aboutsummaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/.gitignore5
-rw-r--r--tests/Makefile10
-rw-r--r--tests/test-crypto-afsplit.c193
-rw-r--r--tests/test-crypto-block.c362
-rw-r--r--tests/test-crypto-cipher.c215
-rw-r--r--tests/test-crypto-ivgen.c173
-rw-r--r--tests/test-crypto-pbkdf.c392
-rw-r--r--tests/test-crypto-xts.c423
8 files changed, 1771 insertions, 2 deletions
diff --git a/tests/.gitignore b/tests/.gitignore
index 787c95c73d..5f30cbea07 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -12,8 +12,12 @@ test-base64
test-bitops
test-blockjob-txn
test-coroutine
+test-crypto-afsplit
+test-crypto-block
test-crypto-cipher
test-crypto-hash
+test-crypto-ivgen
+test-crypto-pbkdf
test-crypto-secret
test-crypto-tlscredsx509
test-crypto-tlscredsx509-work/
@@ -22,6 +26,7 @@ test-crypto-tlssession
test-crypto-tlssession-work/
test-crypto-tlssession-client/
test-crypto-tlssession-server/
+test-crypto-xts
test-cutils
test-hbitmap
test-int128
diff --git a/tests/Makefile b/tests/Makefile
index cd4bbd41ad..60371ca008 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -92,6 +92,11 @@ check-unit-$(CONFIG_GNUTLS) += tests/test-io-channel-tls$(EXESUF)
check-unit-y += tests/test-io-channel-command$(EXESUF)
check-unit-y += tests/test-io-channel-buffer$(EXESUF)
check-unit-y += tests/test-base64$(EXESUF)
+check-unit-$(if $(CONFIG_NETTLE),y,$(CONFIG_GCRYPT_KDF)) += tests/test-crypto-pbkdf$(EXESUF)
+check-unit-y += tests/test-crypto-ivgen$(EXESUF)
+check-unit-y += tests/test-crypto-afsplit$(EXESUF)
+check-unit-y += tests/test-crypto-xts$(EXESUF)
+check-unit-y += tests/test-crypto-block$(EXESUF)
check-block-$(CONFIG_POSIX) += tests/qemu-iotests-quick.sh
@@ -472,6 +477,7 @@ tests/test-bitops$(EXESUF): tests/test-bitops.o $(test-util-obj-y)
tests/test-crypto-hash$(EXESUF): tests/test-crypto-hash.o $(test-crypto-obj-y)
tests/test-crypto-cipher$(EXESUF): tests/test-crypto-cipher.o $(test-crypto-obj-y)
tests/test-crypto-secret$(EXESUF): tests/test-crypto-secret.o $(test-crypto-obj-y)
+tests/test-crypto-xts$(EXESUF): tests/test-crypto-xts.o $(test-crypto-obj-y)
tests/crypto-tls-x509-helpers.o-cflags := $(TASN1_CFLAGS)
tests/crypto-tls-x509-helpers.o-libs := $(TASN1_LIBS)
@@ -496,6 +502,10 @@ tests/test-io-channel-command$(EXESUF): tests/test-io-channel-command.o \
tests/io-channel-helpers.o $(test-io-obj-y)
tests/test-io-channel-buffer$(EXESUF): tests/test-io-channel-buffer.o \
tests/io-channel-helpers.o $(test-io-obj-y)
+tests/test-crypto-pbkdf$(EXESUF): tests/test-crypto-pbkdf.o $(test-crypto-obj-y)
+tests/test-crypto-ivgen$(EXESUF): tests/test-crypto-ivgen.o $(test-crypto-obj-y)
+tests/test-crypto-afsplit$(EXESUF): tests/test-crypto-afsplit.o $(test-crypto-obj-y)
