1
/* ====================================================================
2
* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
4
* Redistribution and use in source and binary forms, with or without
5
* modification, are permitted provided that the following conditions
8
* 1. Redistributions of source code must retain the above copyright
9
* notice, this list of conditions and the following disclaimer.
11
* 2. Redistributions in binary form must reproduce the above copyright
12
* notice, this list of conditions and the following disclaimer in
13
* the documentation and/or other materials provided with the
16
* 3. All advertising materials mentioning features or use of this
17
* software must display the following acknowledgment:
18
* "This product includes software developed by the OpenSSL Project
19
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22
* endorse or promote products derived from this software without
23
* prior written permission. For written permission, please contact
24
* openssl-core@openssl.org.
26
* 5. Products derived from this software may not be called "OpenSSL"
27
* nor may "OpenSSL" appear in their names without prior written
28
* permission of the OpenSSL Project.
30
* 6. Redistributions of any form whatsoever must retain the following
32
* "This product includes software developed by the OpenSSL Project
33
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46
* OF THE POSSIBILITY OF SUCH DAMAGE.
49
/*---------------------------------------------
50
NIST AES Algorithm Validation Suite
53
Donated to OpenSSL by:
55
20250 Century Blvd, Suite 300
58
----------------------------------------------*/
66
#include <openssl/aes.h>
67
#include <openssl/evp.h>
68
#include <openssl/fips.h>
69
#include <openssl/err.h>
72
#define AES_BLOCK_SIZE 16
76
/*-----------------------------------------------*/
78
int AESTest(EVP_CIPHER_CTX *ctx,
79
char *amode, int akeysz, unsigned char *aKey,
81
int dir, /* 0 = decrypt, 1 = encrypt */
82
unsigned char *plaintext, unsigned char *ciphertext, int len)
84
const EVP_CIPHER *cipher = NULL;
89
memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
91
if (strcasecmp(amode, "CBC") == 0)
93
else if (strcasecmp(amode, "ECB") == 0)
95
else if (strcasecmp(amode, "CFB128") == 0)
97
else if (strncasecmp(amode, "OFB", 3) == 0)
99
else if(!strcasecmp(amode,"CFB1"))
101
else if(!strcasecmp(amode,"CFB8"))
105
printf("Unknown mode: %s\n", amode);
110
if ((akeysz != 128) && (akeysz != 192) && (akeysz != 256))
112
printf("Invalid key size: %d\n", akeysz);
120
case 1128: /* CBC 128 */
121
cipher = EVP_aes_128_cbc();
123
case 1192: /* CBC 192 */
124
cipher = EVP_aes_192_cbc();
126
case 1256: /* CBC 256 */
127
cipher = EVP_aes_256_cbc();
129
case 2128: /* ECB 128 */
130
cipher = EVP_aes_128_ecb();
132
case 2192: /* ECB 192 */
133
cipher = EVP_aes_192_ecb();
135
case 2256: /* ECB 256 */
136
cipher = EVP_aes_256_ecb();
138
case 3128: /* CFB 128 */
139
cipher = EVP_aes_128_cfb();
141
case 3192: /* CFB 192 */
142
cipher = EVP_aes_192_cfb();
144
case 3256: /* CFB 256 */
145
cipher = EVP_aes_256_cfb();
147
case 4128: /* OFB 128 */
148
cipher = EVP_aes_128_ofb();
150
case 4192: /* OFB 192 */
151
cipher = EVP_aes_192_ofb();
153
case 4256: /* OFB 256 */
154
cipher = EVP_aes_256_ofb();
157
cipher=EVP_aes_128_cfb1();
160
cipher=EVP_aes_192_cfb1();
163
cipher=EVP_aes_256_cfb1();
166
cipher=EVP_aes_128_cfb8();
169
cipher=EVP_aes_192_cfb8();
172
cipher=EVP_aes_256_cfb8();
175
printf("Didn't handle mode %d\n",kt);
180
if(!EVP_CipherInit(ctx, cipher, aKey, iVec, AES_ENCRYPT))
182
ERR_print_errors_fp(stderr);
186
EVP_Cipher(ctx, ciphertext, (unsigned char*)plaintext, len);
190
if(!EVP_CipherInit(ctx, cipher, aKey, iVec, AES_DECRYPT))
192
ERR_print_errors_fp(stderr);
195
EVP_Cipher(ctx, (unsigned char*)plaintext, ciphertext, len);
202
/*-----------------------------------------------*/
204
int hex2bin(char *in, int len, unsigned char *out)
209
for (n1 = 0, n2 = 0; n1 < len; )
211
if ((in[n1] >= '0') && (in[n1] <= '9'))
213
else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
