributions of any form whatsoever must retain the following
	31	* acknowledgment:
	32	* "This product includes software developed by the OpenSSL Project
	33	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	34	*
	35	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	36	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	37	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	38	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	39	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	40	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	41	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	42	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	43	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	44	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	45	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	46	* OF THE POSSIBILITY OF SUCH DAMAGE.
	47	* ====================================================================
	48	*/
	49
	50	#include <stdio.h>
	51	#include <stdlib.h>
	52	#include <string.h>
	53	#include <stdint.h>
	54
	55	#include <openssl/evp.h>
	56
	57	/* This program tests an AEAD against a series of test vectors from a file. The
	58	* test vector file consists of key-value lines where the key and value are
	59	* separated by a colon and optional whitespace. The keys are listed in
	60	* \|NAMES\|, below. The values are hex-encoded data.
	61	*
	62	* After a number of key-value lines, a blank line or EOF indicates the end of
	63	* the test case.
	64	*
	65	* For example, here's a valid test case:
	66	*
	67	* AEAD: chacha20-poly1305
	68	* KEY: 5a19f3173586b4c42f8412f4d5a786531b3231753e9e00998aec12fda8df10e4
	69	* NONCE: 978105dfce667bf4
	70	* IN: 6a4583908d
	71	* AD: b654574932
	72	* CT: 5294265a60
	73	* TAG: 1d45758621762e061368e68868e2f929
	74	*/
	75
	76	#define BUF_MAX 512
	77
	78	/* These are the different types of line that are found in the input file. */
	79	enum {
	80	AEAD = 0, /* name of the AEAD algorithm. */
	81	KEY, /* hex encoded key. */
	82	NONCE, /* hex encoded nonce. */
	83	IN, /* hex encoded plaintext. */
	84	AD, /* hex encoded additional data. */
	85	CT, /* hex encoded ciphertext (not including the
	86	* authenticator, which is next. */
	87	TAG, /* hex encoded authenticator. */
	88	NUM_TYPES
	89	};
	90
	91	static const char NAMES[NUM_TYPES][6] = {
	92	"AEAD",
	93	"KEY",
	94	"NONCE",
	95	"IN",
	96	"AD",
	97	"CT",
	98	"TAG",
	99	};
	100
	101	static unsigned char
	102	hex_digit(char h) {
	103	if (h >= '0' && h <= '9')
	104	return h - '0';
	105	else if (h >= 'a' && h <= 'f')
	106	return h - 'a' + 10;
	107	else if (h >= 'A' && h <= 'F')
	108	return h - 'A' + 10;
	109	else
	110	return 16;
	111	}
	112
	113	int
	114	aead_from_name(const EVP_AEAD *aead, const char name){
	115	*aead = NULL;
	116
	117	if (strcmp(name, "aes-128-gcm") == 0) {
	118	#ifndef OPENSSL_NO_AES
	119	*aead = EVP_aead_aes_128_gcm();
	120	#else
	121	fprintf(stderr, "No AES support.\n");
	122	#endif
	123	} else if (strcmp(name, "aes-256-gcm") == 0) {
	124	#ifndef OPENSSL_NO_AES
	125	*aead = EVP_aead_aes_256_gcm();
	126	#else
	127	fprintf(stderr, "No AES support.\n");
	128	#endif
	129	} else {
	130	fprintf(stderr, "Unknown AEAD: %s\n", name);
	131	return -1;
	132	}
	133
	134	if (aead == NULL)
	135	return 0;
	136
	137	return 1;
	138	}
	139
	140	static int
	141	run_test_case(const EVP_AEAD* aead, unsigned char bufs[NUM_TYPES][BUF_MAX],
	142	const unsigned int lengths[NUM_TYPES], unsigned int line_no)
	143	{
	144	EVP_AEAD_CTX ctx;
	145	ssize_t n;
	146	size_t un;
	147	unsigned char out[BUF_MAX+EVP_AEAD_MAX_TAG_LENGTH], out2[BUF_MAX];
	148
