tests: added openssl compatibility tests for AES-GCM cipher

8 files changed, 191 insertions, 7 deletions

diff --git a/.gitignore b/.gitignore
index eb3251f369..136127b23a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -873,3 +873,4 @@ tests/pkcs11/pkcs11-pubkey-import-ecdsa
 tests/pkcs11/pkcs11-pubkey-import-rsa
 tests/softhsm-*.db/
 tests/status-request-missing
+tests/slow/cipher-openssl-compat
diff --git a/README.md b/README.md
index 8fea08d053..2faa19bd0b 100644
--- a/README.md
+++ b/README.md
@@ -77,13 +77,13 @@ and polarssl.
 
 Debian/Ubuntu:
 ```
-apt-get install -y valgrind libasan1 nodejs softhsm datefudge lcov
+apt-get install -y valgrind libasan1 nodejs softhsm datefudge lcov libssl-dev
 apt-get install -y dieharder libpolarssl-runtime openssl abi-compliance-checker
 ```
 
 Fedora/RHEL:
 ```
-yum install -y valgrind libasan nodejs softhsm datefudge lcov
+yum install -y valgrind libasan nodejs softhsm datefudge lcov openssl-devel
 yum install -y dieharder mbedtls-utils openssl abi-compliance-checker
 ```
 
diff --git a/configure.ac b/configure.ac
index b6653d1c37..226fd7432f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -255,6 +255,12 @@ AM_CONDITIONAL(HAVE_SECCOMP_TESTS, test "$seccomp_tests" = "yes")
 AC_LIB_HAVE_LINKFLAGS(seccomp,, [#include <seccomp.h>  
 ], [seccomp_init(0);])
 
+# check for libcrypto - used in test programs
+AC_LIB_HAVE_LINKFLAGS(crypto,, [#include <openssl/evp.h>  
+], [EVP_CIPHER_CTX_init(NULL);])
+
+AM_CONDITIONAL(HAVE_LIBCRYPTO, test "$HAVE_LIBCRYPTO" = "yes")
+
 AC_LIB_HAVE_LINKFLAGS(rt,, [#include <time.h>
 #include <signal.h>
 ], [timer_create (0,0,0);])
diff --git a/tests/slow/Makefile.am b/tests/slow/Makefile.am
index 302b9067ba..0582b52664 100644
--- a/tests/slow/Makefile.am
+++ b/tests/slow/Makefile.am
@@ -47,9 +47,18 @@ cipher_override_LDFLAGS = $(NETTLE_LIBS) $(HOGWEED_LIBS) $(GMP_LIBS) $(LDADD)
 mac_override_LDFLAGS = $(NETTLE_LIBS) $(HOGWEED_LIBS) $(GMP_LIBS) $(LDADD)
 endif
 
-dist_check_SCRIPTS = test-ciphers override-ciphers test-hash-large
+
+dist_check_SCRIPTS = test-ciphers.sh override-ciphers test-hash-large test-ciphers-common.sh
 check_PROGRAMS = $(ctests) cipher-test cipher-override mac-override cipher-override2 hash-large
-TESTS = $(ctests) test-ciphers override-ciphers test-hash-large
+TESTS = $(ctests) test-ciphers.sh override-ciphers test-hash-large
+
+if HAVE_LIBCRYPTO
+cipher_openssl_compat_LDFLAGS = $(LDADD) $(LIBCRYPTO)
+
+dist_check_SCRIPTS += test-ciphers-openssl.sh
+check_PROGRAMS += cipher-openssl-compat
+TESTS += test-ciphers-openssl.sh
+endif
 