+tests/test-crypto-block$(EXESUF): tests/test-crypto-block.o $(test-crypto-obj-y)
libqos-obj-y = tests/libqos/pci.o tests/libqos/fw_cfg.o tests/libqos/malloc.o
libqos-obj-y += tests/libqos/i2c.o tests/libqos/libqos.o
diff --git a/tests/test-crypto-afsplit.c b/tests/test-crypto-afsplit.c
new file mode 100644
index 0000000000..ceaac0a06d
--- /dev/null
+++ b/tests/test-crypto-afsplit.c
@@ -0,0 +1,193 @@
+/*
+ * QEMU Crypto anti-forensic splitter
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "crypto/init.h"
+#include "crypto/afsplit.h"
+
+typedef struct QCryptoAFSplitTestData QCryptoAFSplitTestData;
+struct QCryptoAFSplitTestData {
+ const char *path;
+ QCryptoHashAlgorithm hash;
+ uint32_t stripes;
+ size_t blocklen;
+ const uint8_t *key;
+ const uint8_t *splitkey;
+};
+
+static QCryptoAFSplitTestData test_data[] = {
+ {
+ .path = "/crypto/afsplit/sha256/5",
+ .hash = QCRYPTO_HASH_ALG_SHA256,
+ .stripes = 5,
+ .blocklen = 32,
+ .key = (const uint8_t *)
+ "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
+ "\xa8\xa9\xaa\xab\xac\xad\xae\xaf",
+ .splitkey = (const uint8_t *)
+ "\xfd\xd2\x73\xb1\x7d\x99\x93\x34"
+ "\x70\xde\xfa\x07\xc5\xac\x58\xd2"
+ "\x30\x67\x2f\x1a\x35\x43\x60\x7d"
+ "\x77\x02\xdb\x62\x3c\xcb\x2c\x33"
+ "\x48\x08\xb6\xf1\x7c\xa3\x20\xa0"
+ "\xad\x2d\x4c\xf3\xcd\x18\x6f\x53"
+ "\xf9\xe8\xe7\x59\x27\x3c\xa9\x54"
+ "\x61\x87\xb3\xaf\xf6\xf7\x7e\x64"
+ "\x86\xaa\x89\x7f\x1f\x9f\xdb\x86"
+ "\xf4\xa2\x16\xff\xa3\x4f\x8c\xa1"
+ "\x59\xc4\x23\x34\x28\xc4\x77\x71"
+ "\x83\xd4\xcd\x8e\x89\x1b\xc7\xc5"
+ "\xae\x4d\xa9\xcd\xc9\x72\x85\x70"
+ "\x13\x68\x52\x83\xfc\xb8\x11\x72"
+ "\xba\x3d\xc6\x4a\x28\xfa\xe2\x86"
+ "\x7b\x27\xab\x58\xe1\xa4\xca\xf6"
+ "\x9e\xbc\xfe\x0c\x92\x79\xb3\xec"
+ "\x1c\x5f\x79\x3b\x0d\x1e\xaa\x1a"
+ "\x77\x0f\x70\x19\x4b\xc8\x80\xee"
+ "\x27\x7c\x6e\x4a\x91\x96\x5c\xf4"
+ },
+ {
+ .path = "/crypto/afsplit/sha256/5000",
+ .hash = QCRYPTO_HASH_ALG_SHA256,
+ .stripes = 5000,
+ .blocklen = 16,
+ .key = (const uint8_t *)
+ "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ },
+ {
+ .path = "/crypto/afsplit/sha1/1000",
+ .hash = QCRYPTO_HASH_ALG_SHA1,
+ .stripes = 1000,
+ .blocklen = 32,
+ .key = (const uint8_t *)
+ "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
+ "\xa8\xa9\xaa\xab\xac\xad\xae\xaf",
+ },
+ {
+ .path = "/crypto/afsplit/sha256/big",
+ .hash = QCRYPTO_HASH_ALG_SHA256,
+ .stripes = 1000,
+ .blocklen = 64,
+ .key = (const uint8_t *)
+ "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ },
+};
+
+
+static inline char hex(int i)
+{
+ if (i < 10) {
+ return '0' + i;
+ }
+ return 'a' + (i - 10);
+}
+
+static char *hex_string(const uint8_t *bytes,
