LXR qemu/tests/unit/test-crypto-cipher.c

   1/*
   2 * QEMU Crypto cipher algorithms
   3 *
   4 * Copyright (c) 2015 Red Hat, Inc.
   5 *
   6 * This library is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU Lesser General Public
   8 * License as published by the Free Software Foundation; either
   9 * version 2.1 of the License, or (at your option) any later version.
  10 *
  11 * This library is distributed in the hope that it will be useful,
  12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14 * Lesser General Public License for more details.
  15 *
  16 * You should have received a copy of the GNU Lesser General Public
  17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  18 *
  19 */
  20
  21#include "qemu/osdep.h"
  22
  23#include "crypto/init.h"
  24#include "crypto/cipher.h"
  25#include "qapi/error.h"
  26
  27typedef struct QCryptoCipherTestData QCryptoCipherTestData;
  28struct QCryptoCipherTestData {
  29    const char *path;
  30    QCryptoCipherAlgorithm alg;
  31    QCryptoCipherMode mode;
  32    const char *key;
  33    const char *plaintext;
  34    const char *ciphertext;
  35    const char *iv;
  36};
  37
  38/* AES test data comes from appendix F of:
  39 *
  40 * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
  41 */
  42static QCryptoCipherTestData test_data[] = {
  43    {
  44        /* NIST F.1.1 ECB-AES128.Encrypt */
  45        .path = "/crypto/cipher/aes-ecb-128",
  46        .alg = QCRYPTO_CIPHER_ALG_AES_128,
  47        .mode = QCRYPTO_CIPHER_MODE_ECB,
  48        .key = "2b7e151628aed2a6abf7158809cf4f3c",
  49        .plaintext =
  50            "6bc1bee22e409f96e93d7e117393172a"
  51            "ae2d8a571e03ac9c9eb76fac45af8e51"
  52            "30c81c46a35ce411e5fbc1191a0a52ef"
  53            "f69f2445df4f9b17ad2b417be66c3710",
  54        .ciphertext =
  55            "3ad77bb40d7a3660a89ecaf32466ef97"
  56            "f5d3d58503b9699de785895a96fdbaaf"
  57            "43b1cd7f598ece23881b00e3ed030688"
  58            "7b0c785e27e8ad3f8223207104725dd4"
  59    },
  60    {
  61        /* NIST F.1.3 ECB-AES192.Encrypt */
  62        .path = "/crypto/cipher/aes-ecb-192",
  63        .alg = QCRYPTO_CIPHER_ALG_AES_192,
  64        .mode = QCRYPTO_CIPHER_MODE_ECB,
  65        .key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b",
  66        .plaintext  =
  67            "6bc1bee22e409f96e93d7e117393172a"
  68            "ae2d8a571e03ac9c9eb76fac45af8e51"
  69            "30c81c46a35ce411e5fbc1191a0a52ef"
  70            "f69f2445df4f9b17ad2b417be66c3710",
  71        .ciphertext =
  72            "bd334f1d6e45f25ff712a214571fa5cc"
  73            "974104846d0ad3ad7734ecb3ecee4eef"
  74            "ef7afd2270e2e60adce0ba2face6444e"
  75            "9a4b41ba738d6c72fb16691603c18e0e"
  76    },
  77    {
  78        /* NIST F.1.5 ECB-AES256.Encrypt */
  79        .path = "/crypto/cipher/aes-ecb-256",
  80        .alg = QCRYPTO_CIPHER_ALG_AES_256,
  81        .mode = QCRYPTO_CIPHER_MODE_ECB,
  82        .key =
  83            "603deb1015ca71be2b73aef0857d7781"
  84            "1f352c073b6108d72d9810a30914dff4",
  85        .plaintext  =
  86            "6bc1bee22e409f96e93d7e117393172a"
  87            "ae2d8a571e03ac9c9eb76fac45af8e51"
  88            "30c81c46a35ce411e5fbc1191a0a52ef"
  89            "f69f2445df4f9b17ad2b417be66c3710",
  90        .ciphertext =
  91            "f3eed1bdb5d2a03c064b5a7e3db181f8"
  92            "591ccb10d410ed26dc5ba74a31362870"
  93            "b6ed21b99ca6f4f9f153e7b1beafed1d"
  94            "23304b7a39f9f3ff067d8d8f9e24ecc7",
  95    },
  96    {
  97        /* NIST F.2.1 CBC-AES128.Encrypt */
  98        .path = "/crypto/cipher/aes-cbc-128",
  99        .alg = QCRYPTO_CIPHER_ALG_AES_128,
 100        .mode = QCRYPTO_CIPHER_MODE_CBC,
 101        .key = "2b7e151628aed2a6abf7158809cf4f3c",
 102        .iv = "000102030405060708090a0b0c0d0e0f",
 103        .plaintext  =
 104            "6bc1bee22e409f96e93d7e117393172a"
 105            "ae2d8a571e03ac9c9eb76fac45af8e51"
