Skip to content

Commit

Permalink
Bug 373108 Test cases for CTS and GCM
Browse files Browse the repository at this point in the history
  • Loading branch information
rrelyea%redhat.com committed Jan 25, 2013
1 parent a684746 commit 3e1cf55
Show file tree
Hide file tree
Showing 112 changed files with 1,345 additions and 13 deletions.
157 changes: 144 additions & 13 deletions security/nss/cmd/bltest/blapitest.c
View file
Expand Up @@ -19,6 +19,7 @@
#include "nspr.h"
#include "secport.h"
#include "secoid.h"
#include "nssutil.h"

#ifdef NSS_ENABLE_ECC
#include "ecl-curve.h"
Expand Down Expand Up @@ -105,6 +106,7 @@ static void Usage()
PRINTUSAGE("", "-p", "do performance test");
PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
PRINTUSAGE("", "--aad", "File with contains additional auth data");
PRINTUSAGE("(rsa)", "-e", "rsa public exponent");
PRINTUSAGE("(rc5)", "-r", "number of rounds");
PRINTUSAGE("(rc5)", "-w", "wordsize (32 or 64)");
Expand All @@ -120,6 +122,7 @@ static void Usage()
PRINTUSAGE("", "-p", "do performance test");
PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
PRINTUSAGE("", "--aad", "File with contains additional auth data");
fprintf(stderr, "\n");
PRINTUSAGE(progName, "-H -m mode", "Hash a buffer");
PRINTUSAGE("", "", "[-i plaintext] [-o hash]");
Expand Down Expand Up @@ -641,6 +644,9 @@ typedef enum {
#endif
bltestAES_ECB, /* . */
bltestAES_CBC, /* . */
bltestAES_CTS, /* . */
bltestAES_CTR, /* . */
bltestAES_GCM, /* . */
bltestCAMELLIA_ECB, /* . */
bltestCAMELLIA_CBC, /* . */
bltestSEED_ECB, /* SEED algorithm */
Expand Down Expand Up @@ -675,6 +681,9 @@ static char *mode_strings[] =
#endif
"aes_ecb",
"aes_cbc",
"aes_cts",
"aes_ctr",
"aes_gcm",
"camellia_ecb",
"camellia_cbc",
"seed_ecb",
Expand All @@ -700,6 +709,12 @@ typedef struct
bltestIO iv;
} bltestSymmKeyParams;

typedef struct
{
bltestSymmKeyParams sk; /* must be first */
bltestIO aad;
} bltestAuthSymmKeyParams;

typedef struct
{
bltestIO key;
Expand Down Expand Up @@ -748,6 +763,7 @@ typedef union
{
bltestIO key;
bltestSymmKeyParams sk;
bltestAuthSymmKeyParams ask;
bltestRC5Params rc5;
bltestRSAParams rsa;
bltestDSAParams dsa;
Expand Down Expand Up @@ -800,6 +816,27 @@ is_symmkeyCipher(bltestCipherMode mode)
return PR_FALSE;
}

PRBool
is_authCipher(bltestCipherMode mode)
{
/* change as needed! */
if (mode == bltestAES_GCM)
return PR_TRUE;
return PR_FALSE;
}


PRBool
is_singleShotCipher(bltestCipherMode mode)
{
/* change as needed! */
if (mode == bltestAES_GCM)
return PR_TRUE;
if (mode == bltestAES_CTS)
return PR_TRUE;
return PR_FALSE;
}

PRBool
is_pubkeyCipher(bltestCipherMode mode)
{
Expand Down Expand Up @@ -838,10 +875,11 @@ cipher_requires_IV(bltestCipherMode mode)
if (mode == bltestDES_CBC || mode == bltestDES_EDE_CBC ||
mode == bltestRC2_CBC ||
#ifdef NSS_SOFTOKEN_DOES_RC5
mode == bltestRC5_CBC ||
mode == bltestRC5_CBC ||
#endif
mode == bltestAES_CBC || mode == bltestCAMELLIA_CBC||
mode == bltestSEED_CBC)
mode == bltestAES_CBC || mode == bltestAES_CTS ||
mode == bltestAES_CTR || mode == bltestAES_GCM ||
mode == bltestCAMELLIA_CBC || mode == bltestSEED_CBC)
return PR_TRUE;
return PR_FALSE;
}
Expand Down Expand Up @@ -882,9 +920,19 @@ setupIO(PRArenaPool *arena, bltestIO *input, PRFileDesc *file,

switch (input->mode) {
case bltestBase64Encoded:
if (in->len == 0) {
input->buf.data = NULL;
input->buf.len = 0;
break;
}
rv = atob(in, &input->buf, arena);
break;
case bltestBinary:
if (in->len == 0) {
input->buf.data = NULL;
input->buf.len = 0;
break;
}
if (in->data[in->len-1] == '\n') --in->len;
if (in->data[in->len-1] == '\r') --in->len;
SECITEM_CopyItem(arena, &input->buf, in);
Expand Down Expand Up @@ -1294,20 +1342,44 @@ SECStatus
bltest_aes_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
{
bltestSymmKeyParams *aesp = &cipherInfo->params.sk;
bltestAuthSymmKeyParams *gcmp = &cipherInfo->params.ask;
int minorMode;
int i;
int keylen = aesp->key.buf.len;
int blocklen = AES_BLOCK_SIZE;
PRIntervalTime time1, time2;
unsigned char *params;
int len;
CK_AES_CTR_PARAMS ctrParams;
CK_GCM_PARAMS gcmParams;

params = aesp->iv.buf.data;
switch (cipherInfo->mode) {
case bltestAES_ECB: minorMode = NSS_AES; break;
case bltestAES_CBC: minorMode = NSS_AES_CBC; break;
case bltestAES_CTS: minorMode = NSS_AES_CTS; break;
case bltestAES_CTR:
minorMode = NSS_AES_CTR;
ctrParams.ulCounterBits = 32;
len = PR_MIN(aesp->iv.buf.len, blocklen);
PORT_Memset(ctrParams.cb, 0, blocklen);
PORT_Memcpy(ctrParams.cb, aesp->iv.buf.data, len);
params = (unsigned char *)&ctrParams;
break;
case bltestAES_GCM:
minorMode = NSS_AES_GCM;
gcmParams.pIv = gcmp->sk.iv.buf.data;
gcmParams.ulIvLen = gcmp->sk.iv.buf.len;
gcmParams.pAAD = gcmp->aad.buf.data;
gcmParams.ulAADLen = gcmp->aad.buf.len;
gcmParams.ulTagBits = blocklen*8;
params = (unsigned char *)&gcmParams;
break;
default:
return SECFailure;
}
cipherInfo->cx = (void*)AES_CreateContext(aesp->key.buf.data,
aesp->iv.buf.data,
params,
minorMode, encrypt,
keylen, blocklen);
if (cipherInfo->cxreps > 0) {
Expand All @@ -1316,7 +1388,7 @@ bltest_aes_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
TIMESTART();
for (i=0; i<cipherInfo->cxreps; i++) {
dummycx[i] = (void*)AES_CreateContext(aesp->key.buf.data,
aesp->iv.buf.data,
params,
minorMode, encrypt,
keylen, blocklen);
}
Expand Down Expand Up @@ -1985,6 +2057,7 @@ SECStatus
cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt)
{
PRBool restart;
int outlen;
switch (cipherInfo->mode) {
case bltestDES_ECB:
case bltestDES_CBC:
Expand Down Expand Up @@ -2015,8 +2088,14 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt)
break;
case bltestAES_ECB:
case bltestAES_CBC:
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
cipherInfo->input.pBuf.len);
case bltestAES_CTS:
case bltestAES_CTR:
case bltestAES_GCM:
outlen = cipherInfo->input.pBuf.len;
if (cipherInfo->mode == bltestAES_GCM && encrypt) {
outlen += 16;
}
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, outlen);
return bltest_aes_init(cipherInfo, encrypt);
break;
case bltestCAMELLIA_ECB:
Expand Down Expand Up @@ -2367,14 +2446,18 @@ cipherDoOp(bltestCipherInfo *cipherInfo)
dummyOut = PORT_Alloc(maxLen);
if (is_symmkeyCipher(cipherInfo->mode)) {
const unsigned char *input = cipherInfo->input.pBuf.data;
unsigned int inputLen = PR_MIN(cipherInfo->input.pBuf.len, 16);
unsigned int inputLen = is_singleShotCipher(cipherInfo->mode) ?
cipherInfo->input.pBuf.len :
PR_MIN(cipherInfo->input.pBuf.len, 16);
unsigned char *output = cipherInfo->output.pBuf.data;
unsigned int outputLen = maxLen;
unsigned int totalOutputLen = 0;
TIMESTART();
rv = (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx,
output, &len, outputLen,
input, inputLen);
CHECKERROR(rv, __LINE__);
totalOutputLen += len;
if (cipherInfo->input.pBuf.len > inputLen) {
input += inputLen;
inputLen = cipherInfo->input.pBuf.len - inputLen;
Expand All @@ -2384,7 +2467,9 @@ cipherDoOp(bltestCipherInfo *cipherInfo)
output, &len, outputLen,
input, inputLen);
CHECKERROR(rv, __LINE__);
totalOutputLen += len;
}
cipherInfo->output.pBuf.len = totalOutputLen;
TIMEFINISH(cipherInfo->optime, 1.0);
cipherInfo->repetitions = 0;
if (cipherInfo->repetitionsToPerfom != 0) {
Expand Down Expand Up @@ -2490,15 +2575,20 @@ cipherDoOp(bltestCipherInfo *cipherInfo)
SECStatus
cipherFinish(bltestCipherInfo *cipherInfo)
{
SECStatus rv = SECSuccess;

switch (cipherInfo->mode) {
case bltestDES_ECB:
case bltestDES_CBC:
case bltestDES_EDE_ECB:
case bltestDES_EDE_CBC:
DES_DestroyContext((DESContext *)cipherInfo->cx, PR_TRUE);
break;
case bltestAES_GCM:
case bltestAES_ECB:
case bltestAES_CBC:
case bltestAES_CTS:
case bltestAES_CTR:
AES_DestroyContext((AESContext *)cipherInfo->cx, PR_TRUE);
break;
case bltestCAMELLIA_ECB:
Expand Down Expand Up @@ -2539,7 +2629,7 @@ cipherFinish(bltestCipherInfo *cipherInfo)
default:
return SECFailure;
}
return SECSuccess;
return rv;
}

void
Expand Down Expand Up @@ -2658,6 +2748,9 @@ dump_performance_info(bltestCipherInfo *infoList, double totalTimeInt,
case bltestDES_EDE_CBC:
case bltestAES_ECB:
case bltestAES_CBC:
case bltestAES_CTS:
case bltestAES_CTR:
case bltestAES_GCM:
case bltestCAMELLIA_ECB:
case bltestCAMELLIA_CBC:
case bltestSEED_ECB:
Expand Down Expand Up @@ -2800,10 +2893,15 @@ get_params(PRArenaPool *arena, bltestParams *params,
int index = 0;
#endif
switch (mode) {
case bltestAES_GCM:
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "aad", j);
load_file_data(arena, &params->ask.aad, filename, bltestBinary);
case bltestDES_CBC:
case bltestDES_EDE_CBC:
case bltestRC2_CBC:
case bltestAES_CBC:
case bltestAES_CTS:
case bltestAES_CTR:
case bltestCAMELLIA_CBC:
case bltestSEED_CBC:
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j);
Expand Down Expand Up @@ -3023,6 +3121,7 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
"ciphertext", j);
load_file_data(arena, &ct, filename, bltestBase64Encoded);

#ifdef TRACK_BLTEST_BUG
if (mode == bltestRSA) {
fprintf(stderr, "[%s] Loaded data for self-test #%d\n", __bltDBG, j);
Expand Down Expand Up @@ -3408,6 +3507,7 @@ enum {
opt_UseSeed,
opt_UseSigSeed,
opt_SeedFile,
opt_AAD,
opt_InputOffset,
opt_OutputOffset,
opt_MonteCarlo,
Expand Down Expand Up @@ -3460,6 +3560,7 @@ static secuCommandFlag bltest_options[] =
{ /* opt_UseSeed */ 'x', PR_FALSE, 0, PR_FALSE },
{ /* opt_UseSigSeed */ 'y', PR_FALSE, 0, PR_FALSE },
{ /* opt_SeedFile */ 'z', PR_FALSE, 0, PR_FALSE },
{ /* opt_AAD */ 0 , PR_TRUE, 0, PR_FALSE, "aad" },
{ /* opt_InputOffset */ '1', PR_TRUE, 0, PR_FALSE },
{ /* opt_OutputOffset */ '2', PR_TRUE, 0, PR_FALSE },
{ /* opt_MonteCarlo */ '3', PR_FALSE, 0, PR_FALSE },
Expand Down Expand Up @@ -3497,22 +3598,28 @@ int main(int argc, char **argv)
progName = strrchr(argv[0], '\\');
progName = progName ? progName+1 : argv[0];

rv = NSS_InitializePRErrorTable();
if (rv != SECSuccess) {
SECU_PrintPRandOSError(progName);
return -1;
}
rv = RNG_RNGInit();
if (rv != SECSuccess) {
SECU_PrintPRandOSError(progName);
SECU_PrintPRandOSError(progName);
return -1;
}
rv = BL_Init();
if (rv != SECSuccess) {
SECU_PrintPRandOSError(progName);
SECU_PrintPRandOSError(progName);
return -1;
}
RNG_SystemInfoForRNG();


rv = SECU_ParseCommandLine(argc, argv, progName, &bltest);
if (rv == SECFailure) {
fprintf(stderr, "%s: command line parsing error!\n", progName);
goto print_usage;
fprintf(stderr, "%s: command line parsing error!\n", progName);
goto print_usage;
}
rv = SECFailure;

Expand Down Expand Up @@ -3832,6 +3939,30 @@ int main(int argc, char **argv)
PR_Close(file);
}
}

/* set up an initialization vector. */
if (is_authCipher(cipherInfo->mode)) {
char *aadstr = NULL;
bltestAuthSymmKeyParams *askp;
file = NULL;
askp = &params->ask;
if (bltest.options[opt_AAD].activated) {
if (bltest.options[opt_CmdLine].activated) {
aadstr = bltest.options[opt_AAD].arg;
} else {
file = PR_Open(bltest.options[opt_AAD].arg,
PR_RDONLY, 00660);
}
} else {
file = NULL;
}
memset(&askp->aad, 0, sizeof askp->aad);
askp->aad.mode = ioMode;
setupIO(cipherInfo->arena, &askp->aad, file, aadstr, 0);
if (file) {
PR_Close(file);
}
}

if (bltest.commands[cmd_Verify].activated) {
file = PR_Open(bltest.options[opt_SigFile].arg, PR_RDONLY, 00660);
Expand Down

0 comments on commit 3e1cf55

Please sign in to comment.