	149	if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY],
	150	lengths[TAG], NULL)) {
	151	fprintf(stderr, "Failed to init AEAD on line %u\n", line_no);
	152	return 0;
	153	}
	154
	155	n = EVP_AEAD_CTX_seal(&ctx, out, sizeof(out), bufs[NONCE],
	156	lengths[NONCE], bufs[IN], lengths[IN], bufs[AD], lengths[AD]);
	157
	158	if (n < 0) {
	159	fprintf(stderr, "Failed to run AEAD on line %u\n", line_no);
	160	return 0;
	161	}
	162
	163	un = (size_t)n;
	164
	165	if (un != lengths[CT] + lengths[TAG]) {
	166	fprintf(stderr, "Bad output length on line %u: %u vs %u\n",
	167	line_no, (unsigned) un,
	168	(unsigned)(lengths[CT] + lengths[TAG]));
	169	return 0;
	170	}
	171
	172	if (memcmp(out, bufs[CT], lengths[CT]) != 0) {
	173	fprintf(stderr, "Bad output on line %u\n", line_no);
	174	return 0;
	175	}
	176
	177	if (memcmp(out + lengths[CT], bufs[TAG], lengths[TAG]) != 0) {
	178	fprintf(stderr, "Bad tag on line %u\n", line_no);
	179	return 0;
	180	}
	181
	182	n = EVP_AEAD_CTX_open(&ctx, out2, lengths[IN], bufs[NONCE],
	183	lengths[NONCE], out, un, bufs[AD], lengths[AD]);
	184	if (n < 0) {
	185	fprintf(stderr, "Failed to decrypt on line %u\n", line_no);
	186	return 0;
	187	}
	188
	189	if ((size_t)n != lengths[IN]) {
	190	fprintf(stderr, "Bad decrypt on line %u: %u\n", line_no,
	191	(unsigned) n);
	192	return 0;
	193	}
	194
	195	out[0] ^= 0x80;
	196	n = EVP_AEAD_CTX_open(&ctx, out2, lengths[IN], bufs[NONCE],
	197	lengths[NONCE], out, un, bufs[AD], lengths[AD]);
	198	if (n >= 0) {
	199	fprintf(stderr, "Decrypted bad data on line %u\n", line_no);
	200	return 0;
	201	}
	202
	203	EVP_AEAD_CTX_cleanup(&ctx);
	204	return 1;
	205	}
	206
	207	int
	208	main(int argc, char **argv)
	209	{
	210	FILE *f;
	211	const EVP_AEAD *aead = NULL;
	212	unsigned int line_no = 0, num_tests = 0, j;
	213
	214	unsigned char bufs[NUM_TYPES][BUF_MAX];
	215	unsigned int lengths[NUM_TYPES];
	216
	217	if (argc != 2) {
	218	fprintf(stderr, "%s <test file.txt>\n", argv[0]);
	219	return 1;
	220	}
	221
	222	f = fopen(argv[1], "r");
	223	if (f == NULL) {
	224	perror("failed to open input");
	225	return 1;
	226	}
	227
	228	for (j = 0; j < NUM_TYPES; j++)
	229	lengths[j] = 0;
	230
	231	for (;;) {
	232	char line[4096];
	233	unsigned int i, type_len = 0;
	234
	235	unsigned char *buf = NULL;
	236	unsigned int *buf_len = NULL;
	237
	238	if (!fgets(line, sizeof(line), f))
	239	break;
	240
	241	line_no++;
	242	if (line[0] == '#')
	243	continue;
	244
	245	if (line[0] == '\n' \|\| line[0] == 0) {
	246	/* Run a test, if possible. */
	247	char any_values_set = 0;
	248	for (j = 0; j < NUM_TYPES; j++) {
	249	if (lengths[j] != 0) {
	250	any_values_set = 1;
	251	break;
	252	}
	253	}
	254
	255	if (!any_values_set)
	256	continue;
	257
	258	switch (aead_from_name(&aead, bufs[AEAD])) {
	259	case 0:
	260	fprintf(stderr, "Skipping test...\n");
	261	continue;
	262	case -1:
	263	fprintf(stderr, "Aborting...\n");
	264	return 4;
	265	}
	266
	267	if (!run_test_case(aead, bufs, lengths, line_no))
	268	return 4;
	269
	270	for (j = 0; j < NUM_TYPES; j++)
	271	lengths[j] = 0;
	272
	273	num_tests++;
	274	continue;
	275	}
	276
	277	/* Each line looks like:
	278	* TYPE: 0123abc
	279	* Where "TYPE" is the type of the data on the line,
	280	* e.g. "KEY". */
	281	for (i = 0; line[i] != 0 && line[i] != '\n'; i++) {
	282	if (line[i] == ':') {
	283	type_len = i;
	284	break;
	285	}
	286	}
	287	i++;
	288
	289	if (type_len == 0) {
	290	fprintf(stderr, "Parse error on line %u\n", line_no);
	291	return 3;
	292	}
	293
	294	/* After the colon, there's optional whitespace. */
	295	for (; line[i] != 0 && line[i] != '\n'; i++) {
	296	if (line[i] != ' ' && line[i] != '\t')