 106            "30c81c46a35ce411e5fbc1191a0a52ef"
 107            "f69f2445df4f9b17ad2b417be66c3710",
 108        .ciphertext =
 109            "7649abac8119b246cee98e9b12e9197d"
 110            "5086cb9b507219ee95db113a917678b2"
 111            "73bed6b8e3c1743b7116e69e22229516"
 112            "3ff1caa1681fac09120eca307586e1a7",
 113    },
 114    {
 115        /* NIST F.2.3 CBC-AES128.Encrypt */
 116        .path = "/crypto/cipher/aes-cbc-192",
 117        .alg = QCRYPTO_CIPHER_ALG_AES_192,
 118        .mode = QCRYPTO_CIPHER_MODE_CBC,
 119        .key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b",
 120        .iv = "000102030405060708090a0b0c0d0e0f",
 121        .plaintext  =
 122            "6bc1bee22e409f96e93d7e117393172a"
 123            "ae2d8a571e03ac9c9eb76fac45af8e51"
 124            "30c81c46a35ce411e5fbc1191a0a52ef"
 125            "f69f2445df4f9b17ad2b417be66c3710",
 126        .ciphertext =
 127            "4f021db243bc633d7178183a9fa071e8"
 128            "b4d9ada9ad7dedf4e5e738763f69145a"
 129            "571b242012fb7ae07fa9baac3df102e0"
 130            "08b0e27988598881d920a9e64f5615cd",
 131    },
 132    {
 133        /* NIST F.2.5 CBC-AES128.Encrypt */
 134        .path = "/crypto/cipher/aes-cbc-256",
 135        .alg = QCRYPTO_CIPHER_ALG_AES_256,
 136        .mode = QCRYPTO_CIPHER_MODE_CBC,
 137        .key =
 138            "603deb1015ca71be2b73aef0857d7781"
 139            "1f352c073b6108d72d9810a30914dff4",
 140        .iv = "000102030405060708090a0b0c0d0e0f",
 141        .plaintext  =
 142            "6bc1bee22e409f96e93d7e117393172a"
 143            "ae2d8a571e03ac9c9eb76fac45af8e51"
 144            "30c81c46a35ce411e5fbc1191a0a52ef"
 145            "f69f2445df4f9b17ad2b417be66c3710",
 146        .ciphertext =
 147            "f58c4c04d6e5f1ba779eabfb5f7bfbd6"
 148            "9cfc4e967edb808d679f777bc6702c7d"
 149            "39f23369a9d9bacfa530e26304231461"
 150            "b2eb05e2c39be9fcda6c19078c6a9d1b",
 151    },
 152    {
 153        /*
 154         * Testing 'password' as plaintext fits
 155         * in single AES block, and gives identical
 156         * ciphertext in ECB and CBC modes
 157         */
 158        .path = "/crypto/cipher/des-ecb-56-one-block",
 159        .alg = QCRYPTO_CIPHER_ALG_DES,
 160        .mode = QCRYPTO_CIPHER_MODE_ECB,
 161        .key = "80c4a2e691d5b3f7",
 162        .plaintext = "70617373776f7264",
 163        .ciphertext = "73fa80b66134e403",
 164    },
 165    {
 166        /* See previous comment */
 167        .path = "/crypto/cipher/des-cbc-56-one-block",
 168        .alg = QCRYPTO_CIPHER_ALG_DES,
 169        .mode = QCRYPTO_CIPHER_MODE_CBC,
 170        .key = "80c4a2e691d5b3f7",
 171        .iv = "0000000000000000",
 172        .plaintext = "70617373776f7264",
 173        .ciphertext = "73fa80b66134e403",
 174    },
 175    {
 176        .path = "/crypto/cipher/des-ecb-56",
 177        .alg = QCRYPTO_CIPHER_ALG_DES,
 178        .mode = QCRYPTO_CIPHER_MODE_ECB,
 179        .key = "80c4a2e691d5b3f7",
 180        .plaintext =
 181            "6bc1bee22e409f96e93d7e117393172a"
 182            "ae2d8a571e03ac9c9eb76fac45af8e51"
 183            "30c81c46a35ce411e5fbc1191a0a52ef"
 184            "f69f2445df4f9b17ad2b417be66c3710",
 185        .ciphertext =
 186            "8f346aaf64eaf24040720d80648c52e7"
 187            "aefc616be53ab1a3d301e69d91e01838"
 188            "ffd29f1bb5596ad94ea2d8e6196b7f09"
 189            "30d8ed0bf2773af36dd82a6280c20926",
 190    },
 191    {
 192        /* Borrowed from linux-kernel crypto/testmgr.h */
 193        .path = "/crypto/cipher/3des-cbc",
 194        .alg = QCRYPTO_CIPHER_ALG_3DES,
 195        .mode = QCRYPTO_CIPHER_MODE_CBC,
 196        .key =
 197            "e9c0ff2e760b6424444d995a12d640c0"
 198            "eac284e81495dbe8",
 199        .iv =
 200            "7d3388930f93b242",
 201        .plaintext =
 202            "6f54206f614d796e5320636565727374"
 203            "54206f6f4d206e612079655372637465"
