mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-05-05 17:04:13 +02:00
First successful implementation of EVP_aes_*_ccm
This commit is contained in:
Andras Fekete
+145
@@ -45363,6 +45363,21 @@ static int test_wolfSSL_EVP_aes_192_gcm(void)
|
||||
return TEST_RES_CHECK(wolfSSL_EVP_aes_192_gcm() != NULL);
|
||||
}
|
||||
|
||||
static int test_wolfSSL_EVP_aes_256_ccm(void)
|
||||
{
|
||||
return TEST_RES_CHECK(wolfSSL_EVP_aes_256_ccm() != NULL);
|
||||
}
|
||||
|
||||
static int test_wolfSSL_EVP_aes_192_ccm(void)
|
||||
{
|
||||
return TEST_RES_CHECK(wolfSSL_EVP_aes_192_ccm() != NULL);
|
||||
}
|
||||
|
||||
static int test_wolfSSL_EVP_aes_128_ccm(void)
|
||||
{
|
||||
return TEST_RES_CHECK(wolfSSL_EVP_aes_256_ccm() != NULL);
|
||||
}
|
||||
|
||||
static int test_wolfSSL_EVP_ripemd160(void)
|
||||
{
|
||||
int res = TEST_SKIPPED;
|
||||
@@ -45522,6 +45537,21 @@ static int test_wolfSSL_EVP_CIPHER_block_size(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_AESCCM
|
||||
if (res == TEST_SKIPPED || res == TEST_SUCCESS) {
|
||||
#ifdef WOLFSSL_AES_128
|
||||
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ccm()), 1);
|
||||
#endif
|
||||
#ifdef WOLFSSL_AES_192
|
||||
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ccm()), 1);
|
||||
#endif
|
||||
#ifdef WOLFSSL_AES_256
|
||||
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ccm()), 1);
|
||||
#endif
|
||||
res = TEST_RES_CHECK(1);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_AES_COUNTER
|
||||
if (res == TEST_SKIPPED || res == TEST_SUCCESS) {
|
||||
#ifdef WOLFSSL_AES_128
|
||||
@@ -52042,6 +52072,117 @@ static int test_wolfssl_EVP_aes_gcm(void)
|
||||
return res;
|
||||
}
|
||||
|
||||
static int test_wolfssl_EVP_aes_ccm(void)
|
||||
{
|
||||
int res = TEST_SKIPPED;
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESCCM) && \
|
||||
!defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
|
||||
|
||||
/* A 256 bit key, AES_128 will use the first 128 bit*/
|
||||
byte *key = (byte*)"01234567890123456789012345678901";
|
||||
/* A 128 bit IV */
|
||||
byte *iv = (byte*)"0123456789012";
|
||||
int ivSz = (int)XSTRLEN((char*)iv);
|
||||
/* Message to be encrypted */
|
||||
byte *plaintxt = (byte*)"for things to change you have to change";
|
||||
/* Additional non-confidential data */
|
||||
byte *aad = (byte*)"Don't spend major time on minor things.";
|
||||
|
||||
unsigned char tag[AES_BLOCK_SIZE] = {0};
|
||||
int plaintxtSz = (int)XSTRLEN((char*)plaintxt);
|
||||
int aadSz = (int)XSTRLEN((char*)aad);
|
||||
byte ciphertxt[AES_BLOCK_SIZE * 4] = {0};
|
||||
byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0};
|
||||
int ciphertxtSz = 0;
|
||||
int decryptedtxtSz = 0;
|
||||
int len = 0;
|
||||
int i = 0;
|
||||
EVP_CIPHER_CTX en[2];
|
||||
EVP_CIPHER_CTX de[2];
|
||||
|
||||
for (i = 0; i < 2; i++) {
|
||||
|
||||
EVP_CIPHER_CTX_init(&en[i]);
|
||||
|
||||
if (i == 0) {
|
||||
/* Default uses 96-bits IV length */
|
||||
#ifdef WOLFSSL_AES_128
|
||||
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_ccm(), NULL, key, iv));
|
||||
#elif defined(WOLFSSL_AES_192)
|
||||
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_ccm(), NULL, key, iv));
|
||||
#elif defined(WOLFSSL_AES_256)
|
||||
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_ccm(), NULL, key, iv));
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
#ifdef WOLFSSL_AES_128
|
||||
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_ccm(), NULL, NULL, NULL));
|
||||
#elif defined(WOLFSSL_AES_192)
|
||||
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_ccm(), NULL, NULL, NULL));
|
||||
#elif defined(WOLFSSL_AES_256)
|
||||
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_ccm(), NULL, NULL, NULL));
|
||||
#endif
|
||||
/* non-default must to set the IV length first */
