source-git / gnutls

Clone
Source Code
GIT

Blame tests/slow/cipher-override.c

c8 c8s master
  1.   4684c19e6b623dac0517d3f3ac8f576d6fbfd0bb
  2.   tests
  3.   slow
  4.   cipher-override.c
Blob History Raw
Packit Service 4684c1 
#include <config.h>
Packit Service 4684c1 
#include <stdint.h>
Packit Service 4684c1 
#include <stdio.h>
Packit Service 4684c1 
#include <string.h>
Packit Service 4684c1 
#include <utils.h>
Packit Service 4684c1 
#include <stdlib.h>
Packit Service 4684c1 
#include <gnutls/gnutls.h>
Packit Service 4684c1 
#include <gnutls/crypto.h>
Packit Service 4684c1 
#include <gnutls/self-test.h>
Packit Service 4684c1
Packit Service 4684c1 
#ifndef HAVE_LIBNETTLE
Packit Service 4684c1 
int main(int argc, char **argv)
Packit Service 4684c1 
{
Packit Service 4684c1 
	exit(77);
Packit Service 4684c1 
}
Packit Service 4684c1 
#else
Packit Service 4684c1
Packit Service 4684c1 
# include <nettle/aes.h>
Packit Service 4684c1 
# include <nettle/cbc.h>
Packit Service 4684c1 
# include <nettle/gcm.h>
Packit Service 4684c1 
# include <assert.h>
Packit Service 4684c1
Packit Service 4684c1 
/* this tests whether the API to override ciphers works sanely.
Packit Service 4684c1 
 */
Packit Service 4684c1 
static int used = 0;
Packit Service 4684c1 
static int aead_used = 0;
Packit Service 4684c1 
static void tls_log_func(int level, const char *str)
Packit Service 4684c1 
{
Packit Service 4684c1 
	fprintf(stderr, "<%d>| %s", level, str);
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
struct myaes_ctx {
Packit Service 4684c1 
	struct aes128_ctx aes;
Packit Service 4684c1 
	unsigned char iv[16];
Packit Service 4684c1 
	int enc;
Packit Service 4684c1 
};
Packit Service 4684c1
Packit Service 4684c1 
static int
Packit Service 4684c1 
myaes_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
Packit Service 4684c1 
{
Packit Service 4684c1 
	/* we use key size to distinguish */
Packit Service 4684c1 
	if (algorithm != GNUTLS_CIPHER_AES_128_CBC)
Packit Service 4684c1 
		return GNUTLS_E_INVALID_REQUEST;
Packit Service 4684c1
Packit Service 4684c1 
	*_ctx = calloc(1, sizeof(struct myaes_ctx));
Packit Service 4684c1 
	if (*_ctx == NULL) {
Packit Service 4684c1 
		return GNUTLS_E_MEMORY_ERROR;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	((struct myaes_ctx *) (*_ctx))->enc = enc;
Packit Service 4684c1
Packit Service 4684c1 
	return 0;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
static int
Packit Service 4684c1 
myaes_setkey(void *_ctx, const void *userkey, size_t keysize)
Packit Service 4684c1 
{
Packit Service 4684c1 
	struct myaes_ctx *ctx = _ctx;
Packit Service 4684c1
Packit Service 4684c1 
	assert(keysize == 16);
Packit Service 4684c1
Packit Service 4684c1 
	if (ctx->enc)
Packit Service 4684c1 
		aes128_set_encrypt_key(&ctx->aes, userkey);
Packit Service 4684c1 
	else
Packit Service 4684c1 
		aes128_set_decrypt_key(&ctx->aes, userkey);
Packit Service 4684c1
Packit Service 4684c1 
	return 0;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
static int myaes_setiv(void *_ctx, const void *iv, size_t iv_size)
Packit Service 4684c1 
{
Packit Service 4684c1 
	struct myaes_ctx *ctx = _ctx;
Packit Service 4684c1
Packit Service 4684c1 
	memcpy(ctx->iv, iv, 16);
Packit Service 4684c1 
	return 0;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
static int
Packit Service 4684c1 
myaes_encrypt(void *_ctx, const void *src, size_t src_size,
Packit Service 4684c1 
	    void *dst, size_t dst_size)
Packit Service 4684c1 
{
