Add non-EVP tests for AES CFB128 and OFB128 modes

Extend aes_test.c to include non-EVP tests for AES CFB128 and OFB128 modes using AES_cfb128_encrypt() and AES_ofb128_encrypt(). These additions improve test coverage by exercising the low-level interfaces with the same vectors used in the EVP-based tests. ok tb@
author: kenjiro <> 2025-06-03 08:19:29 +0000
committer: kenjiro <> 2025-06-03 08:19:29 +0000
commit: db4ef294b026e518a37a083a9ef4d3adffea371c (patch)
tree: e4a78fbd7865f78c6c67e53380015fd28557e585
parent: 4e06c13b92554011a9a697c3225a4cdd58a06fe0 (diff)
download: openbsd-db4ef294b026e518a37a083a9ef4d3adffea371c.tar.gz
openbsd-db4ef294b026e518a37a083a9ef4d3adffea371c.tar.bz2
openbsd-db4ef294b026e518a37a083a9ef4d3adffea371c.zip
1 files changed, 112 insertions, 8 deletions
diff --git a/src/regress/lib/libcrypto/aes/aes_test.c b/src/regress/lib/libcrypto/aes/aes_test.c
index 37bee05ca7..564fadb01c 100644
--- a/src/regress/lib/libcrypto/aes/aes_test.c
+++ b/src/regress/lib/libcrypto/aes/aes_test.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: aes_test.c,v 1.3 2023/09/28 08:21:43 tb Exp $ */
+/*      $OpenBSD: aes_test.c,v 1.4 2025/06/03 08:19:29 kenjiro Exp $ */
 /*
 * Copyright (c) 2022 Joshua Sing <joshua@hypera.dev>
 *
@@ -542,7 +542,10 @@ aes_ecb_test(size_t test_number, const char *label, int key_bits,
        /* Encryption */
        memset(out, 0, sizeof(out));
-        AES_set_encrypt_key(at->key, key_bits, &key);
+        if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
+                fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
+                return 0;
+        }
        AES_ecb_encrypt(at->in, out, &key, 1);
        if (memcmp(at->out, out, at->out_len) != 0) {
@@ -553,7 +556,10 @@ aes_ecb_test(size_t test_number, const char *label, int key_bits,
        /* Decryption */
        memset(out, 0, sizeof(out));
-        AES_set_decrypt_key(at->key, key_bits, &key);
+        if (AES_set_decrypt_key(at->key, key_bits, &key) != 0) {
+                fprintf(stderr, "FAIL (%s:%zu): AES_set_decrypt_key failed\n", label, test_number);
+                return 0;
+        }
        AES_ecb_encrypt(at->out, out, &key, 0);
        if (memcmp(at->in, out, at->in_len) != 0) {
@@ -582,7 +588,10 @@ aes_cbc_test(size_t test_number, const char *label, int key_bits,
        /* Encryption */
        memset(out, 0, sizeof(out));
        memcpy(iv, at->iv, at->iv_len);
-        AES_set_encrypt_key(at->key, key_bits, &key);
+        if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
+                fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
+                return 0;
+        }
        AES_cbc_encrypt(at->in, out, at->in_len, &key, iv, 1);
        if (memcmp(at->out, out, at->out_len) != 0) {
@@ -594,7 +603,10 @@ aes_cbc_test(size_t test_number, const char *label, int key_bits,
        /* Decryption */
        memset(out, 0, sizeof(out));
        memcpy(iv, at->iv, at->iv_len);
-        AES_set_decrypt_key(at->key, key_bits, &key);
+        if (AES_set_decrypt_key(at->key, key_bits, &key) != 0) {
+                fprintf(stderr, "FAIL (%s:%zu): AES_set_decrypt_key failed\n", label, test_number);
+                return 0;
+        }
        AES_cbc_encrypt(at->out, out, at->out_len, &key, iv, 0);
        if (memcmp(at->in, out, at->in_len) != 0) {
@@ -607,6 +619,96 @@ aes_cbc_test(size_t test_number, const char *label, int key_bits,
 }
 static int
+aes_cfb128_test(size_t test_number, const char *label, int key_bits,
+    const struct aes_test *at)
+{
+        AES_KEY key;
+        uint8_t out[64];
+        uint8_t iv[16];
+        int num = 0;
+        /* CFB mode has no padding */
+        /* Encryption */
+        memset(out, 0, sizeof(out));
+        memcpy(iv, at->iv, at->iv_len);