+ size_t len)
+{
+ char *hexstr = g_new0(char, len * 2 + 1);
+ size_t i;
+
+ for (i = 0; i < len; i++) {
+ hexstr[i * 2] = hex((bytes[i] >> 4) & 0xf);
+ hexstr[i * 2 + 1] = hex(bytes[i] & 0xf);
+ }
+ hexstr[len * 2] = '\0';
+
+ return hexstr;
+}
+
+static void test_afsplit(const void *opaque)
+{
+ const QCryptoAFSplitTestData *data = opaque;
+ size_t splitlen = data->blocklen * data->stripes;
+ uint8_t *splitkey = g_new0(uint8_t, splitlen);
+ uint8_t *key = g_new0(uint8_t, data->blocklen);
+ gchar *expect, *actual;
+
+ /* First time we round-trip the key */
+ qcrypto_afsplit_encode(data->hash,
+ data->blocklen, data->stripes,
+ data->key, splitkey,
+ &error_abort);
+
+ qcrypto_afsplit_decode(data->hash,
+ data->blocklen, data->stripes,
+ splitkey, key,
+ &error_abort);
+
+ expect = hex_string(data->key, data->blocklen);
+ actual = hex_string(key, data->blocklen);
+
+ g_assert_cmpstr(actual, ==, expect);
+
+ g_free(actual);
+ g_free(expect);
+
+ /* Second time we merely try decoding a previous split */
+ if (data->splitkey) {
+ memset(key, 0, data->blocklen);
+
+ qcrypto_afsplit_decode(data->hash,
+ data->blocklen, data->stripes,
+ data->splitkey, key,
+ &error_abort);
+
+ expect = hex_string(data->key, data->blocklen);
+ actual = hex_string(key, data->blocklen);
+
+ g_assert_cmpstr(actual, ==, expect);
+
+ g_free(actual);
+ g_free(expect);
+ }
+
+ g_free(key);
+ g_free(splitkey);
+}
+
+int main(int argc, char **argv)
+{
+ size_t i;
+
+ g_test_init(&argc, &argv, NULL);
+
+ g_assert(qcrypto_init(NULL) == 0);
+
+ for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
+ if (!qcrypto_hash_supports(test_data[i].hash)) {
+ continue;
+ }
+ g_test_add_data_func(test_data[i].path, &test_data[i], test_afsplit);
+ }
+ return g_test_run();
+}
diff --git a/tests/test-crypto-block.c b/tests/test-crypto-block.c
new file mode 100644
index 0000000000..cdbe09d4ed
--- /dev/null
+++ b/tests/test-crypto-block.c
@@ -0,0 +1,362 @@
+/*
+ * QEMU Crypto block encryption
+ *
+ * Copyright (c) 2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "crypto/init.h"
+#include "crypto/block.h"
+#include "qemu/buffer.h"
+#include "crypto/secret.h"
+#ifndef _WIN32
+#include <sys/resource.h>
+#endif
+
+#if defined(CONFIG_UUID) && (defined(_WIN32) || defined RUSAGE_THREAD)
+#define TEST_LUKS
+#else
+#undef TEST_LUKS
+#endif
+
+static QCryptoBlockCreateOptions qcow_create_opts = {
+ .format = Q_CRYPTO_BLOCK_FORMAT_QCOW,
+ .u.qcow = {
+ .has_key_secret = true,
+ .key_secret = (char *)"sec0",
+ },
+};
+
+static QCryptoBlockOpenOptions qcow_open_opts = {
+ .format = Q_CRYPTO_BLOCK_FORMAT_QCOW,
+ .u.qcow = {
+ .has_key_secret = true,
+ .key_secret = (char *)"sec0",
