mirror of
https://github.com/xemu-project/xemu.git
synced 2024-11-25 12:40:08 +00:00
681c28a33e
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Tested-by: Eric Blake <eblake@redhat.com>
394 lines
12 KiB
C
394 lines
12 KiB
C
/*
|
|
* QEMU Crypto cipher algorithms
|
|
*
|
|
* Copyright (c) 2015 Red Hat, Inc.
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
*/
|
|
|
|
#include "qemu/osdep.h"
|
|
#include <glib.h>
|
|
|
|
#include "crypto/init.h"
|
|
#include "crypto/cipher.h"
|
|
|
|
typedef struct QCryptoCipherTestData QCryptoCipherTestData;
|
|
struct QCryptoCipherTestData {
|
|
const char *path;
|
|
QCryptoCipherAlgorithm alg;
|
|
QCryptoCipherMode mode;
|
|
const char *key;
|
|
const char *plaintext;
|
|
const char *ciphertext;
|
|
const char *iv;
|
|
};
|
|
|
|
/* AES test data comes from appendix F of:
|
|
*
|
|
* http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
|
|
*/
|
|
static QCryptoCipherTestData test_data[] = {
|
|
{
|
|
/* NIST F.1.1 ECB-AES128.Encrypt */
|
|
.path = "/crypto/cipher/aes-ecb-128",
|
|
.alg = QCRYPTO_CIPHER_ALG_AES_128,
|
|
.mode = QCRYPTO_CIPHER_MODE_ECB,
|
|
.key = "2b7e151628aed2a6abf7158809cf4f3c",
|
|
.plaintext =
|
|
"6bc1bee22e409f96e93d7e117393172a"
|
|
"ae2d8a571e03ac9c9eb76fac45af8e51"
|
|
"30c81c46a35ce411e5fbc1191a0a52ef"
|
|
"f69f2445df4f9b17ad2b417be66c3710",
|
|
.ciphertext =
|
|
"3ad77bb40d7a3660a89ecaf32466ef97"
|
|
"f5d3d58503b9699de785895a96fdbaaf"
|
|
"43b1cd7f598ece23881b00e3ed030688"
|
|
"7b0c785e27e8ad3f8223207104725dd4"
|
|
},
|
|
{
|
|
/* NIST F.1.3 ECB-AES192.Encrypt */
|
|
.path = "/crypto/cipher/aes-ecb-192",
|
|
.alg = QCRYPTO_CIPHER_ALG_AES_192,
|
|
.mode = QCRYPTO_CIPHER_MODE_ECB,
|
|
.key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b",
|
|
.plaintext =
|
|
"6bc1bee22e409f96e93d7e117393172a"
|
|
"ae2d8a571e03ac9c9eb76fac45af8e51"
|
|
"30c81c46a35ce411e5fbc1191a0a52ef"
|
|
"f69f2445df4f9b17ad2b417be66c3710",
|
|
.ciphertext =
|
|
"bd334f1d6e45f25ff712a214571fa5cc"
|
|
"974104846d0ad3ad7734ecb3ecee4eef"
|
|
"ef7afd2270e2e60adce0ba2face6444e"
|
|
"9a4b41ba738d6c72fb16691603c18e0e"
|
|
},
|
|
{
|
|
/* NIST F.1.5 ECB-AES256.Encrypt */
|
|
.path = "/crypto/cipher/aes-ecb-256",
|
|
.alg = QCRYPTO_CIPHER_ALG_AES_256,
|
|
.mode = QCRYPTO_CIPHER_MODE_ECB,
|
|
.key =
|
|
"603deb1015ca71be2b73aef0857d7781"
|
|
"1f352c073b6108d72d9810a30914dff4",
|
|
.plaintext =
|
|
"6bc1bee22e409f96e93d7e117393172a"
|
|
"ae2d8a571e03ac9c9eb76fac45af8e51"
|
|
"30c81c46a35ce411e5fbc1191a0a52ef"
|
|
"f69f2445df4f9b17ad2b417be66c3710",
|
|
.ciphertext =
|
|