+        if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
+                fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
+                return 0;
+        }
+        AES_cfb128_encrypt(at->in, out, at->in_len, &key, iv, &num, AES_ENCRYPT);
+        if (memcmp(at->out, out, at->out_len) != 0) {
+                fprintf(stderr, "FAIL (%s:%zu): encryption mismatch\n",
+                    label, test_number);
+                return 0;
+        }
+        /* Decryption */
+        memset(out, 0, sizeof(out));
+        memcpy(iv, at->iv, at->iv_len);
+        num = 0;
+        if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
+                fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
+                return 0;
+        }
+        AES_cfb128_encrypt(at->out, out, at->out_len, &key, iv, &num, AES_DECRYPT);
+        if (memcmp(at->in, out, at->in_len) != 0) {
+                fprintf(stderr, "FAIL (%s:%zu): decryption mismatch\n",
+                    label, test_number);
+                return 0;
+        }
+        return 1;
+}
+static int
+aes_ofb128_test(size_t test_number, const char *label, int key_bits,
+    const struct aes_test *at)
+{
+        AES_KEY key;
+        uint8_t out[64];
+        uint8_t iv[16];
+        int num = 0;
+        /* OFB mode has no padding */
+        /* Encryption */
+        memset(out, 0, sizeof(out));
+        memcpy(iv, at->iv, at->iv_len);
+        if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
+                fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
+                return 0;
+        }
+        AES_ofb128_encrypt(at->in, out, at->in_len, &key, iv, &num);
+        if (memcmp(at->out, out, at->out_len) != 0) {
+                fprintf(stderr, "FAIL (%s:%zu): encryption mismatch\n",
+                    label, test_number);
+                return 0;
+        }
+        /* Decryption */
+        memset(out, 0, sizeof(out));
+        memcpy(iv, at->iv, at->iv_len);
+        num = 0;
+        if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
+                fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
+                return 0;
+        }
+        AES_ofb128_encrypt(at->out, out, at->out_len, &key, iv, &num);
+        if (memcmp(at->in, out, at->in_len) != 0) {
+                fprintf(stderr, "FAIL (%s:%zu): decryption mismatch\n",
+                    label, test_number);
+                return 0;
+        }
+        return 1;
+}
+static int
 aes_evp_test(size_t test_number, const struct aes_test *at, const char *label,
    int key_bits, const EVP_CIPHER *cipher)
 {
@@ -926,14 +1028,16 @@ aes_test(void)
                case NID_aes_128_cfb128:
                case NID_aes_192_cfb128:
                case NID_aes_256_cfb128:
-                        /* XXX - CFB128 non-EVP tests */
+                        if (!aes_cfb128_test(i, label, key_bits, at))
+                                goto failed;
                        break;
                /* OFB128 */
                case NID_aes_128_ofb128:
                case NID_aes_192_ofb128:
                case NID_aes_256_ofb128:
-                        /* XXX - OFB128 non-EVP tests */
+                        if (!aes_ofb128_test(i, label, key_bits, at))
+                                goto failed;
                        break;
                /* GCM */
@@ -947,7 +1051,7 @@ aes_test(void)
                case NID_aes_128_ccm:
                case NID_aes_192_ccm:
                case NID_aes_256_ccm:
-                        /* XXX - CCM non-EVP tests */
+                        /* CCM is EVP-only */
                        break;
                /* Unknown */
author	kenjiro <>	2025-06-03 08:19:29 +0000
committer	kenjiro <>	2025-06-03 08:19:29 +0000