+ },
+};
+
+
+#ifdef TEST_LUKS
+static QCryptoBlockOpenOptions luks_open_opts = {
+ .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
+ .u.luks = {
+ .has_key_secret = true,
+ .key_secret = (char *)"sec0",
+ },
+};
+
+
+/* Creation with all default values */
+static QCryptoBlockCreateOptions luks_create_opts_default = {
+ .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
+ .u.luks = {
+ .has_key_secret = true,
+ .key_secret = (char *)"sec0",
+ },
+};
+
+
+/* ...and with explicit values */
+static QCryptoBlockCreateOptions luks_create_opts_aes256_cbc_plain64 = {
+ .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
+ .u.luks = {
+ .has_key_secret = true,
+ .key_secret = (char *)"sec0",
+ .has_cipher_alg = true,
+ .cipher_alg = QCRYPTO_CIPHER_ALG_AES_256,
+ .has_cipher_mode = true,
+ .cipher_mode = QCRYPTO_CIPHER_MODE_CBC,
+ .has_ivgen_alg = true,
+ .ivgen_alg = QCRYPTO_IVGEN_ALG_PLAIN64,
+ },
+};
+
+
+static QCryptoBlockCreateOptions luks_create_opts_aes256_cbc_essiv = {
+ .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
+ .u.luks = {
+ .has_key_secret = true,
+ .key_secret = (char *)"sec0",
+ .has_cipher_alg = true,
+ .cipher_alg = QCRYPTO_CIPHER_ALG_AES_256,
+ .has_cipher_mode = true,
+ .cipher_mode = QCRYPTO_CIPHER_MODE_CBC,
+ .has_ivgen_alg = true,
+ .ivgen_alg = QCRYPTO_IVGEN_ALG_ESSIV,
+ .has_ivgen_hash_alg = true,
+ .ivgen_hash_alg = QCRYPTO_HASH_ALG_SHA256,
+ .has_hash_alg = true,
+ .hash_alg = QCRYPTO_HASH_ALG_SHA1,
+ },
+};
+#endif /* TEST_LUKS */
+
+
+static struct QCryptoBlockTestData {
+ const char *path;
+ QCryptoBlockCreateOptions *create_opts;
+ QCryptoBlockOpenOptions *open_opts;
+
+ bool expect_header;
+
+ QCryptoCipherAlgorithm cipher_alg;
+ QCryptoCipherMode cipher_mode;
+ QCryptoHashAlgorithm hash_alg;
+
+ QCryptoIVGenAlgorithm ivgen_alg;
+ QCryptoHashAlgorithm ivgen_hash;
+
+ bool slow;
+} test_data[] = {
+ {
+ .path = "/crypto/block/qcow",
+ .create_opts = &qcow_create_opts,
+ .open_opts = &qcow_open_opts,
+
+ .expect_header = false,
+
+ .cipher_alg = QCRYPTO_CIPHER_ALG_AES_128,
+ .cipher_mode = QCRYPTO_CIPHER_MODE_CBC,
+
+ .ivgen_alg = QCRYPTO_IVGEN_ALG_PLAIN64,
+ },
+#ifdef TEST_LUKS
+ {
+ .path = "/crypto/block/luks/default",
+ .create_opts = &luks_create_opts_default,
+ .open_opts = &luks_open_opts,
+
+ .expect_header = true,
+
+ .cipher_alg = QCRYPTO_CIPHER_ALG_AES_256,
+ .cipher_mode = QCRYPTO_CIPHER_MODE_XTS,
+ .hash_alg = QCRYPTO_HASH_ALG_SHA256,
+
+ .ivgen_alg = QCRYPTO_IVGEN_ALG_PLAIN64,
+
+ .slow = true,
+ },
+ {
+ .path = "/crypto/block/luks/aes-256-cbc-plain64",
+ .create_opts = &luks_create_opts_aes256_cbc_plain64,
+ .open_opts = &luks_open_opts,
+
+ .expect_header = true,