 204            "20736f54206f614d796e532063656572"
 205            "737454206f6f4d206e61207965537263"
 206            "746520736f54206f614d796e53206365"
 207            "6572737454206f6f4d206e6120796553"
 208            "7263746520736f54206f614d796e5320"
 209            "63656572737454206f6f4d206e610a79",
 210        .ciphertext =
 211            "0e2db6973c5633f4671721c76e8ad549"
 212            "74b34905c51cd0ed12565c5396b6007d"
 213            "9048fcf58d2939cc8ad5351836234ed7"
 214            "76d1da0c9467bb048bf2036ca8cfb6ea"
 215            "226447aa8f7513bf9fc2c3f0c956c57a"
 216            "71632e897b1e12cae25fafd8a4f8c97a"
 217            "d6f92131624445a6d6bc5ad32d5443cc"
 218            "9ddea570e942458a6bfab19113b0d919",
 219    },
 220    {
 221        /* Borrowed from linux-kernel crypto/testmgr.h */
 222        .path = "/crypto/cipher/3des-ecb",
 223        .alg = QCRYPTO_CIPHER_ALG_3DES,
 224        .mode = QCRYPTO_CIPHER_MODE_ECB,
 225        .key =
 226            "0123456789abcdef5555555555555555"
 227            "fedcba9876543210",
 228        .plaintext =
 229            "736f6d6564617461",
 230        .ciphertext =
 231            "18d748e563620572",
 232    },
 233    {
 234        /* Borrowed from linux-kernel crypto/testmgr.h */
 235        .path = "/crypto/cipher/3des-ctr",
 236        .alg = QCRYPTO_CIPHER_ALG_3DES,
 237        .mode = QCRYPTO_CIPHER_MODE_CTR,
 238        .key =
 239            "9cd6f39cb95a67005a67002dceeb2dce"
 240            "ebb45172b451721f",
 241        .iv =
 242            "ffffffffffffffff",
 243        .plaintext =
 244            "05ec77fb42d559208b128669f05bcf56"
 245            "39ad349f66ea7dc448d3ba0db118e34a"
 246            "fe41285c278e11856cf75ec2553ca00b"
 247            "9265e970db4fd6b900b41fe649fd442f"
 248            "533a8d149863ca5dc1a833a70e9178ec"
 249            "77de42d5bc078b12e54cf05b22563980"
 250            "6b9f66c950c4af36ba0d947fe34add41"
 251            "28b31a8e11f843f75e21553c876e9265"
 252            "cc57dba235b900eb72e649d0442fb619"
 253            "8d14ff46ca5d24a8339a6d9178c377de"
 254            "a108bc07ee71e54cd75b22b51c806bf2"
 255            "45c9503baf369960947fc64adda40fb3"
 256            "1aed74f8432a5e218813876ef158cc57"
 257            "3ea2359c67eb72c549d0bb02b619e04b"
 258            "ff46295d248f169a6df45fc3aa3da108"
 259            "937aee71d84cd7be01b51ce74ef2452c"
 260            "503b82159960cb52c6a930a40f9679ed"
 261            "74df432abd048813fa4df15823573e81"
 262            "689c67ce51c5ac37bb02957ce04bd246"
 263            "29b01b8f16f940f45f26aa3d846f937a"
 264            "cd54d8a30abe01e873e74ed1452cb71e"
 265            "8215fc47cb5225a9309b629679c074df"
 266            "a609bd04ef76fa4dd458238a1d8168f3"
 267            "5ace5138ac379e61957cc74bd2a50cb0"
 268            "1be275f9402b5f268910846ff659cd54"
 269            "3fa30a9d64e873da4ed1b803b71ee148"
 270            "fc472e52258c179b62f55cc0ab32a609"
 271            "907bef76d94dd4bf068a1de44ff35a2d"
 272            "5138836a9e61c853c7ae31a50c977ee2"
 273            "75dc402bb2058910fb42f65920543f86"
 274            "699d64cf56daad34b803ea7de148d347",
 275        .ciphertext =
 276            "07c20820721f49ef19cd6f3253052215"
 277            "a2852bdb85d2d8b9dd0d1b45cb6911d4"
 278            "eabeb2455d0caebea0c127ac659f537e"
 279            "afc21bb5b86d360c25c0f86d0b2901da"
 280            "1378dc89121243faf612ef8d87627883"
 281            "e2be41204c6d351bd10c30cfe2de2b03"
 282            "bf4573d4e55995d1b39b276297bdde7f"
 283            "a4d23980aa5023f074883da86a18793b"
 284            "c4966c8d2240926ed6ad2a1fde63c0e7"
 285            "07f72df7b5f3f0cc017c2a9bc210caaa"
 286            "fd2b3fc5f3f6fc9b45db53e45bf3c97b"
 287            "8e52ffc802b8ac9da10039da3d2d0e01"
 288            "097d8d5ebe53b9b08ee7e2966ab278ea"
 289            "de238ba5fa5ce3dabf8e316a55d16ab2"
 290            "b5466fa5f0eeba1f9f98b0664fd03fa9"
 291            "df5f58c4f4ff755c403a097e6e1c97d4"