|
||||
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL));
|
||||
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv));
|
||||
}
|
||||
AssertIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz));
|
||||
AssertIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, plaintxtSz));
|
||||
ciphertxtSz = len;
|
||||
AssertIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len));
|
||||
ciphertxtSz += len;
|
||||
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_GET_TAG, AES_BLOCK_SIZE, tag));
|
||||
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1);
|
||||
|
||||
EVP_CIPHER_CTX_init(&de[i]);
|
||||
if (i == 0) {
|
||||
/* Default uses 96-bits IV length */
|
||||
#ifdef WOLFSSL_AES_128
|
||||
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_ccm(), NULL, key, iv));
|
||||
#elif defined(WOLFSSL_AES_192)
|
||||
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_ccm(), NULL, key, iv));
|
||||
#elif defined(WOLFSSL_AES_256)
|
||||
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_ccm(), NULL, key, iv));
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
#ifdef WOLFSSL_AES_128
|
||||
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_ccm(), NULL, NULL, NULL));
|
||||
#elif defined(WOLFSSL_AES_192)
|
||||
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_ccm(), NULL, NULL, NULL));
|
||||
#elif defined(WOLFSSL_AES_256)
|
||||
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_ccm(), NULL, NULL, NULL));
|
||||
#endif
|
||||
/* non-default must to set the IV length first */
|
||||
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL));
|
||||
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));
|
||||
|
||||
}
|
||||
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
|
||||
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
|
||||
decryptedtxtSz = len;
|
||||
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, AES_BLOCK_SIZE, tag));
|
||||
AssertIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
|
||||
decryptedtxtSz += len;
|
||||
AssertIntEQ(ciphertxtSz, decryptedtxtSz);
|
||||
AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz));
|
||||
|
||||
/* modify tag*/
|
||||
tag[AES_BLOCK_SIZE-1]+=0xBB;
|
||||
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
|
||||
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, AES_BLOCK_SIZE, tag));
|
||||
/* fail due to wrong tag */
|
||||
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
|
||||
AssertIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
|
||||
AssertIntEQ(0, len);
|
||||
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1);
|
||||
}
|
||||
|
||||
res = TEST_RES_CHECK(1);
|
||||
#endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESCCM */
|
||||
return res;
|
||||
}
|
||||
|
||||
static int test_wolfssl_EVP_chacha20_poly1305(void)
|
||||
{
|
||||
int res = TEST_SKIPPED;
|
||||
@@ -59966,6 +60107,7 @@ TEST_CASE testCases[] = {
|
||||
TEST_DECL(test_wolfssl_EVP_aes_gcm_AAD_2_parts),
|
||||
TEST_DECL(test_wolfssl_EVP_aes_gcm),
|
||||
TEST_DECL(test_wolfssl_EVP_aes_gcm_zeroLen),
|
||||
TEST_DECL(test_wolfssl_EVP_aes_ccm),
|
||||
TEST_DECL(test_wolfssl_EVP_chacha20_poly1305),
|
||||
TEST_DECL(test_wolfssl_EVP_chacha20),
|
||||
TEST_DECL(test_wolfSSL_EVP_PKEY_hkdf),
|
||||
@@ -60024,6 +60166,9 @@ TEST_CASE testCases[] = {
|
||||
TEST_DECL(test_wolfSSL_EVP_md4),
|
||||
TEST_DECL(test_wolfSSL_EVP_aes_256_gcm),
|
||||
TEST_DECL(test_wolfSSL_EVP_aes_192_gcm),
|
||||
TEST_DECL(test_wolfSSL_EVP_aes_256_ccm),
|
||||
TEST_DECL(test_wolfSSL_EVP_aes_192_ccm),
|
||||
TEST_DECL(test_wolfSSL_EVP_aes_128_ccm),
|
||||
TEST_DECL(test_wolfSSL_EVP_ripemd160),
|
||||
TEST_DECL(test_wolfSSL_EVP_get_digestbynid),
|
||||
TEST_DECL(test_wolfSSL_EVP_MD_nid),
|
||||
|
||||
Reference in New Issue
Block a user