+
+ .cipher_alg = QCRYPTO_CIPHER_ALG_AES_256,
+ .cipher_mode = QCRYPTO_CIPHER_MODE_CBC,
+ .hash_alg = QCRYPTO_HASH_ALG_SHA256,
+
+ .ivgen_alg = QCRYPTO_IVGEN_ALG_PLAIN64,
+
+ .slow = true,
+ },
+ {
+ .path = "/crypto/block/luks/aes-256-cbc-essiv",
+ .create_opts = &luks_create_opts_aes256_cbc_essiv,
+ .open_opts = &luks_open_opts,
+
+ .expect_header = true,
+
+ .cipher_alg = QCRYPTO_CIPHER_ALG_AES_256,
+ .cipher_mode = QCRYPTO_CIPHER_MODE_CBC,
+ .hash_alg = QCRYPTO_HASH_ALG_SHA1,
+
+ .ivgen_alg = QCRYPTO_IVGEN_ALG_ESSIV,
+ .ivgen_hash = QCRYPTO_HASH_ALG_SHA256,
+
+ .slow = true,
+ },
+#endif
+};
+
+
+static ssize_t test_block_read_func(QCryptoBlock *block,
+ size_t offset,
+ uint8_t *buf,
+ size_t buflen,
+ Error **errp,
+ void *opaque)
+{
+ Buffer *header = opaque;
+
+ g_assert_cmpint(offset + buflen, <=, header->capacity);
+
+ memcpy(buf, header->buffer + offset, buflen);
+
+ return buflen;
+}
+
+
+static ssize_t test_block_init_func(QCryptoBlock *block,
+ size_t headerlen,
+ Error **errp,
+ void *opaque)
+{
+ Buffer *header = opaque;
+
+ g_assert_cmpint(header->capacity, ==, 0);
+
+ buffer_reserve(header, headerlen);
+
+ return headerlen;
+}
+
+
+static ssize_t test_block_write_func(QCryptoBlock *block,
+ size_t offset,
+ const uint8_t *buf,
+ size_t buflen,
+ Error **errp,
+ void *opaque)
+{
+ Buffer *header = opaque;
+
+ g_assert_cmpint(buflen + offset, <=, header->capacity);
+
+ memcpy(header->buffer + offset, buf, buflen);
+ header->offset = offset + buflen;
+
+ return buflen;
+}
+
+
+static Object *test_block_secret(void)
+{
+ return object_new_with_props(
+ TYPE_QCRYPTO_SECRET,
+ object_get_objects_root(),
+ "sec0",
+ &error_abort,
+ "data", "123456",
+ NULL);
+}
+
+static void test_block_assert_setup(const struct QCryptoBlockTestData *data,
+ QCryptoBlock *blk)
+{
+ QCryptoIVGen *ivgen;
+ QCryptoCipher *cipher;
+
+ ivgen = qcrypto_block_get_ivgen(blk);
+ cipher = qcrypto_block_get_cipher(blk);
+
+ g_assert(ivgen);
+ g_assert(cipher);
+
+ g_assert_cmpint(data->cipher_alg, ==, cipher->alg);
+ g_assert_cmpint(data->cipher_mode, ==, cipher->mode);
+ g_assert_cmpint(data->hash_alg, ==,
+ qcrypto_block_get_kdf_hash(blk));
+
+ g_assert_cmpint(data->ivgen_alg, ==,
+ qcrypto_ivgen_get_algorithm(ivgen));
+ g_assert_cmpint(data->ivgen_hash, ==,
+ qcrypto_ivgen_get_hash(ivgen));
+}
+
+
+static void test_block(gconstpointer opaque)
+{
+ const struct QCryptoBlockTestData *data = opaque;
+ QCryptoBlock *blk;
+ Buffer header;
+ Object *sec = test_block_secret();
+
+ memset(&header, 0, sizeof(header));
+ buffer_init(&header, "header");
+
+ blk = qcrypto_block_create(data->create_opts,
+ test_block_init_func,
+ test_block_write_func,