"f3eed1bdb5d2a03c064b5a7e3db181f8"
|
|
"591ccb10d410ed26dc5ba74a31362870"
|
|
"b6ed21b99ca6f4f9f153e7b1beafed1d"
|
|
"23304b7a39f9f3ff067d8d8f9e24ecc7",
|
|
},
|
|
{
|
|
/* NIST F.2.1 CBC-AES128.Encrypt */
|
|
.path = "/crypto/cipher/aes-cbc-128",
|
|
.alg = QCRYPTO_CIPHER_ALG_AES_128,
|
|
.mode = QCRYPTO_CIPHER_MODE_CBC,
|
|
.key = "2b7e151628aed2a6abf7158809cf4f3c",
|
|
.iv = "000102030405060708090a0b0c0d0e0f",
|
|
.plaintext =
|
|
"6bc1bee22e409f96e93d7e117393172a"
|
|
"ae2d8a571e03ac9c9eb76fac45af8e51"
|
|
"30c81c46a35ce411e5fbc1191a0a52ef"
|
|
"f69f2445df4f9b17ad2b417be66c3710",
|
|
.ciphertext =
|
|
"7649abac8119b246cee98e9b12e9197d"
|
|
"5086cb9b507219ee95db113a917678b2"
|
|
"73bed6b8e3c1743b7116e69e22229516"
|
|
"3ff1caa1681fac09120eca307586e1a7",
|
|
},
|
|
{
|
|
/* NIST F.2.3 CBC-AES128.Encrypt */
|
|
.path = "/crypto/cipher/aes-cbc-192",
|
|
.alg = QCRYPTO_CIPHER_ALG_AES_192,
|
|
.mode = QCRYPTO_CIPHER_MODE_CBC,
|
|
.key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b",
|
|
.iv = "000102030405060708090a0b0c0d0e0f",
|
|
.plaintext =
|
|
"6bc1bee22e409f96e93d7e117393172a"
|
|
"ae2d8a571e03ac9c9eb76fac45af8e51"
|
|
"30c81c46a35ce411e5fbc1191a0a52ef"
|
|
"f69f2445df4f9b17ad2b417be66c3710",
|
|
.ciphertext =
|
|
"4f021db243bc633d7178183a9fa071e8"
|
|
"b4d9ada9ad7dedf4e5e738763f69145a"
|
|
"571b242012fb7ae07fa9baac3df102e0"
|
|
"08b0e27988598881d920a9e64f5615cd",
|
|
},
|
|
{
|
|
/* NIST F.2.5 CBC-AES128.Encrypt */
|
|
.path = "/crypto/cipher/aes-cbc-256",
|
|
.alg = QCRYPTO_CIPHER_ALG_AES_256,
|
|
.mode = QCRYPTO_CIPHER_MODE_CBC,
|
|
.key =
|
|
"603deb1015ca71be2b73aef0857d7781"
|
|
"1f352c073b6108d72d9810a30914dff4",
|
|
.iv = "000102030405060708090a0b0c0d0e0f",
|
|
.plaintext =
|
|
"6bc1bee22e409f96e93d7e117393172a"
|
|
"ae2d8a571e03ac9c9eb76fac45af8e51"
|
|
"30c81c46a35ce411e5fbc1191a0a52ef"
|
|
"f69f2445df4f9b17ad2b417be66c3710",
|
|
.ciphertext =
|
|
"f58c4c04d6e5f1ba779eabfb5f7bfbd6"
|
|
"9cfc4e967edb808d679f777bc6702c7d"
|
|
"39f23369a9d9bacfa530e26304231461"
|
|
"b2eb05e2c39be9fcda6c19078c6a9d1b",
|
|
},
|
|
{
|
|
.path = "/crypto/cipher/des-rfb-ecb-56",
|
|
.alg = QCRYPTO_CIPHER_ALG_DES_RFB,
|
|
.mode = QCRYPTO_CIPHER_MODE_ECB,
|
|
.key = "0123456789abcdef",
|
|
.plaintext =
|
|
"6bc1bee22e409f96e93d7e117393172a"
|
|
"ae2d8a571e03ac9c9eb76fac45af8e51"
|
|
"30c81c46a35ce411e5fbc1191a0a52ef"
|
|
"f69f2445df4f9b17ad2b417be66c3710",
|
|
.ciphertext =
|
|
"8f346aaf64eaf24040720d80648c52e7"
|
|
"aefc616be53ab1a3d301e69d91e01838"
|
|
"ffd29f1bb5596ad94ea2d8e6196b7f09"
|
|
"30d8ed0bf2773af36dd82a6280c20926",
