1 /* ====================================================================
2 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
30 * 6. Redistributions of any form whatsoever must retain the following
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 /*---------------------------------------------
50 NIST AES Algorithm Validation Suite
53 Donated to OpenSSL by:
55 20250 Century Blvd, Suite 300
58 ----------------------------------------------*/
60 #define OPENSSL_FIPSAPI
68 #include <openssl/aes.h>
69 #include <openssl/evp.h>
70 #include <openssl/bn.h>
72 #include <openssl/err.h>
77 int main(int argc, char *argv[])
79 printf("No FIPS AES support\n");
85 #include <openssl/fips.h>
88 #define AES_BLOCK_SIZE 16
92 /*-----------------------------------------------*/
94 static int AESTest(EVP_CIPHER_CTX *ctx,
95 char *amode, int akeysz, unsigned char *aKey,
97 int dir, /* 0 = decrypt, 1 = encrypt */
98 unsigned char *plaintext, unsigned char *ciphertext, int len)
100 const EVP_CIPHER *cipher = NULL;
102 if (strcasecmp(amode, "CBC") == 0)
107 cipher = EVP_aes_128_cbc();
111 cipher = EVP_aes_192_cbc();
115 cipher = EVP_aes_256_cbc();
120 else if (strcasecmp(amode, "ECB") == 0)
125 cipher = EVP_aes_128_ecb();
129 cipher = EVP_aes_192_ecb();
133 cipher = EVP_aes_256_ecb();
137 else if (strcasecmp(amode, "CFB128") == 0)
142 cipher = EVP_aes_128_cfb128();
146 cipher = EVP_aes_192_cfb128();
150 cipher = EVP_aes_256_cfb128();
155 else if (fips_strncasecmp(amode, "OFB", 3) == 0)
160 cipher = EVP_aes_128_ofb();
164 cipher = EVP_aes_192_ofb();
168 cipher = EVP_aes_256_ofb();
172 else if(!strcasecmp(amode,"CFB1"))
177 cipher = EVP_aes_128_cfb1();
181 cipher = EVP_aes_192_cfb1();
185 cipher = EVP_aes_256_cfb1();
189 else if(!strcasecmp(amode,"CFB8"))
194 cipher = EVP_aes_128_cfb8();
198 cipher = EVP_aes_192_cfb8();
202 cipher = EVP_aes_256_cfb8();
208 printf("Unknown mode: %s\n", amode);
213 printf("Invalid key size: %d\n", akeysz);
216 if (FIPS_cipherinit(ctx, cipher, aKey, iVec, dir) <= 0)
218 if(!strcasecmp(amode,"CFB1"))
219 M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
221 FIPS_cipher(ctx, ciphertext, plaintext, len);
223 FIPS_cipher(ctx, plaintext, ciphertext, len);
227 /*-----------------------------------------------*/
228 char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
229 char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB128"};
230 enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB128};
231 enum XCrypt {XDECRYPT, XENCRYPT};
233 /*=============================*/
234 /* Monte Carlo Tests */
235 /*-----------------------------*/
237 /*#define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1)*/
238 /*#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) << ((b)%8)))*/
240 #define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1)
241 #define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8)))
243 static int do_mct(char *amode,
244 int akeysz, unsigned char *aKey,unsigned char *iVec,
245 int dir, unsigned char *text, int len,
249 unsigned char key[101][32];
250 unsigned char iv[101][AES_BLOCK_SIZE];
251 unsigned char ptext[1001][32];
252 unsigned char ctext[1001][32];
253 unsigned char ciphertext[64+4];
255 int imode = 0, nkeysz = akeysz/8;
257 FIPS_cipher_ctx_init(&ctx);
261 printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n",