 292            "cce7e771cf0b150871fa0797cde6ca1d"
 293            "14280ccf99137af1ebfafa9207de1da1"
 294            "d33669fe514d9f2e83374f1f4830ed04"
 295            "4da4ef3aca76f41c418f6337782f86a6"
 296            "ef417ed2af88ab675271c38ef8269372"
 297            "aad60ee70b46b13ab408a9a8a0cf200c"
 298            "52bc8b0556b2bc319b74b92929969a50"
 299            "dc45dc1aeb0c64d4d3057e5955c3f490"
 300            "c2abf89b8adacea1c3f4ad77dd44c8ac"
 301            "a3f1c9d2195cb0caa234c1f76cfdac65"
 302            "32dc48c4f2006b77f17d76acc031632a"
 303            "a53a62c891b10365cb43d106dfc367bc"
 304            "dce0cd35ce4965a0527ba70d07a91bb0"
 305            "407772c2ea0e3a7846b991b6e73d5142"
 306            "fd51b0c62c6313785ceefccfc4700034",
 307    },
 308    {
 309        /* RFC 2144, Appendix B.1 */
 310        .path = "/crypto/cipher/cast5-128",
 311        .alg = QCRYPTO_CIPHER_ALG_CAST5_128,
 312        .mode = QCRYPTO_CIPHER_MODE_ECB,
 313        .key = "0123456712345678234567893456789A",
 314        .plaintext = "0123456789abcdef",
 315        .ciphertext = "238b4fe5847e44b2",
 316    },
 317    {
 318        /* libgcrypt serpent.c */
 319        .path = "/crypto/cipher/serpent-128",
 320        .alg = QCRYPTO_CIPHER_ALG_SERPENT_128,
 321        .mode = QCRYPTO_CIPHER_MODE_ECB,
 322        .key = "00000000000000000000000000000000",
 323        .plaintext = "d29d576fcea3a3a7ed9099f29273d78e",
 324        .ciphertext = "b2288b968ae8b08648d1ce9606fd992d",
 325    },
 326    {
 327        /* libgcrypt serpent.c */
 328        .path = "/crypto/cipher/serpent-192",
 329        .alg = QCRYPTO_CIPHER_ALG_SERPENT_192,
 330        .mode = QCRYPTO_CIPHER_MODE_ECB,
 331        .key = "00000000000000000000000000000000"
 332               "0000000000000000",
 333        .plaintext = "d29d576fceaba3a7ed9899f2927bd78e",
 334        .ciphertext = "130e353e1037c22405e8faefb2c3c3e9",
 335    },
 336    {
 337        /* libgcrypt serpent.c */
 338        .path = "/crypto/cipher/serpent-256a",
 339        .alg = QCRYPTO_CIPHER_ALG_SERPENT_256,
 340        .mode = QCRYPTO_CIPHER_MODE_ECB,
 341        .key = "00000000000000000000000000000000"
 342               "00000000000000000000000000000000",
 343        .plaintext = "d095576fcea3e3a7ed98d9f29073d78e",
 344        .ciphertext = "b90ee5862de69168f2bdd5125b45472b",
 345    },
 346    {
 347        /* libgcrypt serpent.c */
 348        .path = "/crypto/cipher/serpent-256b",
 349        .alg = QCRYPTO_CIPHER_ALG_SERPENT_256,
 350        .mode = QCRYPTO_CIPHER_MODE_ECB,
 351        .key = "00000000000000000000000000000000"
 352               "00000000000000000000000000000000",
 353        .plaintext = "00000000010000000200000003000000",
 354        .ciphertext = "2061a42782bd52ec691ec383b03ba77c",
 355    },
 356    {
 357        /* Twofish paper "Known Answer Test" */
 358        .path = "/crypto/cipher/twofish-128",
 359        .alg = QCRYPTO_CIPHER_ALG_TWOFISH_128,
 360        .mode = QCRYPTO_CIPHER_MODE_ECB,
 361        .key = "d491db16e7b1c39e86cb086b789f5419",
 362        .plaintext = "019f9809de1711858faac3a3ba20fbc3",
 363        .ciphertext = "6363977de839486297e661c6c9d668eb",
 364    },
 365    {
 366        /* Twofish paper "Known Answer Test", I=3 */
 367        .path = "/crypto/cipher/twofish-192",
 368        .alg = QCRYPTO_CIPHER_ALG_TWOFISH_192,
 369        .mode = QCRYPTO_CIPHER_MODE_ECB,
 370        .key = "88b2b2706b105e36b446bb6d731a1e88"
 371               "efa71f788965bd44",
 372        .plaintext = "39da69d6ba4997d585b6dc073ca341b2",
 373        .ciphertext = "182b02d81497ea45f9daacdc29193a65",
 374    },
 375    {
 376        /* Twofish paper "Known Answer Test", I=4 */
 377        .path = "/crypto/cipher/twofish-256",
 378        .alg = QCRYPTO_CIPHER_ALG_TWOFISH_256,
 379        .mode = QCRYPTO_CIPHER_MODE_ECB,
 380        .key = "d43bb7556ea32e46f2a282b7d45b4e0d"
 381               "57ff739d4dc92c1bd7fc01700cc8216f",
 382        .plaintext = "90afe91bb288544f2c32dc239b2635e6",