commit	db4ef294b026e518a37a083a9ef4d3adffea371c (patch)
tree	e4a78fbd7865f78c6c67e53380015fd28557e585
parent	4e06c13b92554011a9a697c3225a4cdd58a06fe0 (diff)
download	openbsd-db4ef294b026e518a37a083a9ef4d3adffea371c.tar.gz openbsd-db4ef294b026e518a37a083a9ef4d3adffea371c.tar.bz2 openbsd-db4ef294b026e518a37a083a9ef4d3adffea371c.zip

diff --git a/src/regress/lib/libcrypto/aes/aes_test.c b/src/regress/lib/libcrypto/aes/aes_test.c index 37bee05ca7..564fadb01c 100644 --- a/src/regress/lib/libcrypto/aes/aes_test.c +++ b/src/regress/lib/libcrypto/aes/aes_test.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: aes_test.c,v 1.3 2023/09/28 08:21:43 tb Exp $ */	1	/* $OpenBSD: aes_test.c,v 1.4 2025/06/03 08:19:29 kenjiro Exp $ */
2	/*	2	/*
3	* Copyright (c) 2022 Joshua Sing <joshua@hypera.dev>	3	* Copyright (c) 2022 Joshua Sing <joshua@hypera.dev>
4	*	4	*
@@ -542,7 +542,10 @@ aes_ecb_test(size_t test_number, const char *label, int key_bits,
542		542
543	/* Encryption */	543	/* Encryption */
544	memset(out, 0, sizeof(out));	544	memset(out, 0, sizeof(out));
545	AES_set_encrypt_key(at->key, key_bits, &key);	545	if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
		546	fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
		547	return 0;
		548	}
546	AES_ecb_encrypt(at->in, out, &key, 1);	549	AES_ecb_encrypt(at->in, out, &key, 1);
547		550
548	if (memcmp(at->out, out, at->out_len) != 0) {	551	if (memcmp(at->out, out, at->out_len) != 0) {
@@ -553,7 +556,10 @@ aes_ecb_test(size_t test_number, const char *label, int key_bits,
553		556
554	/* Decryption */	557	/* Decryption */
555	memset(out, 0, sizeof(out));	558	memset(out, 0, sizeof(out));
556	AES_set_decrypt_key(at->key, key_bits, &key);	559	if (AES_set_decrypt_key(at->key, key_bits, &key) != 0) {
		560	fprintf(stderr, "FAIL (%s:%zu): AES_set_decrypt_key failed\n", label, test_number);
		561	return 0;
		562	}
557	AES_ecb_encrypt(at->out, out, &key, 0);	563	AES_ecb_encrypt(at->out, out, &key, 0);
558		564
559	if (memcmp(at->in, out, at->in_len) != 0) {	565	if (memcmp(at->in, out, at->in_len) != 0) {
@@ -582,7 +588,10 @@ aes_cbc_test(size_t test_number, const char *label, int key_bits,
582	/* Encryption */	588	/* Encryption */
583	memset(out, 0, sizeof(out));	589	memset(out, 0, sizeof(out));
584	memcpy(iv, at->iv, at->iv_len);	590	memcpy(iv, at->iv, at->iv_len);
585	AES_set_encrypt_key(at->key, key_bits, &key);	591	if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
		592	fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
		593	return 0;
		594	}
586	AES_cbc_encrypt(at->in, out, at->in_len, &key, iv, 1);	595	AES_cbc_encrypt(at->in, out, at->in_len, &key, iv, 1);
587		596
588	if (memcmp(at->out, out, at->out_len) != 0) {	597	if (memcmp(at->out, out, at->out_len) != 0) {
@@ -594,7 +603,10 @@ aes_cbc_test(size_t test_number, const char *label, int key_bits,
594	/* Decryption */	603	/* Decryption */
595	memset(out, 0, sizeof(out));	604	memset(out, 0, sizeof(out));
596	memcpy(iv, at->iv, at->iv_len);	605	memcpy(iv, at->iv, at->iv_len);
597	AES_set_decrypt_key(at->key, key_bits, &key);	606	if (AES_set_decrypt_key(at->key, key_bits, &key) != 0) {
		607	fprintf(stderr, "FAIL (%s:%zu): AES_set_decrypt_key failed\n", label, test_number);
		608	return 0;
		609	}
598	AES_cbc_encrypt(at->out, out, at->out_len, &key, iv, 0);	610	AES_cbc_encrypt(at->out, out, at->out_len, &key, iv, 0);
599		611
600	if (memcmp(at->in, out, at->in_len) != 0) {	612	if (memcmp(at->in, out, at->in_len) != 0) {
@@ -607,6 +619,96 @@ aes_cbc_test(size_t test_number, const char *label, int key_bits,
607	}	619	}
608		620
609	static int	621	static int
		622	aes_cfb128_test(size_t test_number, const char *label, int key_bits,
		623	const struct aes_test *at)
		624	{
		625	AES_KEY key;
		626	uint8_t out[64];