 EXTRA_DIST = README
 
diff --git a/tests/slow/cipher-openssl-compat.c b/tests/slow/cipher-openssl-compat.c
new file mode 100644
index 0000000000..e2b9b28360
--- /dev/null
+++ b/tests/slow/cipher-openssl-compat.c
@@ -0,0 +1,117 @@
+#include <config.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+#include <utils.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+#include <openssl/evp.h>
+
+/* This does check the AES and CHACHA20 implementations for compatibility
+ * with openssl.
+ */
+
+#define BSIZE (64*1024+12)
+#define B2SIZE (1024+7)
+static unsigned char buffer_auth[B2SIZE];
+static unsigned char orig_plain_data[BSIZE];
+static unsigned char enc_data[BSIZE+32]; /* allow for tag */
+static unsigned char dec_data[BSIZE];
+
+static int cipher_test(const char *ocipher, gnutls_cipher_algorithm_t gcipher, unsigned tag_size)
+{
+	int ret;
+	gnutls_aead_cipher_hd_t hd;
+	gnutls_datum_t dkey, dnonce;
+	unsigned char key[32];
+	unsigned char nonce[32];
+	size_t enc_data_size, dec_data_size;
+	int dec_data_size2;
+	EVP_CIPHER_CTX ctx;
+	const EVP_CIPHER *evp_cipher;
+	unsigned char tag[64];
+
+	assert(gnutls_rnd(GNUTLS_RND_NONCE, orig_plain_data, sizeof(orig_plain_data)) >= 0);
+	assert(gnutls_rnd(GNUTLS_RND_NONCE, buffer_auth, sizeof(buffer_auth)) >= 0);
+	assert(gnutls_rnd(GNUTLS_RND_NONCE, key, sizeof(key)) >= 0);
+	assert(gnutls_rnd(GNUTLS_RND_NONCE, nonce, sizeof(nonce)) >= 0);
+
+	dkey.data = (void*)key;
+	dkey.size = gnutls_cipher_get_key_size(gcipher);
+	assert(gnutls_aead_cipher_init(&hd, gcipher, &dkey) >= 0);
+
+	dnonce.data = (void*)nonce;
+	dnonce.size = gnutls_cipher_get_iv_size(gcipher);
+
+	enc_data_size = sizeof(enc_data);
+	assert(gnutls_aead_cipher_encrypt(hd, dnonce.data, dnonce.size, 
+		buffer_auth, sizeof(buffer_auth), tag_size, orig_plain_data, sizeof(orig_plain_data),
+		enc_data, &enc_data_size) >= 0);
+
+	if (debug)
+		success("encrypted %d bytes, to %d\n", (int)sizeof(orig_plain_data), (int)enc_data_size);
+
+	dec_data_size = sizeof(dec_data);
+	ret = gnutls_aead_cipher_decrypt(hd, dnonce.data, dnonce.size, 
+		buffer_auth, sizeof(buffer_auth), tag_size, enc_data, enc_data_size,
+		dec_data, &dec_data_size);
+	if (ret < 0) {
+		fail("error in gnutls_aead_cipher_decrypt for %s: %s\n", ocipher, gnutls_strerror(ret));
+	}
+
+	if (dec_data_size != sizeof(orig_plain_data) || memcmp(dec_data, orig_plain_data, sizeof(orig_plain_data)) != 0) {
+		fail("gnutls encrypt-decrypt failed (got: %d, expected: %d)\n", (int)dec_data_size, (int)sizeof(orig_plain_data));
+	}
+
+	gnutls_aead_cipher_deinit(hd);
+
+	/* decrypt with openssl */
+	evp_cipher = EVP_get_cipherbyname(ocipher);
+	if (!evp_cipher)
+		fail("EVP_get_cipherbyname failed for %s\n", ocipher);
+
+	EVP_CIPHER_CTX_init(&ctx);
+	assert(EVP_CipherInit_ex(&ctx, evp_cipher, NULL, key, nonce, 0) > 0);
+
+	EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, tag_size, enc_data+enc_data_size-tag_size);
+
+	dec_data_size2 = sizeof(dec_data);
+	assert(EVP_CipherUpdate(&ctx, NULL, &dec_data_size2, buffer_auth, sizeof(buffer_auth)) > 0);
+	dec_data_size2 = sizeof(dec_data);
+	assert(EVP_CipherUpdate(&ctx, dec_data, &dec_data_size2, enc_data, enc_data_size-tag_size) > 0);
+
+	dec_data_size = dec_data_size2;
+	dec_data_size2 = tag_size;
+	assert(EVP_CipherFinal_ex(&ctx, tag, &dec_data_size2) > 0);
+
+	if (dec_data_size != sizeof(orig_plain_data) || memcmp(dec_data, orig_plain_data, sizeof(orig_plain_data)) != 0) {
+		fail("openssl decrypt failed for %s\n", ocipher);
+	}
+
+	return 0;
+}
+
+static void tls_log_func(int level, const char *str)
+{
+	fprintf(stderr, "<%d>| %s", level, str);
+}
+
+void doit(void)
+{
+	gnutls_global_set_log_function(tls_log_func);
+	if (debug)
+		gnutls_global_set_log_level(4711);
+
+	global_init();
+	OpenSSL_add_all_algorithms();
+
+	/* ciphers */
+	cipher_test("aes-128-gcm", GNUTLS_CIPHER_AES_128_GCM, 16);
+	cipher_test("aes-256-gcm", GNUTLS_CIPHER_AES_256_GCM, 16);
+
+	gnutls_global_deinit();
+	return;
+}
+
diff --git a/tests/slow/test-ciphers b/tests/slow/test-ciphers-common.sh
index 280f60d066..e5e2d51ac8 100755..100644
--- a/tests/slow/test-ciphers
+++ b/tests/slow/test-ciphers-common.sh
@@ -1,5 +1,3 @@
-#!/bin/sh
-
 # Copyright (C) 2014 Red Hat, Inc.
 #
 # Author: Nikos Mavrogiannopoulos
@@ -20,7 +18,6 @@
 # along with GnuTLS; if not, write to the Free Software Foundation,
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
-PROG=./cipher-test${EXEEXT}
 unset RETCODE
 if ! test -z "${VALGRIND}"; then
 	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
diff --git a/tests/slow/test-ciphers-openssl.sh b/tests/slow/test-ciphers-openssl.sh
new file mode 100755
index 0000000000..b025fcc600
--- /dev/null
+++ b/tests/slow/test-ciphers-openssl.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# Copyright (C) 2016 Nikos Mavrogiannopoulos
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+srcdir="${srcdir:-.}"
+PROG=./cipher-openssl-compat${EXEEXT}
+
+. "${srcdir}/test-ciphers-common.sh"
+
diff --git a/tests/slow/test-ciphers.sh b/tests/slow/test-ciphers.sh
new file mode 100755
index 0000000000..abc020be6b
--- /dev/null
+++ b/tests/slow/test-ciphers.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# Copyright (C) 2014 Red Hat, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+srcdir="${srcdir:-.}"
+PROG=./cipher-test${EXEEXT}
+
+. "${srcdir}/test-ciphers-common.sh"
+