+ &header,
+ &error_abort);
+ g_assert(blk);
+
+ if (data->expect_header) {
+ g_assert_cmpint(header.capacity, >, 0);
+ } else {
+ g_assert_cmpint(header.capacity, ==, 0);
+ }
+
+ test_block_assert_setup(data, blk);
+
+ qcrypto_block_free(blk);
+ object_unparent(sec);
+
+ /* Ensure we can't open without the secret */
+ blk = qcrypto_block_open(data->open_opts,
+ test_block_read_func,
+ &header,
+ 0,
+ NULL);
+ g_assert(blk == NULL);
+
+ /* Ensure we can't open without the secret, unless NO_IO */
+ blk = qcrypto_block_open(data->open_opts,
+ test_block_read_func,
+ &header,
+ QCRYPTO_BLOCK_OPEN_NO_IO,
+ &error_abort);
+
+ g_assert(qcrypto_block_get_cipher(blk) == NULL);
+ g_assert(qcrypto_block_get_ivgen(blk) == NULL);
+
+ qcrypto_block_free(blk);
+
+
+ /* Now open for real with secret */
+ sec = test_block_secret();
+ blk = qcrypto_block_open(data->open_opts,
+ test_block_read_func,
+ &header,
+ 0,
+ &error_abort);
+ g_assert(blk);
+
+ test_block_assert_setup(data, blk);
+
+ qcrypto_block_free(blk);
+
+ object_unparent(sec);
+
+ buffer_free(&header);
+}
+
+
+int main(int argc, char **argv)
+{
+ gsize i;
+
+ module_call_init(MODULE_INIT_QOM);
+ g_test_init(&argc, &argv, NULL);
+
+ g_assert(qcrypto_init(NULL) == 0);
+
+ for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
+ if (test_data[i].open_opts->format == Q_CRYPTO_BLOCK_FORMAT_LUKS &&
+ !qcrypto_hash_supports(test_data[i].hash_alg)) {
+ continue;
+ }
+ if (!test_data[i].slow ||
+ g_test_slow()) {
+ g_test_add_data_func(test_data[i].path, &test_data[i], test_block);
+ }
+ }
+
+ return g_test_run();
+}
diff --git a/tests/test-crypto-cipher.c b/tests/test-crypto-cipher.c
index 9f912eccb5..e52b741f87 100644
--- a/tests/test-crypto-cipher.c
+++ b/tests/test-crypto-cipher.c
@@ -165,6 +165,211 @@ static QCryptoCipherTestData test_data[] = {
"ffd29f1bb5596ad94ea2d8e6196b7f09"
"30d8ed0bf2773af36dd82a6280c20926",
},
+ {
+ /* RFC 2144, Appendix B.1 */
+ .path = "/crypto/cipher/cast5-128",
+ .alg = QCRYPTO_CIPHER_ALG_CAST5_128,
+ .mode = QCRYPTO_CIPHER_MODE_ECB,
+ .key = "0123456712345678234567893456789A",
+ .plaintext = "0123456789abcdef",
+ .ciphertext = "238b4fe5847e44b2",
+ },
+ {
+ /* libgcrypt serpent.c */
+ .path = "/crypto/cipher/serpent-128",
+ .alg = QCRYPTO_CIPHER_ALG_SERPENT_128,
+ .mode = QCRYPTO_CIPHER_MODE_ECB,
+ .key = "00000000000000000000000000000000",
+ .plaintext = "d29d576fcea3a3a7ed9099f29273d78e",
+ .ciphertext = "b2288b968ae8b08648d1ce9606fd992d",
+ },
+ {
+ /* libgcrypt serpent.c */
+ .path = "/crypto/cipher/serpent-192",
+ .alg = QCRYPTO_CIPHER_ALG_SERPENT_192,
+ .mode = QCRYPTO_CIPHER_MODE_ECB,
+ .key = "00000000000000000000000000000000"
+ "0000000000000000",