265 for (imode = 0; imode < 6; ++imode)
266 if (strcmp(amode, t_mode[imode]) == 0)
270 printf("Unrecognized mode: %s\n", amode);
274 memcpy(key[0], aKey, nkeysz);
276 memcpy(iv[0], iVec, AES_BLOCK_SIZE);
278 memcpy(ptext[0], text, len);
280 memcpy(ctext[0], text, len);
281 for (i = 0; i < 100; ++i)
283 /* printf("Iteration %d\n", i); */
286 fprintf(rfp,"COUNT = %d" RESP_EOL ,i);
287 OutputValue("KEY",key[i],nkeysz,rfp,0);
288 if (imode != ECB) /* ECB */
289 OutputValue("IV",iv[i],AES_BLOCK_SIZE,rfp,0);
290 /* Output Ciphertext | Plaintext */
291 OutputValue(t_tag[dir^1],dir ? ptext[0] : ctext[0],len,rfp,
294 for (j = 0; j < 1000; ++j)
300 { /* set up encryption */
301 ret = AESTest(&ctx, amode, akeysz, key[i], NULL,
302 dir, /* 0 = decrypt, 1 = encrypt */
303 ptext[j], ctext[j], len);
305 memcpy(ptext[j+1], ctext[j], len);
307 memcpy(ctext[j+1], ptext[j], len);
313 FIPS_cipher(&ctx, ctext[j], ptext[j], len);
314 memcpy(ptext[j+1], ctext[j], len);
318 FIPS_cipher(&ctx, ptext[j], ctext[j], len);
319 memcpy(ctext[j+1], ptext[j], len);
329 ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
330 dir, /* 0 = decrypt, 1 = encrypt */
331 ptext[j], ctext[j], len);
333 memcpy(ptext[j+1], iv[i], len);
335 memcpy(ctext[j+1], iv[i], len);
341 FIPS_cipher(&ctx, ctext[j], ptext[j], len);
342 memcpy(ptext[j+1], ctext[j-1], len);
346 FIPS_cipher(&ctx, ptext[j], ctext[j], len);
347 memcpy(ctext[j+1], ptext[j-1], len);
355 ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
356 dir, /* 0 = decrypt, 1 = encrypt */
357 ptext[j], ctext[j], len);
362 FIPS_cipher(&ctx, ctext[j], ptext[j], len);
364 FIPS_cipher(&ctx, ptext[j], ctext[j], len);
369 memcpy(ptext[j+1], &iv[i][j], len);
371 memcpy(ptext[j+1], ctext[j-16], len);
376 memcpy(ctext[j+1], &iv[i][j], len);
378 memcpy(ctext[j+1], ptext[j-16], len);
386 /* compensate for wrong endianness of input file */
390 ret = AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
391 ptext[j], ctext[j], len);
396 FIPS_cipher(&ctx, ctext[j], ptext[j], len);
398 FIPS_cipher(&ctx, ptext[j], ctext[j], len);
404 sb(ptext[j+1],0,gb(iv[i],j));
406 sb(ptext[j+1],0,gb(ctext[j-128],0));
411 sb(ctext[j+1],0,gb(iv[i],j));
413 sb(ctext[j+1],0,gb(ptext[j-128],0));
418 --j; /* reset to last of range */
419 /* Output Ciphertext | Plaintext */
420 OutputValue(t_tag[dir],dir ? ctext[j] : ptext[j],len,rfp,
422 fprintf(rfp, RESP_EOL); /* add separator */
424 /* Compute next KEY */
428 { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
429 for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
430 ciphertext[n1] = ctext[j-n2][0];
432 else if(imode == CFB1)
434 for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
435 sb(ciphertext,n1,gb(ctext[j-n2],0));
441 memcpy(ciphertext, ctext[j], 16);
444 memcpy(ciphertext, ctext[j-1]+8, 8);
445 memcpy(ciphertext+8, ctext[j], 16);
448 memcpy(ciphertext, ctext[j-1], 16);
449 memcpy(ciphertext+16, ctext[j], 16);
456 { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
457 for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
458 ciphertext[n1] = ptext[j-n2][0];
460 else if(imode == CFB1)
462 for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
463 sb(ciphertext,n1,gb(ptext[j-n2],0));
469 memcpy(ciphertext, ptext[j], 16);
472 memcpy(ciphertext, ptext[j-1]+8, 8);
473 memcpy(ciphertext+8, ptext[j], 16);
476 memcpy(ciphertext, ptext[j-1], 16);
