test_partial_aes.c 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277
  1. /** test_partial_aes.c
  2. *
  3. * Unit tests for testing the AES-GCM partial enc/dec
  4. * functionality for small/misorded packets
  5. */
  6. #include <check.h>
  7. #include <stdlib.h>
  8. #include "../flow.h"
  9. #include "../crypto.h"
  10. #include "../cryptothread.h"
  11. #include "../packet.h"
  12. #include "../util.h"
  13. #include "test_util.h"
  14. static void initialize_ciphers(flow *f){
  15. uint8_t *data;
  16. f->hs_md_ctx = EVP_MD_CTX_create();
  17. const EVP_MD *md = EVP_sha256();
  18. EVP_DigestInit_ex(f->hs_md_ctx, md, NULL);
  19. f->cipher = NULL;
  20. f->clnt_read_ctx = NULL;
  21. f->clnt_write_ctx = NULL;
  22. f->srvr_read_ctx = NULL;
  23. f->srvr_write_ctx = NULL;
  24. f->gcm_ctx_out = NULL;
  25. f->gcm_ctx_iv = NULL;
  26. f->gcm_ctx_key = NULL;
  27. memset(f->read_seq, 0, 8);
  28. memset(f->write_seq, 0, 8);
  29. //skipping Finished message, so up counters
  30. f->read_seq[7] = 1;
  31. f->write_seq[7] = 1;
  32. /* Cipher initialization */
  33. if(!read_file("data/ctx.dat", &data)){
  34. ck_abort();
  35. }
  36. memcpy(f->master_secret, data, SSL3_MASTER_SECRET_SIZE);
  37. memcpy(f->client_random, data+SSL3_MASTER_SECRET_SIZE, SSL3_RANDOM_SIZE);
  38. memcpy(f->server_random, data+SSL3_MASTER_SECRET_SIZE+SSL3_RANDOM_SIZE, SSL3_RANDOM_SIZE);
  39. f->cipher = EVP_aes_128_gcm();
  40. f->message_digest = EVP_sha256();
  41. int result = init_ciphers(f);
  42. ck_assert_int_eq(result, 0);
  43. free(data);
  44. }
  45. START_TEST(full_decrypt){
  46. uint8_t *data;
  47. int32_t len;
  48. flow *f = NULL;
  49. /* Flow initialization */
  50. f = smalloc(sizeof(flow));
  51. initialize_ciphers(f);
  52. /* Application Data */
  53. if(!(read_file_len("data/ciphertext.dat", &data, &len))){
  54. ck_abort();
  55. }
  56. int n = encrypt(f, data, data, len, 1, 0x17, 0, 0);
  57. ck_assert_int_eq(n, len - (EVP_GCM_TLS_TAG_LEN + EVP_GCM_TLS_EXPLICIT_IV_LEN));
  58. free(data);
  59. }
  60. END_TEST
  61. START_TEST(full_encrypt){
  62. uint8_t *data;
  63. int len;
  64. flow *f = NULL;
  65. /* Flow initialization */
  66. f = smalloc(sizeof(flow));
  67. initialize_ciphers(f);
  68. /* Application Data */
  69. if(!(read_file_len("data/plaintext.dat", &data, &len))){
  70. ck_abort();
  71. }
  72. int n = encrypt(f, data, data, len-EVP_GCM_TLS_TAG_LEN, 1, 0x17, 1, 0);
  73. ck_assert_int_eq(n, len);
  74. free(data);
  75. }
  76. END_TEST
  77. START_TEST(partial_decrypt){
  78. uint8_t *data;
  79. uint8_t *data2;
  80. int len;
  81. flow *f = NULL;
  82. /* Flow initialization */
  83. f = smalloc(sizeof(flow));
  84. initialize_ciphers(f);
  85. /* Application Data */
  86. if(!(read_file_len("data/ciphertext.dat", &data, &len))){
  87. ck_abort();
  88. }
  89. if(!(read_file("data/ciphertext.dat", &data2))){
  90. ck_abort();
  91. }
  92. int n = encrypt(f, data, data, len, 1, 0x17, 0, 0);
  93. ck_assert_int_gt(n, 0);
  94. f->partial_record = data2;
  95. n = partial_aes_gcm_tls_cipher(f, data2, data2, len/2, 0, 0);
  96. ck_assert_int_eq(n, len/2 - EVP_GCM_TLS_EXPLICIT_IV_LEN);
  97. ck_assert_int_eq(memcmp(data + EVP_GCM_TLS_EXPLICIT_IV_LEN, data2 +
  98. EVP_GCM_TLS_EXPLICIT_IV_LEN, n), 0);
  99. free(data2);
