diff options
-rw-r--r-- | testsuite/ocb-test.c | 182 |
1 files changed, 45 insertions, 137 deletions
diff --git a/testsuite/ocb-test.c b/testsuite/ocb-test.c index 7a952a62..3892ddda 100644 --- a/testsuite/ocb-test.c +++ b/testsuite/ocb-test.c @@ -1,148 +1,56 @@ #include "testutils.h" #include "nettle-internal.h" -/* FIXME: Lots of almost duplicated code with siv tests. */ -/* AEAD ciphers */ -typedef void -ocb_encrypt_message_func(const void *ctx, - size_t nlength, const uint8_t *nonce, - size_t alength, const uint8_t *adata, - size_t tlength, - size_t clength, uint8_t *dst, const uint8_t *src); - -typedef int -ocb_decrypt_message_func(const void *encrypt_ctx, const void *decrypt_ctx, - size_t nlength, const uint8_t *nonce, - size_t alength, const uint8_t *adata, - size_t tlength, - size_t mlength, uint8_t *dst, const uint8_t *src); +struct ocb_aes128_message_key +{ + struct ocb_aes128_encrypt_key encrypt_key; + struct aes128_ctx decrypt_key; +}; static void -test_compare_results(const char *name, - const struct tstring *adata, - /* Expected results. */ - const struct tstring *e_clear, - const struct tstring *e_cipher, - /* Actual results. */ - const void *clear, - const void *cipher) +ocb_aes128_set_encrypt_key_wrapper (struct ocb_aes128_message_key *key, + const uint8_t *aes_key) { - if (!MEMEQ(e_cipher->length, e_cipher->data, cipher)) - { - fprintf(stderr, "%s: encryption failed\nAdata: ", name); - tstring_print_hex(adata); - fprintf(stderr, "\nInput: "); - tstring_print_hex(e_clear); - fprintf(stderr, "\nOutput: "); - print_hex(e_cipher->length, cipher); - fprintf(stderr, "\nExpected:"); - tstring_print_hex(e_cipher); - fprintf(stderr, "\n"); - FAIL(); - } - if (!MEMEQ(e_clear->length, e_clear->data, clear)) - { - fprintf(stderr, "%s decrypt failed:\nAdata:", name); - tstring_print_hex(adata); - fprintf(stderr, "\nInput: "); - tstring_print_hex(e_cipher); - fprintf(stderr, "\nOutput: "); - print_hex(e_clear->length, clear); - fprintf(stderr, "\nExpected:"); - tstring_print_hex(e_clear); - fprintf(stderr, "\n"); - FAIL(); - } -} /* test_compare_results */ - + ocb_aes128_set_encrypt_key (&key->encrypt_key, aes_key); +} static void -test_ocb_message(const char *name, - nettle_set_key_func *set_encrypt_key, - nettle_set_key_func *set_decrypt_key, - ocb_encrypt_message_func *encrypt, - ocb_decrypt_message_func *decrypt, - size_t encrypt_context_size, size_t decrypt_context_size, - size_t key_size, size_t digest_size, - const struct tstring *key, - const struct tstring *nonce, - const struct tstring *authdata, - const struct tstring *cleartext, - const struct tstring *ciphertext) +ocb_aes128_set_decrypt_key_wrapper (struct ocb_aes128_message_key *key, + const uint8_t *aes_key) { - void *encrypt_ctx = xalloc(encrypt_context_size); - void *decrypt_ctx = xalloc(decrypt_context_size); - uint8_t *en_data; - uint8_t *de_data; - int ret; - - ASSERT (key->length == key_size); - ASSERT (cleartext->length + digest_size == ciphertext->length); - - de_data = xalloc(cleartext->length); - en_data = xalloc(ciphertext->length); - - /* Ensure we get the same answers using the all-in-one API. */ - memset(de_data, 0, cleartext->length); - memset(en_data, 0, ciphertext->length); - - set_encrypt_key(encrypt_ctx, key->data); - encrypt(encrypt_ctx, nonce->length, nonce->data, - authdata->length, authdata->data, digest_size, - ciphertext->length, en_data, cleartext->data); - - set_decrypt_key(decrypt_ctx, key->data); - - ret = decrypt(encrypt_ctx, decrypt_ctx, nonce->length, nonce->data, - authdata->length, authdata->data, digest_size, - cleartext->length, de_data, ciphertext->data); - - if (ret != 1) - { - fprintf(stderr, "decrypt_message failed to validate message\n"); - FAIL(); - } - test_compare_results(name, authdata, - cleartext, ciphertext, de_data, en_data); - - /* Ensure that we can detect corrupted message or tag data. */ - en_data[0] ^= 1; - ret = decrypt(encrypt_ctx, decrypt_ctx, nonce->length, nonce->data, - authdata->length, authdata->data, digest_size, - cleartext->length, de_data, en_data); - if (ret != 0) - { - fprintf(stderr, "decrypt_message failed to detect corrupted message\n"); - FAIL(); - } - - /* Ensure we can detect corrupted adata. */ - if (authdata->length) { - en_data[0] ^= 1; - ret = decrypt(encrypt_ctx, decrypt_ctx, nonce->length, nonce->data, - authdata->length-1, authdata->data, digest_size, - cleartext->length, de_data, en_data); - if (ret != 0) - { - fprintf(stderr, "siv_decrypt_message failed to detect corrupted message\n"); - FAIL(); - } - } - - free(encrypt_ctx); - free(decrypt_ctx); - free(en_data); - free(de_data); + ocb_aes128_set_decrypt_key (&key->encrypt_key, &key->decrypt_key, aes_key); +} +static void +ocb_aes128_encrypt_message_wrapper (const struct ocb_aes128_message_key *key, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t clength, uint8_t *dst, const uint8_t *src) +{ + ocb_aes128_encrypt_message (&key->encrypt_key, nlength, nonce, alength, adata, + OCB_DIGEST_SIZE, clength, dst, src); +} +static int +ocb_aes128_decrypt_message_wrapper (const struct ocb_aes128_message_key *key, + size_t nlength, const uint8_t *nonce, + size_t alength, const uint8_t *adata, + size_t mlength, uint8_t *dst, const uint8_t *src) +{ + return ocb_aes128_decrypt_message (&key->encrypt_key, &key->decrypt_key, + nlength, nonce, alength, adata, + OCB_DIGEST_SIZE, mlength, dst, src); } -#define test_ocb_aes128(key, nonce, authdata, cleartext, ciphertext) \ - test_ocb_message("ocb_aes128", \ - (nettle_set_key_func*)ocb_aes128_set_encrypt_key, \ - (nettle_set_key_func*)aes128_set_decrypt_key, \ - (ocb_encrypt_message_func*)ocb_aes128_encrypt_message, \ - (ocb_decrypt_message_func*)ocb_aes128_decrypt_message, \ - sizeof(struct ocb_aes128_ctx), sizeof(struct aes128_ctx), \ - AES128_KEY_SIZE, OCB_DIGEST_SIZE, \ - key, nonce, authdata, cleartext, ciphertext) +static const struct nettle_aead_message +ocb_aes128_message = { + "ocb_aes128", + sizeof(struct ocb_aes128_message_key), + AES128_KEY_SIZE, + OCB_DIGEST_SIZE, + 1, /* Supports in-place operation. */ + (nettle_set_key_func*) ocb_aes128_set_encrypt_key_wrapper, + (nettle_set_key_func*) ocb_aes128_set_decrypt_key_wrapper, + (nettle_encrypt_message_func*) ocb_aes128_encrypt_message_wrapper, + (nettle_decrypt_message_func*) ocb_aes128_decrypt_message_wrapper, +}; /* For 96-bit tag */ static void @@ -376,14 +284,14 @@ test_main(void) SHEX("8a24edb596b59425 43ec197d5369979b")); /* tag */ /* Test the all-in-one message functions. */ - test_ocb_aes128( + test_aead_message(&ocb_aes128_message, SHEX("000102030405060708090A0B0C0D0E0F"), /* key */ SHEX("BBAA99887766554433221100"), /* nonce */ SHEX(""), /* auth data */ SHEX(""), /* plaintext */ SHEX("785407BFFFC8AD9EDCC5520AC9111EE6")); - test_ocb_aes128( + test_aead_message(&ocb_aes128_message, SHEX("000102030405060708090A0B0C0D0E0F"), /* key */ SHEX("BBAA99887766554433221101"), /* nonce */ SHEX("0001020304050607"), /* auth data */ |