Packit Service 4684c1 
	struct myaes_ctx *ctx = _ctx;
Packit Service 4684c1
Packit Service 4684c1 
	used++;
Packit Service 4684c1 
	cbc_encrypt(&ctx->aes, (nettle_cipher_func*)aes128_encrypt, 16, ctx->iv, src_size, dst, src);
Packit Service 4684c1 
	return 0;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
static int
Packit Service 4684c1 
myaes_decrypt(void *_ctx, const void *src, size_t src_size,
Packit Service 4684c1 
	    void *dst, size_t dst_size)
Packit Service 4684c1 
{
Packit Service 4684c1 
	struct myaes_ctx *ctx = _ctx;
Packit Service 4684c1
Packit Service 4684c1 
	used++;
Packit Service 4684c1 
	cbc_decrypt(&ctx->aes, (nettle_cipher_func*)aes128_decrypt, 16, ctx->iv, src_size, dst, src);
Packit Service 4684c1
Packit Service 4684c1 
	return 0;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
static void myaes_deinit(void *_ctx)
Packit Service 4684c1 
{
Packit Service 4684c1 
	free(_ctx);
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
/* AES-GCM */
Packit Service 4684c1 
struct myaes_gcm_ctx {
Packit Service 4684c1 
	struct gcm_aes128_ctx aes;
Packit Service 4684c1 
};
Packit Service 4684c1
Packit Service 4684c1 
static int
Packit Service 4684c1 
myaes_gcm_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
Packit Service 4684c1 
{
Packit Service 4684c1 
	/* we use key size to distinguish */
Packit Service 4684c1 
	if (algorithm != GNUTLS_CIPHER_AES_128_GCM
Packit Service 4684c1 
	    && algorithm != GNUTLS_CIPHER_AES_256_GCM)
Packit Service 4684c1 
		return GNUTLS_E_INVALID_REQUEST;
Packit Service 4684c1
Packit Service 4684c1 
	*_ctx = calloc(1, sizeof(struct myaes_gcm_ctx));
Packit Service 4684c1 
	if (*_ctx == NULL) {
Packit Service 4684c1 
		return GNUTLS_E_MEMORY_ERROR;
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	return 0;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
static int
Packit Service 4684c1 
myaes_gcm_setkey(void *_ctx, const void *userkey, size_t keysize)
Packit Service 4684c1 
{
Packit Service 4684c1 
	struct myaes_gcm_ctx *ctx = _ctx;
Packit Service 4684c1
Packit Service 4684c1 
	gcm_aes128_set_key(&ctx->aes, userkey);
Packit Service 4684c1
Packit Service 4684c1 
	return 0;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
static void myaes_gcm_deinit(void *_ctx)
Packit Service 4684c1 
{
Packit Service 4684c1 
	free(_ctx);
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
static int
Packit Service 4684c1 
myaes_gcm_encrypt(void *_ctx,
Packit Service 4684c1 
		  const void *nonce, size_t nonce_size,
Packit Service 4684c1 
		  const void *auth, size_t auth_size,
Packit Service 4684c1 
		  size_t tag_size,
Packit Service 4684c1 
		  const void *plain, size_t plain_size,
Packit Service 4684c1 
		  void *encr, size_t encr_size)
Packit Service 4684c1 
{
Packit Service 4684c1 
	/* proper AEAD cipher */
Packit Service 4684c1 
	struct myaes_gcm_ctx *ctx = _ctx;
Packit Service 4684c1 
	if (encr_size < plain_size + tag_size)
Packit Service 4684c1 
		return GNUTLS_E_SHORT_MEMORY_BUFFER;
Packit Service 4684c1
Packit Service 4684c1 
	aead_used++;
Packit Service 4684c1 
	gcm_aes128_set_iv(&ctx->aes, nonce_size, nonce);
Packit Service 4684c1 
	gcm_aes128_update(&ctx->aes, auth_size, auth);
Packit Service 4684c1
Packit Service 4684c1 
	gcm_aes128_encrypt(&ctx->aes, plain_size, encr, plain);
Packit Service 4684c1
Packit Service 4684c1 
	gcm_aes128_digest(&ctx->aes, tag_size, ((uint8_t*)encr) + plain_size);
Packit Service 4684c1 
	return 0;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
static int