  100. if(!(read_file("data/ciphertext.dat", &data2))){
  101. ck_abort();
  102. }
  103. f->partial_record = data2;
  104. f->partial_record_len = 100;
  105. n = partial_aes_gcm_tls_cipher(f, data2+100, data2+100, 300, 100, 0);
  106. ck_assert_int_eq(n, 300);
  107. printf("partial bytes:\n");
  108. for(int i=0; i< 300; i++){
  109. printf("%02x ", data[100+i]);
  110. }
  111. printf("\n");
  112. printf("partial bytes:\n");
  113. for(int i=0; i< 300; i++){
  114. printf("%02x ", data2[100+i]);
  115. }
  116. printf("\n");
  117. ck_assert_int_eq(memcmp(data + 100, data2 + 100, 300), 0);
  118. free(data2);
  119. free(data);
  120. }
  121. END_TEST
  122. START_TEST(partial_encrypt){
  123. uint8_t *data;
  124. uint8_t *data2;
  125. int len;
  126. flow *f = NULL;
  127. /* Flow initialization */
  128. f = smalloc(sizeof(flow));
  129. initialize_ciphers(f);
  130. /* Application Data */
  131. if(!(read_file_len("data/plaintext.dat", &data, &len))){
  132. ck_abort();
  133. }
  134. if(!(read_file("data/plaintext.dat", &data2))){
  135. ck_abort();
  136. }
  137. printf("%s\n", data2+EVP_GCM_TLS_EXPLICIT_IV_LEN);
  138. fflush(stdout);
  139. //skipping decrypt, so up counters
  140. f->read_seq[7] = 2;
  141. f->write_seq[7] = 2;
  142. f->partial_record_dec = data;
  143. int n = partial_aes_gcm_tls_cipher(f, data, data, len/2 + EVP_GCM_TLS_EXPLICIT_IV_LEN, 0, 1);
  144. ck_assert_int_gt(n, 0);
  145. f->partial_record_dec = data2;
  146. n = partial_aes_gcm_tls_cipher(f, data2, data2, len - EVP_GCM_TLS_TAG_LEN, 0, 1);
  147. ck_assert_int_eq(n, len - EVP_GCM_TLS_TAG_LEN - EVP_GCM_TLS_EXPLICIT_IV_LEN);
  148. ck_assert_int_eq(memcmp(data, data2, n/2), 0);
  149. //compute the tag
  150. partial_aes_gcm_tls_tag(f, data2 + n + EVP_GCM_TLS_EXPLICIT_IV_LEN, n);
  151. //decrypt to check tag
  152. initialize_ciphers(f);
  153. n = encrypt(f, data2, data2, len, 1, 0x17, 0, 0);
  154. printf("%s\n", data2+EVP_GCM_TLS_EXPLICIT_IV_LEN);
  155. fflush(stdout);
  156. ck_assert_int_eq(n, len - (EVP_GCM_TLS_TAG_LEN + EVP_GCM_TLS_EXPLICIT_IV_LEN));
  157. free(data);
  158. free(data2);
  159. }
  160. END_TEST
  161. START_TEST(future_decrypt){
  162. }
  163. END_TEST
  164. START_TEST(future_encrypt){
  165. }
  166. END_TEST
  167. Suite *tag_suite(void) {
  168. Suite *s;
  169. TCase *tc_core;
  170. s = suite_create("Partial AES");
  171. tc_core = tcase_create("Core");
  172. tcase_add_test(tc_core, full_decrypt);
  173. tcase_add_test(tc_core, full_encrypt);
  174. tcase_add_test(tc_core, partial_decrypt);
  175. tcase_add_test(tc_core, partial_encrypt);
  176. tcase_add_test(tc_core, future_decrypt);
  177. tcase_add_test(tc_core, future_encrypt);
  178. suite_add_tcase(s, tc_core);
  179. return s;
  180. }
  181. int main(void){
  182. int number_failed;
  183. Suite *s;
  184. SRunner *sr;
  185. //initialize Slitheen structures
  186. if(init_tables()){
  187. exit(1);
  188. }
  189. if(init_session_cache()){
  190. exit(1);
  191. }
  192. init_crypto_locks();
  193. s = tag_suite();
  194. sr = srunner_create(s);
  195. srunner_set_fork_status(sr, CK_NOFORK);
  196. srunner_run_all(sr, CK_NORMAL);
  197. number_failed = srunner_ntests_failed(sr);
  198. srunner_free(sr);
  199. crypto_locks_cleanup();
  200. return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
  201. }