214
ch = in[n1++] - 'A' + 10;
215
else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
216
ch = in[n1++] - 'a' + 10;
226
if ((in[n1] >= '0') && (in[n1] <= '9'))
228
else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
229
ch = in[n1++] - 'A' + 10;
230
else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
231
ch = in[n1++] - 'a' + 10;
239
/*-----------------------------------------------*/
241
int bin2hex(unsigned char *in, int len, char *out)
246
for (n1 = 0, n2 = 0; n1 < len; ++n1)
251
out[n2++] = ch + '0';
253
out[n2++] = ch - 10 + 'a';
257
out[n2++] = ch + '0';
259
out[n2++] = ch - 10 + 'a';
264
/* NB: this return the number of _bits_ read */
265
int bint2bin(const char *in, int len, unsigned char *out)
270
for(n=0 ; n < len ; ++n)
272
out[n/8]|=(0x80 >> (n%8));
276
int bin2bint(const unsigned char *in,int len,char *out)
280
for(n=0 ; n < len ; ++n)
281
out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
285
/*-----------------------------------------------*/
287
void PrintValue(char *tag, unsigned char *val, int len)
292
olen = bin2hex(val, len, obuf);
293
printf("%s = %.*s\n", tag, olen, obuf);
297
void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
303
olen=bin2bint(val,len,obuf);
305
olen=bin2hex(val,len,obuf);
307
fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
309
printf("%s = %.*s\n", tag, olen, obuf);
313
/*-----------------------------------------------*/
314
char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
315
char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB128"};
316
enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB128};
317
enum XCrypt {XDECRYPT, XENCRYPT};
319
/*=============================*/
320
/* Monte Carlo Tests */
321
/*-----------------------------*/
323
/*#define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1)*/
324
/*#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) << ((b)%8)))*/
326
#define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1)
327
#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8)))
329
int do_mct(char *amode,
330
int akeysz, unsigned char *aKey,unsigned char *iVec,
331
int dir, unsigned char *text, int len,
335
unsigned char key[101][32];
336
unsigned char iv[101][AES_BLOCK_SIZE];
337
unsigned char ptext[1001][32];
338
unsigned char ctext[1001][32];
339
unsigned char ciphertext[64+4];
341
int imode = 0, nkeysz = akeysz/8;
346
printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n",
350
for (imode = 0; imode < 6; ++imode)
351
if (strcmp(amode, t_mode[imode]) == 0)
355
printf("Unrecognized mode: %s\n", amode);
359
memcpy(key[0], aKey, nkeysz);
361
memcpy(iv[0], iVec, AES_BLOCK_SIZE);
363
memcpy(ptext[0], text, len);
365
memcpy(ctext[0], text, len);
366
for (i = 0; i < 100; ++i)
368
/* printf("Iteration %d\n", i); */
371
fprintf(rfp,"COUNT = %d\n",i);
372
OutputValue("KEY",key[i],nkeysz,rfp,0);
373
if (imode != ECB) /* ECB */
374
OutputValue("IV",iv[i],AES_BLOCK_SIZE,rfp,0);
375
/* Output Ciphertext | Plaintext */
376
OutputValue(t_tag[dir^1],dir ? ptext[0] : ctext[0],len,rfp,
379
for (j = 0; j < 1000; ++j)
385
{ /* set up encryption */
386
ret = AESTest(&ctx, amode, akeysz, key[i], NULL,
387
dir, /* 0 = decrypt, 1 = encrypt */
388
ptext[j], ctext[j], len);
390
memcpy(ptext[j+1], ctext[j], len);
392
memcpy(ctext[j+1], ptext[j], len);
398
EVP_Cipher(&ctx, ctext[j], ptext[j], len);
399
memcpy(ptext[j+1], ctext[j], len);
403
EVP_Cipher(&ctx, ptext[j], ctext[j], len);
404
memcpy(ctext[j+1], ptext[j], len);
414
ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
415
dir, /* 0 = decrypt, 1 = encrypt */
416
ptext[j], ctext[j], len);
418
memcpy(ptext[j+1], iv[i], len);
420
memcpy(ctext[j+1], iv[i], len);
426
EVP_Cipher(&ctx, ctext[j], ptext[j], len);
427
memcpy(ptext[j+1], ctext[j-1], len);
431
EVP_Cipher(&ctx, ptext[j], ctext[j], len);
432
memcpy(ctext[j+1], ptext[j-1], len);
440
ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
441
dir, /* 0 = decrypt, 1 = encrypt */
442
ptext[j], ctext[j], len);
447
EVP_Cipher(&ctx, ctext[j], ptext[j], len);