Packit Service 4684c1 
myaes_gcm_decrypt(void *_ctx,
Packit Service 4684c1 
		  const void *nonce, size_t nonce_size,
Packit Service 4684c1 
		  const void *auth, size_t auth_size,
Packit Service 4684c1 
		  size_t tag_size,
Packit Service 4684c1 
		  const void *encr, size_t encr_size,
Packit Service 4684c1 
		  void *plain, size_t plain_size)
Packit Service 4684c1 
{
Packit Service 4684c1 
	uint8_t tag[16];
Packit Service 4684c1 
	struct myaes_gcm_ctx *ctx = _ctx;
Packit Service 4684c1
Packit Service 4684c1 
	if (encr_size < tag_size)
Packit Service 4684c1 
		return GNUTLS_E_DECRYPTION_FAILED;
Packit Service 4684c1
Packit Service 4684c1 
	aead_used++;
Packit Service 4684c1 
	gcm_aes128_set_iv(&ctx->aes, nonce_size, nonce);
Packit Service 4684c1 
	gcm_aes128_update(&ctx->aes, auth_size, auth);
Packit Service 4684c1
Packit Service 4684c1 
	encr_size -= tag_size;
Packit Service 4684c1 
	gcm_aes128_decrypt(&ctx->aes, encr_size, plain, encr);
Packit Service 4684c1
Packit Service 4684c1 
	gcm_aes128_digest(&ctx->aes, tag_size, tag);
Packit Service 4684c1
Packit Service 4684c1 
	if (gnutls_memcmp(((uint8_t*)encr)+encr_size, tag, tag_size) != 0)
Packit Service 4684c1 
		return GNUTLS_E_DECRYPTION_FAILED;
Packit Service 4684c1
Packit Service 4684c1 
	return 0;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1
Packit Service 4684c1
Packit Service 4684c1 
int main(int argc, char **argv)
Packit Service 4684c1 
{
Packit Service 4684c1 
	int ret;
Packit Service 4684c1
Packit Service 4684c1 
	gnutls_global_set_log_function(tls_log_func);
Packit Service 4684c1 
	if (argc > 1)
Packit Service 4684c1 
		gnutls_global_set_log_level(4711);
Packit Service 4684c1
Packit Service 4684c1 
	ret = gnutls_crypto_register_cipher(GNUTLS_CIPHER_AES_128_CBC, 1,
Packit Service 4684c1 
		myaes_init,
Packit Service 4684c1 
		myaes_setkey,
Packit Service 4684c1 
		myaes_setiv,
Packit Service 4684c1 
		myaes_encrypt,
Packit Service 4684c1 
		myaes_decrypt,
Packit Service 4684c1 
		myaes_deinit);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		fprintf(stderr, "%d: cannot register cipher\n", __LINE__);
Packit Service 4684c1 
		exit(1);
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	ret = gnutls_crypto_register_aead_cipher(GNUTLS_CIPHER_AES_128_GCM, 1,
Packit Service 4684c1 
		myaes_gcm_init,
Packit Service 4684c1 
		myaes_gcm_setkey,
Packit Service 4684c1 
		myaes_gcm_encrypt,
Packit Service 4684c1 
		myaes_gcm_decrypt,
Packit Service 4684c1 
		myaes_gcm_deinit);
Packit Service 4684c1 
	if (ret < 0) {
Packit Service 4684c1 
		fprintf(stderr, "%d: cannot register cipher\n", __LINE__);
Packit Service 4684c1 
		exit(1);
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	global_init();
Packit Service 4684c1
Packit Service 4684c1 
	if (gnutls_cipher_self_test(GNUTLS_SELF_TEST_FLAG_ALL|GNUTLS_SELF_TEST_FLAG_NO_COMPAT, 0) < 0)
Packit Service 4684c1 
		return 1;
Packit Service 4684c1
Packit Service 4684c1 
	if (used == 0) {
Packit Service 4684c1 
		fprintf(stderr, "The CBC cipher was not used\n");
Packit Service 4684c1 
		exit(1);
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	if (aead_used == 0) {
Packit Service 4684c1 
		fprintf(stderr, "The AEAD cipher was not used\n");
Packit Service 4684c1 
		exit(1);
Packit Service 4684c1 
	}
Packit Service 4684c1
Packit Service 4684c1 
	gnutls_global_deinit();
Packit Service 4684c1 
	return 0;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
#endif

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation