Add a regress test for AEAD, based on Adam Langley's code.

3 files changed, 413 insertions, 0 deletions

diff --git a/regress/lib/libcrypto/aead/Makefile b/regress/lib/libcrypto/aead/Makefile
new file mode 100644
index 00000000000..3f4f302efe6
--- /dev/null
+++ b/regress/lib/libcrypto/aead/Makefile
@@ -0,0 +1,12 @@
+#	$OpenBSD: Makefile,v 1.1 2014/05/15 13:56:14 jsing Exp $
+
+PROG=	aeadtest
+LDADD=	-lcrypto
+DPADD=	${LIBCRYPTO}
+
+REGRESS_TARGETS=regress-aeadtest
+
+regress-aeadtest: ${PROG}
+	./${PROG} ${.CURDIR}/aeadtests.txt
+
+.include <bsd.regress.mk>
diff --git a/regress/lib/libcrypto/aead/aeadtest.c b/regress/lib/libcrypto/aead/aeadtest.c
new file mode 100644
index 00000000000..e74b9fca97e
--- /dev/null
+++ b/regress/lib/libcrypto/aead/aeadtest.c
@@ -0,0 +1,362 @@
+/* ====================================================================
+ * Copyright (c) 2011-2013 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <openssl/evp.h>
+
+/* This program tests an AEAD against a series of test vectors from a file. The
+ * test vector file consists of key-value lines where the key and value are
+ * separated by a colon and optional whitespace. The keys are listed in
+ * |NAMES|, below. The values are hex-encoded data.
+ *
+ * After a number of key-value lines, a blank line or EOF indicates the end of
+ * the test case.
+ *
+ * For example, here's a valid test case:
+ *
+ *   AEAD: chacha20-poly1305
+ *   KEY: 5a19f3173586b4c42f8412f4d5a786531b3231753e9e00998aec12fda8df10e4
+ *   NONCE: 978105dfce667bf4
+ *   IN: 6a4583908d
+ *   AD: b654574932
+ *   CT: 5294265a60
+ *   TAG: 1d45758621762e061368e68868e2f929
+ */
+
+#define BUF_MAX 512
+
+/* These are the different types of line that are found in the input file. */
+enum {
+	AEAD = 0,	/* name of the AEAD algorithm. */
+	KEY,		/* hex encoded key. */
+	NONCE,		/* hex encoded nonce. */
+	IN,		/* hex encoded plaintext. */
+	AD,		/* hex encoded additional data. */
+	CT,		/* hex encoded ciphertext (not including the
+			 * authenticator, which is next. */
+	TAG,		/* hex encoded authenticator. */
+	NUM_TYPES
+};
+
+static const char NAMES[NUM_TYPES][6] = {
+	"AEAD",
+	"KEY",
+	"NONCE",
+	"IN",
+	"AD",
+	"CT",
+	"TAG",
+};
+
+static unsigned char
+hex_digit(char h) {
+	if (h >= '0' && h <= '9')
+		return h - '0';
+	else if (h >= 'a' && h <= 'f')
+		return h - 'a' + 10;
+	else if (h >= 'A' && h <= 'F')
+		return h - 'A' + 10;
+	else
+		return 16;
+}
+
+int
+aead_from_name(const EVP_AEAD **aead, const char *name){
+	*aead = NULL;
+
+	if (strcmp(name, "aes-128-gcm") == 0) {
+#ifndef OPENSSL_NO_AES
+		*aead = EVP_aead_aes_128_gcm();
+#else
+		fprintf(stderr, "No AES support.\n");
+#endif
+	} else if (strcmp(name, "aes-256-gcm") == 0) {
+#ifndef OPENSSL_NO_AES
+		*aead = EVP_aead_aes_256_gcm();
+#else
+		fprintf(stderr, "No AES support.\n");
+#endif
+	} else {
+		fprintf(stderr, "Unknown AEAD: %s\n", name);
+		return -1;
+	}
+
+	if (aead == NULL)
+		return 0;
+
+	return 1;
+}
+
+static int
+run_test_case(const EVP_AEAD* aead, unsigned char bufs[NUM_TYPES][BUF_MAX],
+    const unsigned int lengths[NUM_TYPES], unsigned int line_no)
+{
+	EVP_AEAD_CTX ctx;
+	ssize_t n;
+	size_t un;
+	unsigned char out[BUF_MAX+EVP_AEAD_MAX_TAG_LENGTH], out2[BUF_MAX];
+
+	if (!EVP_AEAD_CTX_init(&ctx, aead, bufs[KEY], lengths[KEY],
+	    lengths[TAG], NULL)) {
+		fprintf(stderr, "Failed to init AEAD on line %u\n", line_no);
+		return 0;
+	}
+
+	n = EVP_AEAD_CTX_seal(&ctx, out, sizeof(out), bufs[NONCE],
+	    lengths[NONCE], bufs[IN], lengths[IN], bufs[AD], lengths[AD]);
+
+	if (n < 0) {
+		fprintf(stderr, "Failed to run AEAD on line %u\n", line_no);
+		return 0;
+	}
+
+	un = (size_t)n;
+
+	if (un != lengths[CT] + lengths[TAG]) {
+		fprintf(stderr, "Bad output length on line %u: %u vs %u\n",
+			line_no, (unsigned) un,
+			(unsigned)(lengths[CT] + lengths[TAG]));
+		return 0;
+	}
+
+	if (memcmp(out, bufs[CT], lengths[CT]) != 0) {
+		fprintf(stderr, "Bad output on line %u\n", line_no);
+		return 0;
+	}
+
+	if (memcmp(out + lengths[CT], bufs[TAG], lengths[TAG]) != 0) {
+		fprintf(stderr, "Bad tag on line %u\n", line_no);
+		return 0;
+	}
+
+	n = EVP_AEAD_CTX_open(&ctx, out2, lengths[IN], bufs[NONCE],
+	    lengths[NONCE], out, un, bufs[AD], lengths[AD]);
+	if (n < 0) {
+		fprintf(stderr, "Failed to decrypt on line %u\n", line_no);
+		return 0;
+	}
+
+	if ((size_t)n != lengths[IN]) {
+		fprintf(stderr, "Bad decrypt on line %u: %u\n", line_no,
+			(unsigned) n);
+		return 0;
+	}
+
+	out[0] ^= 0x80;
+	n = EVP_AEAD_CTX_open(&ctx, out2, lengths[IN], bufs[NONCE],
+	    lengths[NONCE], out, un, bufs[AD], lengths[AD]);
+	if (n >= 0) {
+		fprintf(stderr, "Decrypted bad data on line %u\n", line_no);
+		return 0;
+	}
+
+	EVP_AEAD_CTX_cleanup(&ctx);
+	return 1;
+}
+
+int
+main(int argc, char **argv)
+{
+	FILE *f;
+	const EVP_AEAD *aead = NULL;
+	unsigned int line_no = 0, num_tests = 0, j;
+
+	unsigned char bufs[NUM_TYPES][BUF_MAX];
+	unsigned int lengths[NUM_TYPES];
+
+	if (argc != 2) {
+		fprintf(stderr, "%s <test file.txt>\n", argv[0]);
+		return 1;
+	}
+
+	f = fopen(argv[1], "r");
+	if (f == NULL) {
+		perror("failed to open input");
+		return 1;
+	}
+
+	for (j = 0; j < NUM_TYPES; j++)
+		lengths[j] = 0;
+
+	for (;;) {
+		char line[4096];
+		unsigned int i, type_len = 0;
+
+		unsigned char *buf = NULL;
+		unsigned int *buf_len = NULL;
+
+		if (!fgets(line, sizeof(line), f))
+			break;
+
+		line_no++;
+		if (line[0] == '#')
+			continue;
+
+		if (line[0] == '\n' || line[0] == 0) {
+			/* Run a test, if possible. */
+			char any_values_set = 0;
+			for (j = 0; j < NUM_TYPES; j++) {
+				if (lengths[j] != 0) {
+					any_values_set = 1;
+					break;
+				}
+			}
+
+			if (!any_values_set)
+				continue;
+
+			switch (aead_from_name(&aead, bufs[AEAD])) {
+			case 0:
+				fprintf(stderr, "Skipping test...\n");
+				continue;
+			case -1:
+				fprintf(stderr, "Aborting...\n");
+				return 4;
+			}
+			
+			if (!run_test_case(aead, bufs, lengths, line_no))
+				return 4;
+
+			for (j = 0; j < NUM_TYPES; j++)
+				lengths[j] = 0;
+
+			num_tests++;
+			continue;
+		}
+
+		/* Each line looks like:
+		 *   TYPE: 0123abc
+		 * Where "TYPE" is the type of the data on the line,
+		 * e.g. "KEY". */
+		for (i = 0; line[i] != 0 && line[i] != '\n'; i++) {
+			if (line[i] == ':') {
+				type_len = i;
+				break;
+			}
+		}
+		i++;
+
+		if (type_len == 0) {
+			fprintf(stderr, "Parse error on line %u\n", line_no);
+			return 3;
+		}
+
+		/* After the colon, there's optional whitespace. */
+		for (; line[i] != 0 && line[i] != '\n'; i++) {
+			if (line[i] != ' ' && line[i] != '\t')
+				break;
+		}
+
+		line[type_len] = 0;
+		for (j = 0; j < NUM_TYPES; j++) {
+			if (strcmp(line, NAMES[j]) != 0)
+				continue;
+			if (lengths[j] != 0) {
+				fprintf(stderr, "Duplicate value on line %u\n",
+				    line_no);
+				return 3;
+			}
+			buf = bufs[j];
+			buf_len = &lengths[j];
+			break;
+		}
+
+		if (buf == NULL) {
+			fprintf(stderr, "Unknown line type on line %u\n",
+			    line_no);
+			return 3;
+		}
+
+		if (j == AEAD) {
+			*buf_len = strlcpy(buf, line + i, BUF_MAX);
+			for (j = 0; j < BUF_MAX; j++) {
+				if (buf[j] == '\n')
+					buf[j] = '\0';
+			}
+			continue;
+		}
+
+		for (j = 0; line[i] != 0 && line[i] != '\n'; i++) {
+			unsigned char v, v2;
+			v = hex_digit(line[i++]);
+			if (line[i] == 0 || line[i] == '\n') {
+				fprintf(stderr, "Odd-length hex data on "
+				    "line %u\n", line_no);
+				return 3;
+			}
+			v2 = hex_digit(line[i]);
+			if (v > 15 || v2 > 15) {
+				fprintf(stderr, "Invalid hex char on line %u\n",
+				    line_no);
+				return 3;
+			}
+			v <<= 4;
+			v |= v2;
+
+			if (j == BUF_MAX) {
+				fprintf(stderr, "Too much hex data on line %u "
+				    "(max is %u bytes)\n",
+				    line_no, (unsigned) BUF_MAX);
+				return 3;
+			}
+			buf[j++] = v;
+			*buf_len = *buf_len + 1;
+		}
+	}
+
+	printf("Completed %u test cases\n", num_tests);
+	printf("PASS\n");
+	fclose(f);
+
+	return 0;
+}
diff --git a/regress/lib/libcrypto/aead/aeadtests.txt b/regress/lib/libcrypto/aead/aeadtests.txt
new file mode 100644
index 00000000000..ec06430121e
--- /dev/null
+++ b/regress/lib/libcrypto/aead/aeadtests.txt
@@ -0,0 +1,39 @@
+# MACsec GCM-AES Test Vectors (bn-randall-test-vectors-0511-v1.pdf)
+# 2.5.1 65-byte Packet Authentication Using GCM-AES-128
+AEAD: aes-128-gcm
+KEY: 013FE00B5F11BE7F866D0CBBC55A7A90
+NONCE: 7CFDE9F9E33724C68932D612
+IN:
+AD: 84C5D513D2AAF6E5BBD2727788E523008932D6127CFDE9F9E33724C608000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F0005
+CT:
+TAG: 217867E50C2DAD74C28C3B50ABDF695A
+
+# MACsec GCM-AES Test Vectors (bn-randall-test-vectors-0511-v1.pdf)
+# 2.5.2 65-byte Packet Authentication Using GCM-AES-256
+AEAD: aes-256-gcm
+KEY: 83C093B58DE7FFE1C0DA926AC43FB3609AC1C80FEE1B624497EF942E2F79A823
+NONCE: 7CFDE9F9E33724C68932D612
+IN:
+AD: 84C5D513D2AAF6E5BBD2727788E523008932D6127CFDE9F9E33724C608000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F0005
+CT:
+TAG: 6EE160E8FAECA4B36C86B234920CA975
+
+# MACsec GCM-AES Test Vectors (bn-randall-test-vectors-0511-v1.pdf)
+# 2.8.1 75-byte Packet Encryption Using GCM-AES-128
+AEAD: aes-128-gcm
+KEY: 88EE087FD95DA9FBF6725AA9D757B0CD
+NONCE: 7AE8E2CA4EC500012E58495C
+IN: 08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748490008
+AD: 68F2E77696CE7AE8E2CA4EC588E54D002E58495C
+CT: C31F53D99E5687F7365119B832D2AAE70741D593F1F9E2AB3455779B078EB8FEACDFEC1F8E3E5277F8180B43361F6512ADB16D2E38548A2C719DBA7228D840
+TAG: 88F8757ADB8AA788D8F65AD668BE70E7
+
+# MACsec GCM-AES Test Vectors (bn-randall-test-vectors-0511-v1.pdf)
+# 2.8.2 75-byte Packet Encryption Using GCM-AES-256
+AEAD: aes-256-gcm
+KEY: 4C973DBC7364621674F8B5B89E5C15511FCED9216490FB1C1A2CAA0FFE0407E5
+NONCE: 7AE8E2CA4EC500012E58495C
+IN: 08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748490008
+AD: 68F2E77696CE7AE8E2CA4EC588E54D002E58495C
+CT: BA8AE31BC506486D6873E4FCE460E7DC57591FF00611F31C3834FE1C04AD80B66803AFCF5B27E6333FA67C99DA47C2F0CED68D531BD741A943CFF7A6713BD0
+TAG: 2611CD7DAA01D61C5C886DC1A8170107