449
EVP_Cipher(&ctx, ptext[j], ctext[j], len);
454
memcpy(ptext[j+1], &iv[i][j], len);
456
memcpy(ptext[j+1], ctext[j-16], len);
461
memcpy(ctext[j+1], &iv[i][j], len);
463
memcpy(ctext[j+1], ptext[j-16], len);
470
/* compensate for wrong endianness of input file */
473
ret=AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
474
ptext[j], ctext[j], len);
479
EVP_Cipher(&ctx, ctext[j], ptext[j], len);
481
EVP_Cipher(&ctx, ptext[j], ctext[j], len);
487
sb(ptext[j+1],0,gb(iv[i],j));
489
sb(ptext[j+1],0,gb(ctext[j-128],0));
494
sb(ctext[j+1],0,gb(iv[i],j));
496
sb(ctext[j+1],0,gb(ptext[j-128],0));
501
--j; /* reset to last of range */
502
/* Output Ciphertext | Plaintext */
503
OutputValue(t_tag[dir],dir ? ctext[j] : ptext[j],len,rfp,
505
fprintf(rfp, "\n"); /* add separator */
507
/* Compute next KEY */
511
{ /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
512
for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
513
ciphertext[n1] = ctext[j-n2][0];
515
else if(imode == CFB1)
517
for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
518
sb(ciphertext,n1,gb(ctext[j-n2],0));
524
memcpy(ciphertext, ctext[j], 16);
527
memcpy(ciphertext, ctext[j-1]+8, 8);
528
memcpy(ciphertext+8, ctext[j], 16);
531
memcpy(ciphertext, ctext[j-1], 16);
532
memcpy(ciphertext+16, ctext[j], 16);
539
{ /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
540
for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
541
ciphertext[n1] = ptext[j-n2][0];
543
else if(imode == CFB1)
545
for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
546
sb(ciphertext,n1,gb(ptext[j-n2],0));
552
memcpy(ciphertext, ptext[j], 16);
555
memcpy(ciphertext, ptext[j-1]+8, 8);
556
memcpy(ciphertext+8, ptext[j], 16);
559
memcpy(ciphertext, ptext[j-1], 16);
560
memcpy(ciphertext+16, ptext[j], 16);
564
/* Compute next key: Key[i+1] = Key[i] xor ct */
565
for (n = 0; n < nkeysz; ++n)
566
key[i+1][n] = key[i][n] ^ ciphertext[n];
568
/* Compute next IV and text */
574
memcpy(ptext[0], ctext[j], AES_BLOCK_SIZE);
579
memcpy(iv[i+1], ctext[j], AES_BLOCK_SIZE);
580
memcpy(ptext[0], ctext[j-1], AES_BLOCK_SIZE);
584
for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
585
iv[i+1][n1] = ctext[j-n2][0];
586
ptext[0][0] = ctext[j-16][0];
589
for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
590
sb(iv[i+1],n1,gb(ctext[j-n2],0));
591
ptext[0][0]=ctext[j-128][0]&0x80;
600
memcpy(ctext[0], ptext[j], AES_BLOCK_SIZE);
605
memcpy(iv[i+1], ptext[j], AES_BLOCK_SIZE);
606
memcpy(ctext[0], ptext[j-1], AES_BLOCK_SIZE);
609
for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
610
iv[i+1][n1] = ptext[j-n2][0];
611
ctext[0][0] = ptext[j-16][0];
614
for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
615
sb(iv[i+1],n1,gb(ptext[j-n2],0));
616
ctext[0][0]=ptext[j-128][0]&0x80;
625
/*================================================*/
626
/*----------------------------
627
# Config info for v-one
628
# AESVS MMT test data for ECB
629
# State : Encrypt and Decrypt
631
# Fri Aug 30 04:07:22 PM
632
----------------------------*/
634
int proc_file(char *rqfile)
636
char afn[256], rfn[256];
637
FILE *afp = NULL, *rfp = NULL;
639
int ilen, len, ret = 0;
644
unsigned char iVec[20], aKey[40];
645
int dir = -1, err = 0, step = 0;
646
unsigned char plaintext[2048];
647
unsigned char ciphertext[2048];
651
if (!rqfile || !(*rqfile))
653
printf("No req file\n");
658
if ((afp = fopen(afn, "r")) == NULL)
660
printf("Cannot open file: %s, %s\n",
661
afn, strerror(errno));
665
rp=strstr(rfn,"req/");
668
rp = strstr(rfn, ".req");
669
memcpy(rp, ".rsp", 4);
670
if ((rfp = fopen(rfn, "w")) == NULL)
672
printf("Cannot open file: %s, %s\n",
673
rfn, strerror(errno));
678
while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
681
/* printf("step=%d ibuf=%s",step,ibuf); */
684
case 0: /* read preamble */
686
{ /* end of preamble */
687
if ((*algo == '\0') ||
691
printf("Missing Algorithm, Mode or KeySize (%s/%s/%d)\n",
701
else if (ibuf[0] != '#')
703
printf("Invalid preamble item: %s\n", ibuf);
707
{ /* process preamble */
708
char *xp, *pp = ibuf+2;
711
{ /* insert current time & date */
712
time_t rtim = time(0);
713
fprintf(rfp, "# %s", ctime(&rtim));
718
if (strncmp(pp, "AESVS ", 6) == 0)
723
xp = strchr(pp, ' ');
725
strncpy(atest, pp, n);
728
xp = strrchr(pp, ' '); /* get mode" */
730
strncpy(amode, xp+1, n);
732
/* amode[3] = '\0'; */
733
printf("Test = %s, Mode = %s\n", atest, amode);
735
else if (strncasecmp(pp, "Key Length : ", 13) == 0)
737
akeysz = atoi(pp+13);
738
printf("Key size = %d\n", akeysz);
744
case 1: /* [ENCRYPT] | [DECRYPT] */
749
if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
751
else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
755
printf("Invalid keyword: %s\n", ibuf);
763
printf("Missing ENCRYPT/DECRYPT keyword\n");
769
case 2: /* KEY = xxxx */
773
if(!strncasecmp(ibuf,"COUNT = ",8))
776
if (strncasecmp(ibuf, "KEY = ", 6) != 0)
778
printf("Missing KEY\n");
783
len = hex2bin((char*)ibuf+6, strlen(ibuf+6)-1, aKey);
786
printf("Invalid KEY\n");
790
PrintValue("KEY", aKey, len);
791
if (strcmp(amode, "ECB") == 0)
793
memset(iVec, 0, sizeof(iVec));
794
step = (dir)? 4: 5; /* no ivec for ECB */
801
case 3: /* IV = xxxx */
803
if (strncasecmp(ibuf, "IV = ", 5) != 0)
805
printf("Missing IV\n");
810
len = hex2bin((char*)ibuf+5, strlen(ibuf+5)-1, iVec);
813
printf("Invalid IV\n");
817
PrintValue("IV", iVec, len);
822
case 4: /* PLAINTEXT = xxxx */
824
if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
826
printf("Missing PLAINTEXT\n");
831
int nn = strlen(ibuf+12);
832
if(!strcmp(amode,"CFB1"))
833
len=bint2bin(ibuf+12,nn-1,plaintext);
835
len=hex2bin(ibuf+12, nn-1,plaintext);
838
printf("Invalid PLAINTEXT: %s", ibuf+12);
842
if (len >= sizeof(plaintext))
844
printf("Buffer overflow\n");
846
PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
847
if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
849
if(do_mct(amode, akeysz, aKey, iVec,
850
dir, (unsigned char*)plaintext, len,
856
ret = AESTest(&ctx, amode, akeysz, aKey, iVec,
857
dir, /* 0 = decrypt, 1 = encrypt */
858
plaintext, ciphertext, len);
859
OutputValue("CIPHERTEXT",ciphertext,len,rfp,
860
!strcmp(amode,"CFB1"));
866
case 5: /* CIPHERTEXT = xxxx */
868
if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
870
printf("Missing KEY\n");
875
if(!strcmp(amode,"CFB1"))
876
len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
878
len = hex2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
881
printf("Invalid CIPHERTEXT\n");
886
PrintValue("CIPHERTEXT", ciphertext, len);
887
if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
889
do_mct(amode, akeysz, aKey, iVec,
890
dir, ciphertext, len, rfp);
894
ret = AESTest(&ctx, amode, akeysz, aKey, iVec,
895
dir, /* 0 = decrypt, 1 = encrypt */
896
plaintext, ciphertext, len);
897
OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
898
!strcmp(amode,"CFB1"));
908
printf("Missing terminator\n");
910
else if (strcmp(atest, "MCT") != 0)
911
{ /* MCT already added terminating nl */
925
/*--------------------------------------------------
926
Processes either a single file or
927
a set of files whose names are passed in a file.
928
A single file is specified as:
930
A set of files is specified as:
931
aes_test -d xxxxx.xxx
932
The default is: -d req.txt
933
--------------------------------------------------*/
934
int main(int argc, char **argv)
936
char *rqlist = "req.txt";
938
char fn[250] = "", rfn[256] = "";
939
int f_opt = 0, d_opt = 1;
942
if(!FIPS_mode_set(1,argv[0]))
944
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
948
ERR_load_crypto_strings();
951
if (strcasecmp(argv[1], "-d") == 0)
955
else if (strcasecmp(argv[1], "-f") == 0)
962
printf("Invalid parameter: %s\n", argv[1]);
967
printf("Missing parameter\n");
976
{ /* list of files (directory) */
977
if (!(fp = fopen(rqlist, "r")))
979
printf("Cannot open req list file\n");
982
while (fgets(fn, sizeof(fn), fp))
986
printf("Processing: %s\n", rfn);
989
printf(">>> Processing failed for: %s <<<\n", rfn);
995
else /* single file */
997
printf("Processing: %s\n", fn);
1000
printf(">>> Processing failed for: %s <<<\n", fn);