+ .plaintext = "d29d576fceaba3a7ed9899f2927bd78e",
+ .ciphertext = "130e353e1037c22405e8faefb2c3c3e9",
+ },
+ {
+ /* libgcrypt serpent.c */
+ .path = "/crypto/cipher/serpent-256a",
+ .alg = QCRYPTO_CIPHER_ALG_SERPENT_256,
+ .mode = QCRYPTO_CIPHER_MODE_ECB,
+ .key = "00000000000000000000000000000000"
+ "00000000000000000000000000000000",
+ .plaintext = "d095576fcea3e3a7ed98d9f29073d78e",
+ .ciphertext = "b90ee5862de69168f2bdd5125b45472b",
+ },
+ {
+ /* libgcrypt serpent.c */
+ .path = "/crypto/cipher/serpent-256b",
+ .alg = QCRYPTO_CIPHER_ALG_SERPENT_256,
+ .mode = QCRYPTO_CIPHER_MODE_ECB,
+ .key = "00000000000000000000000000000000"
+ "00000000000000000000000000000000",
+ .plaintext = "00000000010000000200000003000000",
+ .ciphertext = "2061a42782bd52ec691ec383b03ba77c",
+ },
+ {
+ /* Twofish paper "Known Answer Test" */
+ .path = "/crypto/cipher/twofish-128",
+ .alg = QCRYPTO_CIPHER_ALG_TWOFISH_128,
+ .mode = QCRYPTO_CIPHER_MODE_ECB,
+ .key = "d491db16e7b1c39e86cb086b789f5419",
+ .plaintext = "019f9809de1711858faac3a3ba20fbc3",
+ .ciphertext = "6363977de839486297e661c6c9d668eb",
+ },
+ {
+ /* Twofish paper "Known Answer Test", I=3 */
+ .path = "/crypto/cipher/twofish-192",
+ .alg = QCRYPTO_CIPHER_ALG_TWOFISH_192,
+ .mode = QCRYPTO_CIPHER_MODE_ECB,
+ .key = "88b2b2706b105e36b446bb6d731a1e88"
+ "efa71f788965bd44",
+ .plaintext = "39da69d6ba4997d585b6dc073ca341b2",
+ .ciphertext = "182b02d81497ea45f9daacdc29193a65",
+ },
+ {
+ /* Twofish paper "Known Answer Test", I=4 */
+ .path = "/crypto/cipher/twofish-256",
+ .alg = QCRYPTO_CIPHER_ALG_TWOFISH_256,
+ .mode = QCRYPTO_CIPHER_MODE_ECB,
+ .key = "d43bb7556ea32e46f2a282b7d45b4e0d"
+ "57ff739d4dc92c1bd7fc01700cc8216f",
+ .plaintext = "90afe91bb288544f2c32dc239b2635e6",
+ .ciphertext = "6cb4561c40bf0a9705931cb6d408e7fa",
+ },
+ {
+ /* #1 32 byte key, 32 byte PTX */
+ .path = "/crypto/cipher/aes-xts-128-1",
+ .alg = QCRYPTO_CIPHER_ALG_AES_128,
+ .mode = QCRYPTO_CIPHER_MODE_XTS,
+ .key =
+ "00000000000000000000000000000000"
+ "00000000000000000000000000000000",
+ .iv =
+ "00000000000000000000000000000000",
+ .plaintext =
+ "00000000000000000000000000000000"
+ "00000000000000000000000000000000",
+ .ciphertext =
+ "917cf69ebd68b2ec9b9fe9a3eadda692"
+ "cd43d2f59598ed858c02c2652fbf922e",
+ },
+ {
+ /* #2, 32 byte key, 32 byte PTX */
+ .path = "/crypto/cipher/aes-xts-128-2",
+ .alg = QCRYPTO_CIPHER_ALG_AES_128,
+ .mode = QCRYPTO_CIPHER_MODE_XTS,
+ .key =
+ "11111111111111111111111111111111"
+ "22222222222222222222222222222222",
+ .iv =
+ "33333333330000000000000000000000",
+ .plaintext =
+ "44444444444444444444444444444444"
+ "44444444444444444444444444444444",
+ .ciphertext =