		627	uint8_t iv[16];
		628	int num = 0;
		629
		630	/* CFB mode has no padding */
		631
		632	/* Encryption */
		633	memset(out, 0, sizeof(out));
		634	memcpy(iv, at->iv, at->iv_len);
		635	if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
		636	fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
		637	return 0;
		638	}
		639	AES_cfb128_encrypt(at->in, out, at->in_len, &key, iv, &num, AES_ENCRYPT);
		640
		641	if (memcmp(at->out, out, at->out_len) != 0) {
		642	fprintf(stderr, "FAIL (%s:%zu): encryption mismatch\n",
		643	label, test_number);
		644	return 0;
		645	}
		646
		647	/* Decryption */
		648	memset(out, 0, sizeof(out));
		649	memcpy(iv, at->iv, at->iv_len);
		650	num = 0;
		651	if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
		652	fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
		653	return 0;
		654	}
		655	AES_cfb128_encrypt(at->out, out, at->out_len, &key, iv, &num, AES_DECRYPT);
		656
		657	if (memcmp(at->in, out, at->in_len) != 0) {
		658	fprintf(stderr, "FAIL (%s:%zu): decryption mismatch\n",
		659	label, test_number);
		660	return 0;
		661	}
		662
		663	return 1;
		664	}
		665
		666	static int
		667	aes_ofb128_test(size_t test_number, const char *label, int key_bits,
		668	const struct aes_test *at)
		669	{
		670	AES_KEY key;
		671	uint8_t out[64];
		672	uint8_t iv[16];
		673	int num = 0;
		674
		675	/* OFB mode has no padding */
		676
		677	/* Encryption */
		678	memset(out, 0, sizeof(out));
		679	memcpy(iv, at->iv, at->iv_len);
		680	if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
		681	fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
		682	return 0;
		683	}
		684	AES_ofb128_encrypt(at->in, out, at->in_len, &key, iv, &num);
		685
		686	if (memcmp(at->out, out, at->out_len) != 0) {
		687	fprintf(stderr, "FAIL (%s:%zu): encryption mismatch\n",
		688	label, test_number);
		689	return 0;
		690	}
		691
		692	/* Decryption */
		693	memset(out, 0, sizeof(out));
		694	memcpy(iv, at->iv, at->iv_len);
		695	num = 0;
		696	if (AES_set_encrypt_key(at->key, key_bits, &key) != 0) {
		697	fprintf(stderr, "FAIL (%s:%zu): AES_set_encrypt_key failed\n", label, test_number);
		698	return 0;
		699	}
		700	AES_ofb128_encrypt(at->out, out, at->out_len, &key, iv, &num);
		701
		702	if (memcmp(at->in, out, at->in_len) != 0) {
		703	fprintf(stderr, "FAIL (%s:%zu): decryption mismatch\n",
		704	label, test_number);
		705	return 0;
		706	}
		707
		708	return 1;
		709	}
		710
		711	static int
610	aes_evp_test(size_t test_number, const struct aes_test at, const char label,	712	aes_evp_test(size_t test_number, const struct aes_test at, const char label,
611	int key_bits, const EVP_CIPHER *cipher)	713	int key_bits, const EVP_CIPHER *cipher)
612	{	714	{
@@ -926,14 +1028,16 @@ aes_test(void)
926	case NID_aes_128_cfb128:	1028	case NID_aes_128_cfb128:
927	case NID_aes_192_cfb128:	1029	case NID_aes_192_cfb128:
928	case NID_aes_256_cfb128:	1030	case NID_aes_256_cfb128:
929	/* XXX - CFB128 non-EVP tests */	1031	if (!aes_cfb128_test(i, label, key_bits, at))
		1032	goto failed;
930	break;	1033	break;
931		1034
932	/* OFB128 */	1035	/* OFB128 */
933	case NID_aes_128_ofb128:	1036	case NID_aes_128_ofb128:
934	case NID_aes_192_ofb128:	1037	case NID_aes_192_ofb128:
935	case NID_aes_256_ofb128:	1038	case NID_aes_256_ofb128:
936	/* XXX - OFB128 non-EVP tests */	1039	if (!aes_ofb128_test(i, label, key_bits, at))
		1040	goto failed;
937	break;	1041	break;
938		1042
939	/* GCM */	1043	/* GCM */
@@ -947,7 +1051,7 @@ aes_test(void)
947	case NID_aes_128_ccm:	1051	case NID_aes_128_ccm:
948	case NID_aes_192_ccm:	1052	case NID_aes_192_ccm:
949	case NID_aes_256_ccm:	1053	case NID_aes_256_ccm:
950	/* XXX - CCM non-EVP tests */	1054	/* CCM is EVP-only */
951	break;	1055	break;
952		1056
953	/* Unknown */	1057	/* Unknown */