 383        .ciphertext = "6cb4561c40bf0a9705931cb6d408e7fa",
 384    },
 385    {
 386        /* #1 32 byte key, 32 byte PTX */
 387        .path = "/crypto/cipher/aes-xts-128-1",
 388        .alg = QCRYPTO_CIPHER_ALG_AES_128,
 389        .mode = QCRYPTO_CIPHER_MODE_XTS,
 390        .key =
 391            "00000000000000000000000000000000"
 392            "00000000000000000000000000000000",
 393        .iv =
 394            "00000000000000000000000000000000",
 395        .plaintext =
 396            "00000000000000000000000000000000"
 397            "00000000000000000000000000000000",
 398        .ciphertext =
 399            "917cf69ebd68b2ec9b9fe9a3eadda692"
 400            "cd43d2f59598ed858c02c2652fbf922e",
 401    },
 402    {
 403        /* #2, 32 byte key, 32 byte PTX */
 404        .path = "/crypto/cipher/aes-xts-128-2",
 405        .alg = QCRYPTO_CIPHER_ALG_AES_128,
 406        .mode = QCRYPTO_CIPHER_MODE_XTS,
 407        .key =
 408            "11111111111111111111111111111111"
 409            "22222222222222222222222222222222",
 410        .iv =
 411            "33333333330000000000000000000000",
 412        .plaintext =
 413            "44444444444444444444444444444444"
 414            "44444444444444444444444444444444",
 415        .ciphertext =
 416            "c454185e6a16936e39334038acef838b"
 417            "fb186fff7480adc4289382ecd6d394f0",
 418    },
 419    {
 420        /* #5 from xts.7, 32 byte key, 32 byte PTX */
 421        .path = "/crypto/cipher/aes-xts-128-3",
 422        .alg = QCRYPTO_CIPHER_ALG_AES_128,
 423        .mode = QCRYPTO_CIPHER_MODE_XTS,
 424        .key =
 425            "fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0"
 426            "bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0",
 427        .iv =
 428            "9a785634120000000000000000000000",
 429        .plaintext =
 430            "44444444444444444444444444444444"
 431            "44444444444444444444444444444444",
 432        .ciphertext =
 433            "b01f86f8edc1863706fa8a4253e34f28"
 434            "af319de38334870f4dd1f94cbe9832f1",
 435    },
 436    {
 437        /* #4, 32 byte key, 512 byte PTX  */
 438        .path = "/crypto/cipher/aes-xts-128-4",
 439        .alg = QCRYPTO_CIPHER_ALG_AES_128,
 440        .mode = QCRYPTO_CIPHER_MODE_XTS,
 441        .key =
 442            "27182818284590452353602874713526"
 443            "31415926535897932384626433832795",
 444        .iv =
 445            "00000000000000000000000000000000",
 446        .plaintext =
 447            "000102030405060708090a0b0c0d0e0f"
 448            "101112131415161718191a1b1c1d1e1f"
 449            "202122232425262728292a2b2c2d2e2f"
 450            "303132333435363738393a3b3c3d3e3f"
 451            "404142434445464748494a4b4c4d4e4f"
 452            "505152535455565758595a5b5c5d5e5f"
 453            "606162636465666768696a6b6c6d6e6f"
 454            "707172737475767778797a7b7c7d7e7f"
 455            "808182838485868788898a8b8c8d8e8f"
 456            "909192939495969798999a9b9c9d9e9f"
 457            "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf"
 458            "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf"
 459            "c0c1c2c3c4c5c6c7c8c9cacbcccdcecf"
 460            "d0d1d2d3d4d5d6d7d8d9dadbdcdddedf"
 461            "e0e1e2e3e4e5e6e7e8e9eaebecedeeef"
 462            "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"
 463            "000102030405060708090a0b0c0d0e0f"
 464            "101112131415161718191a1b1c1d1e1f"
 465            "202122232425262728292a2b2c2d2e2f"
 466            "303132333435363738393a3b3c3d3e3f"
 467            "404142434445464748494a4b4c4d4e4f"
 468            "505152535455565758595a5b5c5d5e5f"
 469            "606162636465666768696a6b6c6d6e6f"
 470            "707172737475767778797a7b7c7d7e7f"
 471            "808182838485868788898a8b8c8d8e8f"
 472            "909192939495969798999a9b9c9d9e9f"
 473            "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf"