477 memcpy(ciphertext+16, ptext[j], 16);
481 /* Compute next key: Key[i+1] = Key[i] xor ct */
482 for (n = 0; n < nkeysz; ++n)
483 key[i+1][n] = key[i][n] ^ ciphertext[n];
485 /* Compute next IV and text */
491 memcpy(ptext[0], ctext[j], AES_BLOCK_SIZE);
496 memcpy(iv[i+1], ctext[j], AES_BLOCK_SIZE);
497 memcpy(ptext[0], ctext[j-1], AES_BLOCK_SIZE);
501 for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
502 iv[i+1][n1] = ctext[j-n2][0];
503 ptext[0][0] = ctext[j-16][0];
506 for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
507 sb(iv[i+1],n1,gb(ctext[j-n2],0));
508 ptext[0][0]=ctext[j-128][0]&0x80;
517 memcpy(ctext[0], ptext[j], AES_BLOCK_SIZE);
522 memcpy(iv[i+1], ptext[j], AES_BLOCK_SIZE);
523 memcpy(ctext[0], ptext[j-1], AES_BLOCK_SIZE);
526 for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
527 iv[i+1][n1] = ptext[j-n2][0];
528 ctext[0][0] = ptext[j-16][0];
531 for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
532 sb(iv[i+1],n1,gb(ptext[j-n2],0));
533 ctext[0][0]=ptext[j-128][0]&0x80;
538 FIPS_cipher_ctx_cleanup(&ctx);
542 /*================================================*/
543 /*----------------------------
544 # Config info for v-one
545 # AESVS MMT test data for ECB
546 # State : Encrypt and Decrypt
548 # Fri Aug 30 04:07:22 PM
549 ----------------------------*/
551 static int proc_file(char *rqfile, char *rspfile)
553 char afn[256], rfn[256];
554 FILE *afp = NULL, *rfp = NULL;
562 unsigned char iVec[20], aKey[40];
563 int dir = -1, err = 0, step = 0;
564 unsigned char plaintext[2048];
565 unsigned char ciphertext[2048];
568 FIPS_cipher_ctx_init(&ctx);
570 if (!rqfile || !(*rqfile))
572 printf("No req file\n");
577 if ((afp = fopen(afn, "r")) == NULL)
579 printf("Cannot open file: %s, %s\n",
580 afn, strerror(errno));
586 rp=strstr(rfn,"req/");
587 #ifdef OPENSSL_SYS_WIN32
589 rp=strstr(rfn,"req\\");
593 rp = strstr(rfn, ".req");
594 memcpy(rp, ".rsp", 4);
597 if ((rfp = fopen(rspfile, "w")) == NULL)
599 printf("Cannot open file: %s, %s\n",
600 rfn, strerror(errno));
605 while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
607 tidy_line(tbuf, ibuf);
608 /* printf("step=%d ibuf=%s",step,ibuf); */
611 case 0: /* read preamble */
613 { /* end of preamble */
614 if ((*algo == '\0') ||
618 printf("Missing Algorithm, Mode or KeySize (%s/%s/%d)\n",
624 copy_line(ibuf, rfp);
628 else if (ibuf[0] != '#')
630 printf("Invalid preamble item: %s\n", ibuf);
634 { /* process preamble */
635 char *xp, *pp = ibuf+2;
638 { /* insert current time & date */
639 time_t rtim = time(0);
641 copy_line(ctime(&rtim), rfp);
645 copy_line(ibuf, rfp);
646 if (strncmp(pp, "AESVS ", 6) == 0)
651 xp = strchr(pp, ' ');
653 strncpy(atest, pp, n);
656 xp = strrchr(pp, ' '); /* get mode" */
658 strncpy(amode, xp+1, n);
660 /* amode[3] = '\0'; */
662 printf("Test = %s, Mode = %s\n", atest, amode);
664 else if (fips_strncasecmp(pp, "Key Length : ", 13) == 0)
666 akeysz = atoi(pp+13);
668 printf("Key size = %d\n", akeysz);
674 case 1: /* [ENCRYPT] | [DECRYPT] */
677 copy_line(ibuf, rfp);
679 if (fips_strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
681 else if (fips_strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
685 printf("Invalid keyword: %s\n", ibuf);
693 printf("Missing ENCRYPT/DECRYPT keyword\n");
699 case 2: /* KEY = xxxx */
700 copy_line(ibuf, rfp);
703 if(!fips_strncasecmp(ibuf,"COUNT = ",8))