|
|
},
|
|
};
|
|
|
|
|
|
static inline int unhex(char c)
|
|
{
|
|
if (c >= 'a' && c <= 'f') {
|
|
return 10 + (c - 'a');
|
|
}
|
|
if (c >= 'A' && c <= 'F') {
|
|
return 10 + (c - 'A');
|
|
}
|
|
return c - '0';
|
|
}
|
|
|
|
static inline char hex(int i)
|
|
{
|
|
if (i < 10) {
|
|
return '0' + i;
|
|
}
|
|
return 'a' + (i - 10);
|
|
}
|
|
|
|
static size_t unhex_string(const char *hexstr,
|
|
uint8_t **data)
|
|
{
|
|
size_t len;
|
|
size_t i;
|
|
|
|
if (!hexstr) {
|
|
*data = NULL;
|
|
return 0;
|
|
}
|
|
|
|
len = strlen(hexstr);
|
|
*data = g_new0(uint8_t, len / 2);
|
|
|
|
for (i = 0; i < len; i += 2) {
|
|
(*data)[i/2] = (unhex(hexstr[i]) << 4) | unhex(hexstr[i+1]);
|
|
}
|
|
return len / 2;
|
|
}
|
|
|
|
static char *hex_string(const uint8_t *bytes,
|
|
size_t len)
|
|
{
|
|
char *hexstr = g_new0(char, len * 2 + 1);
|
|
size_t i;
|
|
|
|
for (i = 0; i < len; i++) {
|
|
hexstr[i*2] = hex((bytes[i] >> 4) & 0xf);
|
|
hexstr[i*2+1] = hex(bytes[i] & 0xf);
|
|
}
|
|
hexstr[len*2] = '\0';
|
|
|
|
return hexstr;
|
|
}
|
|
|
|
static void test_cipher(const void *opaque)
|
|
{
|
|
const QCryptoCipherTestData *data = opaque;
|
|
|
|
QCryptoCipher *cipher;
|
|
uint8_t *key, *iv, *ciphertext, *plaintext, *outtext;
|
|
size_t nkey, niv, nciphertext, nplaintext;
|
|
char *outtexthex;
|
|
size_t ivsize, keysize, blocksize;
|
|
|
|
nkey = unhex_string(data->key, &key);
|
|
niv = unhex_string(data->iv, &iv);
|
|
nciphertext = unhex_string(data->ciphertext, &ciphertext);
|
|
nplaintext = unhex_string(data->plaintext, &plaintext);
|
|
|
|
g_assert(nciphertext == nplaintext);
|
|
|
|
outtext = g_new0(uint8_t, nciphertext);
|
|
|
|
cipher = qcrypto_cipher_new(
|
|
data->alg, data->mode,
|
|
key, nkey,
|
|
&error_abort);
|
|
g_assert(cipher != NULL);
|
|
|
|
keysize = qcrypto_cipher_get_key_len(data->alg);
|
|
blocksize = qcrypto_cipher_get_block_len(data->alg);
|
|
ivsize = qcrypto_cipher_get_iv_len(data->alg, data->mode);
|
|
|
|
g_assert_cmpint(keysize, ==, nkey);
|
|
g_assert_cmpint(ivsize, ==, niv);
|
|
if (niv) {
|
|
g_assert_cmpint(blocksize, ==, niv);
|
|
}
|
|
|
|
if (iv) {
|
|
g_assert(qcrypto_cipher_setiv(cipher,
|
|
iv, niv,
|
|
&error_abort) == 0);
|
|
}
|
|
g_assert(qcrypto_cipher_encrypt(cipher,
|
|
plaintext,
|
|
outtext,
|
|
nplaintext,
|
|
&error_abort) == 0);
|
|
|
|
outtexthex = hex_string(outtext, nciphertext);
|
|
|
|
g_assert_cmpstr(outtexthex, ==, data->ciphertext);
|
|
|
|
g_free(outtexthex);
|
|
|
|
if (iv) {
|
|
g_assert(qcrypto_cipher_setiv(cipher,
|
|
iv, niv,
|
|
&error_abort) == 0);