 474            "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf"
 475            "c0c1c2c3c4c5c6c7c8c9cacbcccdcecf"
 476            "d0d1d2d3d4d5d6d7d8d9dadbdcdddedf"
 477            "e0e1e2e3e4e5e6e7e8e9eaebecedeeef"
 478            "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
 479        .ciphertext =
 480            "27a7479befa1d476489f308cd4cfa6e2"
 481            "a96e4bbe3208ff25287dd3819616e89c"
 482            "c78cf7f5e543445f8333d8fa7f560000"
 483            "05279fa5d8b5e4ad40e736ddb4d35412"
 484            "328063fd2aab53e5ea1e0a9f332500a5"
 485            "df9487d07a5c92cc512c8866c7e860ce"
 486            "93fdf166a24912b422976146ae20ce84"
 487            "6bb7dc9ba94a767aaef20c0d61ad0265"
 488            "5ea92dc4c4e41a8952c651d33174be51"
 489            "a10c421110e6d81588ede82103a252d8"
 490            "a750e8768defffed9122810aaeb99f91"
 491            "72af82b604dc4b8e51bcb08235a6f434"
 492            "1332e4ca60482a4ba1a03b3e65008fc5"
 493            "da76b70bf1690db4eae29c5f1badd03c"
 494            "5ccf2a55d705ddcd86d449511ceb7ec3"
 495            "0bf12b1fa35b913f9f747a8afd1b130e"
 496            "94bff94effd01a91735ca1726acd0b19"
 497            "7c4e5b03393697e126826fb6bbde8ecc"
 498            "1e08298516e2c9ed03ff3c1b7860f6de"
 499            "76d4cecd94c8119855ef5297ca67e9f3"
 500            "e7ff72b1e99785ca0a7e7720c5b36dc6"
 501            "d72cac9574c8cbbc2f801e23e56fd344"
 502            "b07f22154beba0f08ce8891e643ed995"
 503            "c94d9a69c9f1b5f499027a78572aeebd"
 504            "74d20cc39881c213ee770b1010e4bea7"
 505            "18846977ae119f7a023ab58cca0ad752"
 506            "afe656bb3c17256a9f6e9bf19fdd5a38"
 507            "fc82bbe872c5539edb609ef4f79c203e"
 508            "bb140f2e583cb2ad15b4aa5b655016a8"
 509            "449277dbd477ef2c8d6c017db738b18d"
 510            "eb4a427d1923ce3ff262735779a418f2"
 511            "0a282df920147beabe421ee5319d0568",
 512    },
 513    {
 514        /* Bad config - cast5-128 has 8 byte block size
 515         * which is incompatible with XTS
 516         */
 517        .path = "/crypto/cipher/cast5-xts-128",
 518        .alg = QCRYPTO_CIPHER_ALG_CAST5_128,
 519        .mode = QCRYPTO_CIPHER_MODE_XTS,
 520        .key =
 521            "27182818284590452353602874713526"
 522            "31415926535897932384626433832795",
 523    },
 524    {
 525        /* NIST F.5.1 CTR-AES128.Encrypt */
 526        .path = "/crypto/cipher/aes-ctr-128",
 527        .alg = QCRYPTO_CIPHER_ALG_AES_128,
 528        .mode = QCRYPTO_CIPHER_MODE_CTR,
 529        .key = "2b7e151628aed2a6abf7158809cf4f3c",
 530        .iv = "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
 531        .plaintext  =
 532            "6bc1bee22e409f96e93d7e117393172a"
 533            "ae2d8a571e03ac9c9eb76fac45af8e51"
 534            "30c81c46a35ce411e5fbc1191a0a52ef"
 535            "f69f2445df4f9b17ad2b417be66c3710",
 536        .ciphertext =
 537            "874d6191b620e3261bef6864990db6ce"
 538            "9806f66b7970fdff8617187bb9fffdff"
 539            "5ae4df3edbd5d35e5b4f09020db03eab"
 540            "1e031dda2fbe03d1792170a0f3009cee",
 541    },
 542    {
 543        /* NIST F.5.3 CTR-AES192.Encrypt */
 544        .path = "/crypto/cipher/aes-ctr-192",
 545        .alg = QCRYPTO_CIPHER_ALG_AES_192,
 546        .mode = QCRYPTO_CIPHER_MODE_CTR,
 547        .key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b",
 548        .iv = "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
 549        .plaintext  =
 550            "6bc1bee22e409f96e93d7e117393172a"
 551            "ae2d8a571e03ac9c9eb76fac45af8e51"
 552            "30c81c46a35ce411e5fbc1191a0a52ef"
 553            "f69f2445df4f9b17ad2b417be66c3710",
 554        .ciphertext =
 555            "1abc932417521ca24f2b0459fe7e6e0b"
 556            "090339ec0aa6faefd5ccc2c6f4ce8e94"
 557            "1e36b26bd1ebc670d1bd1d665620abf7"
 558            "4f78a7f6d29809585a97daec58c6b050",
 559    },
 560    {
 561        /* NIST F.5.5 CTR-AES256.Encrypt */
