From 2207ba7b449583631e939ee3f603287dd6d61307 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 27 Feb 2015 00:49:47 +0000
Subject: Add OCB support and test vectors for evp_test.

Reviewed-by: Matt Caswell <matt@openssl.org>
---
 crypto/evp/evp_test.c   |  38 ++++++-------
 crypto/evp/evptests.txt | 145 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 164 insertions(+), 19 deletions(-)

(limited to 'crypto/evp')

diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c
index 44375bfa6a..4d70e0c82c 100644
--- a/crypto/evp/evp_test.c
+++ b/crypto/evp/evp_test.c
@@ -623,7 +623,7 @@ static const struct evp_test_method digest_test_method = {
 struct cipher_data {
     const EVP_CIPHER *cipher;
     int enc;
-    /* Set to EVP_CIPH_GCM_MODE or EVP_CIPH_CCM_MODE if AEAD */
+    /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */
     int aead;
     unsigned char *key;
     size_t key_len;
@@ -664,6 +664,7 @@ static int cipher_test_init(struct evp_test *t, const char *alg)
     cdat->tag = NULL;
     t->data = cdat;
     if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE
+        || EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE
         || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE)
         cdat->aead = EVP_CIPHER_mode(cipher);
     else
@@ -746,12 +747,8 @@ static int cipher_test_enc(struct evp_test *t, int enc)
         goto err;
     err = "INVALID_IV_LENGTH";
     if (cdat->iv) {
-        if (cdat->aead == EVP_CIPH_GCM_MODE) {
-            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
-                                     cdat->iv_len, 0))
-                goto err;
-        } else if (cdat->aead == EVP_CIPH_CCM_MODE) {
-            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN,
+        if (cdat->aead) {
+            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
                                      cdat->iv_len, 0))
                 goto err;
         } else if (cdat->iv_len != (size_t)EVP_CIPHER_CTX_iv_length(ctx))
@@ -760,23 +757,19 @@ static int cipher_test_enc(struct evp_test *t, int enc)
     if (cdat->aead) {
         unsigned char *tag;
         /*
-         * If encrypting just set tag length. If decrypting set
-         * tag length and value.
+         * If encrypting or OCB just set tag length initially, otherwise
+         * set tag length and value.
          */
-        if (enc) {
+        if (enc || cdat->aead == EVP_CIPH_OCB_MODE) {
             err = "TAG_LENGTH_SET_ERROR";
             tag = NULL;
         } else {
             err = "TAG_SET_ERROR";
             tag = cdat->tag;
         }
-        if (cdat->aead == EVP_CIPH_GCM_MODE && tag) {
-            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG,
-                                     cdat->tag_len, tag))
-                goto err;
-        } else if (cdat->aead == EVP_CIPH_CCM_MODE) {
-            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG,
-                                     cdat->tag_len, tag))
+        if (tag || cdat->aead != EVP_CIPH_GCM_MODE) {
+            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
+                                        cdat->tag_len, tag))
                 goto err;
         }
     }
@@ -788,6 +781,14 @@ static int cipher_test_enc(struct evp_test *t, int enc)
     if (!EVP_CipherInit_ex(ctx, NULL, NULL, cdat->key, cdat->iv, -1))
         goto err;
 
+    if (!enc && cdat->aead == EVP_CIPH_OCB_MODE) {
+        if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
+                                 cdat->tag_len, cdat->tag)) {
+                err = "TAG_SET_ERROR";
+                goto err;
+        }
+    }
+
     if (cdat->aead == EVP_CIPH_CCM_MODE) {
         if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) {
             err = "CCM_PLAINTEXT_LENGTH_SET_ERROR";
@@ -823,8 +824,7 @@ static int cipher_test_enc(struct evp_test *t, int enc)
             err = "TAG_LENGTH_INTERNAL_ERROR";
             goto err;
         }
-        /* EVP_CTRL_CCM_GET_TAG and EVP_CTRL_GCM_GET_TAG are equal. */
-        if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG,
+        if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
                                  cdat->tag_len, rtag)) {
             err = "TAG_RETRIEVE_ERROR";
             goto err;
diff --git a/crypto/evp/evptests.txt b/crypto/evp/evptests.txt
index 89587c66a7..91fb7dcc61 100644
--- a/crypto/evp/evptests.txt
+++ b/crypto/evp/evptests.txt
@@ -1652,6 +1652,151 @@ Tag = 3b629ccfbc1119b7319e1dce2cd6fd6d
 Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
 Ciphertext = 6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3dcee23ad2f1ab3a6c80eaf4b140eb05de3457f0fbc111a6b43d0763aa422a3013cf1dc37fe417d1fbfc449b75d4cc5
 
+#AES OCB Test vectors
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD =
+Tag = 197B9C3C441D3C83EAFB2BEF633B9182
+Plaintext =
+Ciphertext =
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 0001020304050607
+Tag = 16DC76A46D47E1EAD537209E8A96D14E
+Plaintext = 0001020304050607
+Ciphertext = 92B657130A74B85A
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 0001020304050607
+Tag = 98B91552C8C009185044E30A6EB2FE21
+Plaintext =
+Ciphertext =
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD =
+Tag = 971EFFCAE19AD4716F88E87B871FBEED
+Plaintext = 0001020304050607
+Ciphertext = 92B657130A74B85A
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F
+Tag = 776C9924D6723A1FC4524532AC3E5BEB
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F
+Tag = 7DDB8E6CEA6814866212509619B19CC6
+Plaintext =
+Ciphertext =
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD =
+Tag = 13CC8B747807121A4CBB3E4BD6B456AF
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F1011121314151617
+Tag = 5FA94FC3F38820F1DC3F3D1FD4E55E1C
+Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F1011121314151617
+Tag = 282026DA3068BC9FA118681D559F10F6
+Plaintext =
+Ciphertext =
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD =
+Tag = 6EF2F52587FDA0ED97DC7EEDE241DF68
+Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Tag = B2A040DD3BD5164372D76D7BB6824240
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Tag = E1E072633BADE51A60E85951D9C42A1B
+Plaintext =
+Ciphertext =
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD =
+Tag = 4A3BAE824465CFDAF8C41FC50C7DF9D9
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 659C623211DEEA0DE30D2C381879F4C8
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 7AEB7A69A1687DD082CA27B0D9A37096
+Plaintext =
+Ciphertext =
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD =
+Tag = 060C8467F4ABAB5E8B3C2067A2E115DC
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635
+
+#AES OCB Non standard test vectors - generated from reference implementation
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 1b6c44f34e3abb3cbf8976e7
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Ciphertext = 09a4fd29de949d9a9aa9924248422097ad4883b4713e6c214ff6567ada08a96766fc4e2ee3e3a5a1
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000102030405060708090A0B0C0D0E
+AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Tag = 1ad62009901f40cba7cd7156f94a7324
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
+Ciphertext = 5e2fa7367ffbdb3938845cfd415fcc71ec79634eb31451609d27505f5e2978f43c44213d8fa441ee
 
 # AES XTS test vectors from IEEE Std 1619-2007
 Cipher = aes-128-xts
-- 
cgit v1.2.3