706 if (fips_strncasecmp(ibuf, "KEY = ", 6) != 0)
708 printf("Missing KEY\n");
713 len = hex2bin((char*)ibuf+6, aKey);
716 printf("Invalid KEY\n");
720 PrintValue("KEY", aKey, len);
721 if (strcmp(amode, "ECB") == 0)
723 memset(iVec, 0, sizeof(iVec));
724 step = (dir)? 4: 5; /* no ivec for ECB */
731 case 3: /* IV = xxxx */
732 copy_line(ibuf, rfp);
733 if (fips_strncasecmp(ibuf, "IV = ", 5) != 0)
735 printf("Missing IV\n");
740 len = hex2bin((char*)ibuf+5, iVec);
743 printf("Invalid IV\n");
747 PrintValue("IV", iVec, len);
752 case 4: /* PLAINTEXT = xxxx */
753 copy_line(ibuf, rfp);
754 if (fips_strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
756 printf("Missing PLAINTEXT\n");
761 int nn = strlen(ibuf+12);
762 if(!strcmp(amode,"CFB1"))
763 len=bint2bin(ibuf+12,nn-1,plaintext);
765 len=hex2bin(ibuf+12, plaintext);
768 printf("Invalid PLAINTEXT: %s", ibuf+12);
772 if (len >= (int)sizeof(plaintext))
774 printf("Buffer overflow\n");
776 PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
777 if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
779 if(do_mct(amode, akeysz, aKey, iVec,
780 dir, (unsigned char*)plaintext, len,
786 AESTest(&ctx, amode, akeysz, aKey, iVec,
787 dir, /* 0 = decrypt, 1 = encrypt */
788 plaintext, ciphertext, len);
789 OutputValue("CIPHERTEXT",ciphertext,len,rfp,
790 !strcmp(amode,"CFB1"));
796 case 5: /* CIPHERTEXT = xxxx */
797 copy_line(ibuf, rfp);
798 if (fips_strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
800 printf("Missing KEY\n");
805 if(!strcmp(amode,"CFB1"))
806 len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
808 len = hex2bin(ibuf+13,ciphertext);
811 printf("Invalid CIPHERTEXT\n");
816 PrintValue("CIPHERTEXT", ciphertext, len);
817 if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
819 do_mct(amode, akeysz, aKey, iVec,
820 dir, ciphertext, len, rfp);
824 AESTest(&ctx, amode, akeysz, aKey, iVec,
825 dir, /* 0 = decrypt, 1 = encrypt */
826 plaintext, ciphertext, len);
827 OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
828 !strcmp(amode,"CFB1"));
838 printf("Missing terminator\n");
840 else if (strcmp(atest, "MCT") != 0)
841 { /* MCT already added terminating nl */
842 copy_line(ibuf, rfp);
852 FIPS_cipher_ctx_cleanup(&ctx);
856 /*--------------------------------------------------
857 Processes either a single file or
858 a set of files whose names are passed in a file.
859 A single file is specified as:
861 A set of files is specified as:
862 aes_test -d xxxxx.xxx
863 The default is: -d req.txt
864 --------------------------------------------------*/
866 int fips_aesavs_main(int argc, char **argv)
868 int main(int argc, char **argv)
871 char *rqlist = "req.txt", *rspfile = NULL;
873 char fn[250] = "", rfn[256] = "";
879 if (strcasecmp(argv[1], "-d") == 0)
883 else if (strcasecmp(argv[1], "-f") == 0)
889 printf("Invalid parameter: %s\n", argv[1]);
894 printf("Missing parameter\n");
906 { /* list of files (directory) */
907 if (!(fp = fopen(rqlist, "r")))
909 printf("Cannot open req list file\n");
912 while (fgets(fn, sizeof(fn), fp))
917 printf("Processing: %s\n", rfn);
918 if (proc_file(rfn, rspfile))
920 printf(">>> Processing failed for: %s <<<\n", rfn);
926 else /* single file */
929 printf("Processing: %s\n", fn);
930 if (proc_file(fn, rspfile))
932 printf(">>> Processing failed for: %s <<<\n", fn);