 562        .path = "/crypto/cipher/aes-ctr-256",
 563        .alg = QCRYPTO_CIPHER_ALG_AES_256,
 564        .mode = QCRYPTO_CIPHER_MODE_CTR,
 565        .key = "603deb1015ca71be2b73aef0857d7781"
 566               "1f352c073b6108d72d9810a30914dff4",
 567        .iv = "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
 568        .plaintext  =
 569            "6bc1bee22e409f96e93d7e117393172a"
 570            "ae2d8a571e03ac9c9eb76fac45af8e51"
 571            "30c81c46a35ce411e5fbc1191a0a52ef"
 572            "f69f2445df4f9b17ad2b417be66c3710",
 573        .ciphertext =
 574            "601ec313775789a5b7a7f504bbf3d228"
 575            "f443e3ca4d62b59aca84e990cacaf5c5"
 576            "2b0930daa23de94ce87017ba2d84988d"
 577            "dfc9c58db67aada613c2dd08457941a6",
 578    }
 579};
 580
 581
 582static inline int unhex(char c)
 583{
 584    if (c >= 'a' && c <= 'f') {
 585        return 10 + (c - 'a');
 586    }
 587    if (c >= 'A' && c <= 'F') {
 588        return 10 + (c - 'A');
 589    }
 590    return c - '0';
 591}
 592
 593static inline char hex(int i)
 594{
 595    if (i < 10) {
 596        return '0' + i;
 597    }
 598    return 'a' + (i - 10);
 599}
 600
 601static size_t unhex_string(const char *hexstr,
 602                           uint8_t **data)
 603{
 604    size_t len;
 605    size_t i;
 606
 607    if (!hexstr) {
 608        *data = NULL;
 609        return 0;
 610    }
 611
 612    len = strlen(hexstr);
 613    *data = g_new0(uint8_t, len / 2);
 614
 615    for (i = 0; i < len; i += 2) {
 616        (*data)[i/2] = (unhex(hexstr[i]) << 4) | unhex(hexstr[i+1]);
 617    }
 618    return len / 2;
 619}
 620
 621static char *hex_string(const uint8_t *bytes,
 622                        size_t len)
 623{
 624    char *hexstr = g_new0(char, len * 2 + 1);
 625    size_t i;
 626
 627    for (i = 0; i < len; i++) {
 628        hexstr[i*2] = hex((bytes[i] >> 4) & 0xf);
 629        hexstr[i*2+1] = hex(bytes[i] & 0xf);
 630    }
 631    hexstr[len*2] = '\0';
 632
 633    return hexstr;
 634}
 635
 636static void test_cipher(const void *opaque)
 637{
 638    const QCryptoCipherTestData *data = opaque;
 639
 640    QCryptoCipher *cipher;
 641    uint8_t *key, *iv = NULL, *ciphertext = NULL,
 642        *plaintext = NULL, *outtext = NULL;
 643    size_t nkey, niv = 0, nciphertext = 0, nplaintext = 0;
 644    char *outtexthex = NULL;
 645    size_t ivsize, keysize, blocksize;
 646    Error *err = NULL;
 647
 648    nkey = unhex_string(data->key, &key);
 649    if (data->iv) {
 650        niv = unhex_string(data->iv, &iv);
 651    }
 652    if (data->ciphertext) {
 653        nciphertext = unhex_string(data->ciphertext, &ciphertext);
 654    }
 655    if (data->plaintext) {
 656        nplaintext = unhex_string(data->plaintext, &plaintext);
 657    }
 658
 659    g_assert(nciphertext == nplaintext);
 660
 661    outtext = g_new0(uint8_t, nciphertext);
 662
 663    cipher = qcrypto_cipher_new(
 664        data->alg, data->mode,
 665        key, nkey,
 666        &err);
 667    if (data->plaintext) {
 668        g_assert(err == NULL);
 669        g_assert(cipher != NULL);
 670    } else {
 671        error_free_or_abort(&err);
 672        g_assert(cipher == NULL);
 673        goto cleanup;
 674    }
 675
 676    keysize = qcrypto_cipher_get_key_len(data->alg);
 677    blocksize = qcrypto_cipher_get_block_len(data->alg);
 678    ivsize = qcrypto_cipher_get_iv_len(data->alg, data->mode);
 679
 680    if (data->mode == QCRYPTO_CIPHER_MODE_XTS) {
 681        g_assert_cmpint(keysize * 2, ==, nkey);
 682    } else {
 683        g_assert_cmpint(keysize, ==, nkey);
 684    }
 685    g_assert_cmpint(ivsize, ==, niv);
 686    if (niv) {
 687        g_assert_cmpint(blocksize, ==, niv);
 688    }
 689
 690    if (iv) {
 691        g_assert(qcrypto_cipher_setiv(cipher,
 692                                      iv, niv,
 693                                      &error_abort) == 0);
 694    }
 695    g_assert(qcrypto_cipher_encrypt(cipher,