|
|
}
|
|
g_assert(qcrypto_cipher_decrypt(cipher,
|
|
ciphertext,
|
|
outtext,
|
|
nplaintext,
|
|
&error_abort) == 0);
|
|
|
|
outtexthex = hex_string(outtext, nplaintext);
|
|
|
|
g_assert_cmpstr(outtexthex, ==, data->plaintext);
|
|
|
|
g_free(outtext);
|
|
g_free(outtexthex);
|
|
g_free(key);
|
|
g_free(iv);
|
|
g_free(ciphertext);
|
|
g_free(plaintext);
|
|
qcrypto_cipher_free(cipher);
|
|
}
|
|
|
|
|
|
static void test_cipher_null_iv(void)
|
|
{
|
|
QCryptoCipher *cipher;
|
|
uint8_t key[32] = { 0 };
|
|
uint8_t plaintext[32] = { 0 };
|
|
uint8_t ciphertext[32] = { 0 };
|
|
|
|
cipher = qcrypto_cipher_new(
|
|
QCRYPTO_CIPHER_ALG_AES_256,
|
|
QCRYPTO_CIPHER_MODE_CBC,
|
|
key, sizeof(key),
|
|
&error_abort);
|
|
g_assert(cipher != NULL);
|
|
|
|
/* Don't call qcrypto_cipher_setiv */
|
|
|
|
qcrypto_cipher_encrypt(cipher,
|
|
plaintext,
|
|
ciphertext,
|
|
sizeof(plaintext),
|
|
&error_abort);
|
|
|
|
qcrypto_cipher_free(cipher);
|
|
}
|
|
|
|
static void test_cipher_short_plaintext(void)
|
|
{
|
|
Error *err = NULL;
|
|
QCryptoCipher *cipher;
|
|
uint8_t key[32] = { 0 };
|
|
uint8_t plaintext1[20] = { 0 };
|
|
uint8_t ciphertext1[20] = { 0 };
|
|
uint8_t plaintext2[40] = { 0 };
|
|
uint8_t ciphertext2[40] = { 0 };
|
|
int ret;
|
|
|
|
cipher = qcrypto_cipher_new(
|
|
QCRYPTO_CIPHER_ALG_AES_256,
|
|
QCRYPTO_CIPHER_MODE_CBC,
|
|
key, sizeof(key),
|
|
&error_abort);
|
|
g_assert(cipher != NULL);
|
|
|
|
/* Should report an error as plaintext is shorter
|
|
* than block size
|
|
*/
|
|
ret = qcrypto_cipher_encrypt(cipher,
|
|
plaintext1,
|
|
ciphertext1,
|
|
sizeof(plaintext1),
|
|
&err);
|
|
g_assert(ret == -1);
|
|
g_assert(err != NULL);
|
|
|
|
error_free(err);
|
|
err = NULL;
|
|
|
|
/* Should report an error as plaintext is larger than
|
|
* block size, but not a multiple of block size
|
|
*/
|
|
ret = qcrypto_cipher_encrypt(cipher,
|
|
plaintext2,
|
|
ciphertext2,
|
|
sizeof(plaintext2),
|
|
&err);
|
|
g_assert(ret == -1);
|
|
g_assert(err != NULL);
|
|
|
|
error_free(err);
|
|
qcrypto_cipher_free(cipher);
|
|
}
|
|
|
|
int main(int argc, char **argv)
|
|
{
|
|
size_t i;
|
|
|
|
g_test_init(&argc, &argv, NULL);
|
|
|
|
g_assert(qcrypto_init(NULL) == 0);
|
|
|
|
for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
|
|
g_test_add_data_func(test_data[i].path, &test_data[i], test_cipher);
|
|
}
|
|
|
|
g_test_add_func("/crypto/cipher/null-iv",
|
|
test_cipher_null_iv);
|
|
|
|
g_test_add_func("/crypto/cipher/short-plaintext",
|
|
test_cipher_short_plaintext);
|
|
|
|
return g_test_run();
|
|
}
|