	297	break;
	298	}
	299
	300	line[type_len] = 0;
	301	for (j = 0; j < NUM_TYPES; j++) {
	302	if (strcmp(line, NAMES[j]) != 0)
	303	continue;
	304	if (lengths[j] != 0) {
	305	fprintf(stderr, "Duplicate value on line %u\n",
	306	line_no);
	307	return 3;
	308	}
	309	buf = bufs[j];
	310	buf_len = &lengths[j];
	311	break;
	312	}
	313
	314	if (buf == NULL) {
	315	fprintf(stderr, "Unknown line type on line %u\n",
	316	line_no);
	317	return 3;
	318	}
	319
	320	if (j == AEAD) {
	321	*buf_len = strlcpy(buf, line + i, BUF_MAX);
	322	for (j = 0; j < BUF_MAX; j++) {
	323	if (buf[j] == '\n')
	324	buf[j] = '\0';
	325	}
	326	continue;
	327	}
	328
	329	for (j = 0; line[i] != 0 && line[i] != '\n'; i++) {
	330	unsigned char v, v2;
	331	v = hex_digit(line[i++]);
	332	if (line[i] == 0 \|\| line[i] == '\n') {
	333	fprintf(stderr, "Odd-length hex data on "
	334	"line %u\n", line_no);
	335	return 3;
	336	}
	337	v2 = hex_digit(line[i]);
	338	if (v > 15 \|\| v2 > 15) {
	339	fprintf(stderr, "Invalid hex char on line %u\n",
	340	line_no);
	341	return 3;
	342	}
	343	v <<= 4;
	344	v \|= v2;
	345
	346	if (j == BUF_MAX) {
	347	fprintf(stderr, "Too much hex data on line %u "
	348	"(max is %u bytes)\n",
	349	line_no, (unsigned) BUF_MAX);
	350	return 3;
	351	}
	352	buf[j++] = v;
	353	buf_len = buf_len + 1;
	354	}
	355	}
	356
	357	printf("Completed %u test cases\n", num_tests);
	358	printf("PASS\n");
	359	fclose(f);
	360
	361	return 0;
	362	}


diff --git a/src/regress/lib/libcrypto/aead/aeadtests.txt b/src/regress/lib/libcrypto/aead/aeadtests.txt new file mode 100644 index 0000000000..ec06430121 --- /dev/null +++ b/src/regress/lib/libcrypto/aead/aeadtests.txt
@@ -0,0 +1,39 @@
	1	# MACsec GCM-AES Test Vectors (bn-randall-test-vectors-0511-v1.pdf)
	2	# 2.5.1 65-byte Packet Authentication Using GCM-AES-128
	3	AEAD: aes-128-gcm
	4	KEY: 013FE00B5F11BE7F866D0CBBC55A7A90
	5	NONCE: 7CFDE9F9E33724C68932D612
	6	IN:
	7	AD: 84C5D513D2AAF6E5BBD2727788E523008932D6127CFDE9F9E33724C608000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F0005
	8	CT:
	9	TAG: 217867E50C2DAD74C28C3B50ABDF695A
	10
	11	# MACsec GCM-AES Test Vectors (bn-randall-test-vectors-0511-v1.pdf)
	12	# 2.5.2 65-byte Packet Authentication Using GCM-AES-256
	13	AEAD: aes-256-gcm
	14	KEY: 83C093B58DE7FFE1C0DA926AC43FB3609AC1C80FEE1B624497EF942E2F79A823
	15	NONCE: 7CFDE9F9E33724C68932D612
	16	IN:
	17	AD: 84C5D513D2AAF6E5BBD2727788E523008932D6127CFDE9F9E33724C608000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F0005
	18	CT:
	19	TAG: 6EE160E8FAECA4B36C86B234920CA975
	20
	21	# MACsec GCM-AES Test Vectors (bn-randall-test-vectors-0511-v1.pdf)
	22	# 2.8.1 75-byte Packet Encryption Using GCM-AES-128
	23	AEAD: aes-128-gcm
	24	KEY: 88EE087FD95DA9FBF6725AA9D757B0CD
	25	NONCE: 7AE8E2CA4EC500012E58495C
	26	IN: 08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748490008
	27	AD: 68F2E77696CE7AE8E2CA4EC588E54D002E58495C
	28	CT: C31F53D99E5687F7365119B832D2AAE70741D593F1F9E2AB3455779B078EB8FEACDFEC1F8E3E5277F8180B43361F6512ADB16D2E38548A2C719DBA7228D840
	29	TAG: 88F8757ADB8AA788D8F65AD668BE70E7
	30
	31	# MACsec GCM-AES Test Vectors (bn-randall-test-vectors-0511-v1.pdf)
	32	# 2.8.2 75-byte Packet Encryption Using GCM-AES-256
	33	AEAD: aes-256-gcm
	34	KEY: 4C973DBC7364621674F8B5B89E5C15511FCED9216490FB1C1A2CAA0FFE0407E5
	35	NONCE: 7AE8E2CA4EC500012E58495C
	36	IN: 08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748490008
	37	AD: 68F2E77696CE7AE8E2CA4EC588E54D002E58495C
	38	CT: BA8AE31BC506486D6873E4FCE460E7DC57591FF00611F31C3834FE1C04AD80B66803AFCF5B27E6333FA67C99DA47C2F0CED68D531BD741A943CFF7A6713BD0
	39	TAG: 2611CD7DAA01D61C5C886DC1A8170107