 696                                    plaintext,
 697                                    outtext,
 698                                    nplaintext,
 699                                    &error_abort) == 0);
 700
 701    outtexthex = hex_string(outtext, nciphertext);
 702
 703    g_assert_cmpstr(outtexthex, ==, data->ciphertext);
 704
 705    g_free(outtexthex);
 706
 707    if (iv) {
 708        g_assert(qcrypto_cipher_setiv(cipher,
 709                                      iv, niv,
 710                                      &error_abort) == 0);
 711    }
 712    g_assert(qcrypto_cipher_decrypt(cipher,
 713                                    ciphertext,
 714                                    outtext,
 715                                    nplaintext,
 716                                    &error_abort) == 0);
 717
 718    outtexthex = hex_string(outtext, nplaintext);
 719
 720    g_assert_cmpstr(outtexthex, ==, data->plaintext);
 721
 722 cleanup:
 723    g_free(outtext);
 724    g_free(outtexthex);
 725    g_free(key);
 726    g_free(iv);
 727    g_free(ciphertext);
 728    g_free(plaintext);
 729    qcrypto_cipher_free(cipher);
 730}
 731
 732
 733static void test_cipher_null_iv(void)
 734{
 735    QCryptoCipher *cipher;
 736    uint8_t key[32] = { 0 };
 737    uint8_t plaintext[32] = { 0 };
 738    uint8_t ciphertext[32] = { 0 };
 739
 740    cipher = qcrypto_cipher_new(
 741        QCRYPTO_CIPHER_ALG_AES_256,
 742        QCRYPTO_CIPHER_MODE_CBC,
 743        key, sizeof(key),
 744        &error_abort);
 745    g_assert(cipher != NULL);
 746
 747    /* Don't call qcrypto_cipher_setiv */
 748
 749    qcrypto_cipher_encrypt(cipher,
 750                           plaintext,
 751                           ciphertext,
 752                           sizeof(plaintext),
 753                           &error_abort);
 754
 755    qcrypto_cipher_free(cipher);
 756}
 757
 758static void test_cipher_short_plaintext(void)
 759{
 760    Error *err = NULL;
 761    QCryptoCipher *cipher;
 762    uint8_t key[32] = { 0 };
 763    uint8_t plaintext1[20] = { 0 };
 764    uint8_t ciphertext1[20] = { 0 };
 765    uint8_t plaintext2[40] = { 0 };
 766    uint8_t ciphertext2[40] = { 0 };
 767    int ret;
 768
 769    cipher = qcrypto_cipher_new(
 770        QCRYPTO_CIPHER_ALG_AES_256,
 771        QCRYPTO_CIPHER_MODE_CBC,
 772        key, sizeof(key),
 773        &error_abort);
 774    g_assert(cipher != NULL);
 775
 776    /* Should report an error as plaintext is shorter
 777     * than block size
 778     */
 779    ret = qcrypto_cipher_encrypt(cipher,
 780                                 plaintext1,
 781                                 ciphertext1,
 782                                 sizeof(plaintext1),
 783                                 &err);
 784    g_assert(ret == -1);
 785    error_free_or_abort(&err);
 786
 787    /* Should report an error as plaintext is larger than
 788     * block size, but not a multiple of block size
 789     */
 790    ret = qcrypto_cipher_encrypt(cipher,
 791                                 plaintext2,
 792                                 ciphertext2,
 793                                 sizeof(plaintext2),
 794                                 &err);
 795    g_assert(ret == -1);
 796    error_free_or_abort(&err);
 797
 798    qcrypto_cipher_free(cipher);
 799}
 800
 801int main(int argc, char **argv)
 802{
 803    size_t i;
 804
 805    g_test_init(&argc, &argv, NULL);
 806
 807    g_assert(qcrypto_init(NULL) == 0);
 808
 809    for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
 810        if (qcrypto_cipher_supports(test_data[i].alg, test_data[i].mode)) {
 811            g_test_add_data_func(test_data[i].path, &test_data[i], test_cipher);
 812        }
 813    }
 814
 815    g_test_add_func("/crypto/cipher/null-iv",
 816                    test_cipher_null_iv);
 817
 818    g_test_add_func("/crypto/cipher/short-plaintext",
 819                    test_cipher_short_plaintext);
 820
 821    return g_test_run();
 822}
 823