+ "c454185e6a16936e39334038acef838b"
+ "fb186fff7480adc4289382ecd6d394f0",
+ },
+ {
+ /* #5 from xts.7, 32 byte key, 32 byte PTX */
+ .path = "/crypto/cipher/aes-xts-128-3",
+ .alg = QCRYPTO_CIPHER_ALG_AES_128,
+ .mode = QCRYPTO_CIPHER_MODE_XTS,
+ .key =
+ "fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0"
+ "bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0",
+ .iv =
+ "9a785634120000000000000000000000",
+ .plaintext =
+ "44444444444444444444444444444444"
+ "44444444444444444444444444444444",
+ .ciphertext =
+ "b01f86f8edc1863706fa8a4253e34f28"
+ "af319de38334870f4dd1f94cbe9832f1",
+ },
+ {
+ /* #4, 32 byte key, 512 byte PTX */
+ .path = "/crypto/cipher/aes-xts-128-4",
+ .alg = QCRYPTO_CIPHER_ALG_AES_128,
+ .mode = QCRYPTO_CIPHER_MODE_XTS,
+ .key =
+ "27182818284590452353602874713526"
+ "31415926535897932384626433832795",
+ .iv =
+ "00000000000000000000000000000000",
+ .plaintext =
+ "000102030405060708090a0b0c0d0e0f"
+ "101112131415161718191a1b1c1d1e1f"
+ "202122232425262728292a2b2c2d2e2f"
+ "303132333435363738393a3b3c3d3e3f"
+ "404142434445464748494a4b4c4d4e4f"
+ "505152535455565758595a5b5c5d5e5f"
+ "606162636465666768696a6b6c6d6e6f"
+ "707172737475767778797a7b7c7d7e7f"
+ "808182838485868788898a8b8c8d8e8f"
+ "909192939495969798999a9b9c9d9e9f"
+ "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf"
+ "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf"
+ "c0c1c2c3c4c5c6c7c8c9cacbcccdcecf"
+ "d0d1d2d3d4d5d6d7d8d9dadbdcdddedf"
+ "e0e1e2e3e4e5e6e7e8e9eaebecedeeef"
+ "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"
+ "000102030405060708090a0b0c0d0e0f"
+ "101112131415161718191a1b1c1d1e1f"
+ "202122232425262728292a2b2c2d2e2f"
+ "303132333435363738393a3b3c3d3e3f"
+ "404142434445464748494a4b4c4d4e4f"
+ "505152535455565758595a5b5c5d5e5f"
+ "606162636465666768696a6b6c6d6e6f"
+ "707172737475767778797a7b7c7d7e7f"
+ "808182838485868788898a8b8c8d8e8f"
+ "909192939495969798999a9b9c9d9e9f"
+ "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf"
+ "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf"
+ "c0c1c2c3c4c5c6c7c8c9cacbcccdcecf"
+ "d0d1d2d3d4d5d6d7d8d9dadbdcdddedf"
+ "e0e1e2e3e4e5e6e7e8e9eaebecedeeef"
+ "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
+ .ciphertext =
+ "27a7479befa1d476489f308cd4cfa6e2"
+ "a96e4bbe3208ff25287dd3819616e89c"
+ "c78cf7f5e543445f8333d8fa7f560000"
+ "05279fa5d8b5e4ad40e736ddb4d35412"
+ "328063fd2aab53e5ea1e0a9f332500a5"
+ "df9487d07a5c92cc512c8866c7e860ce"
+ "93fdf166a24912b422976146ae20ce84"
+ "6bb7dc9ba94a767aaef20c0d61ad0265"
+ "5ea92dc4c4e41a8952c651d33174be51"
+ "a10c421110e6d81588ede82103a252d8"
+ "a750e8768defffed9122810aaeb99f91"
+ "72af82b604dc4b8e51bcb08235a6f434"
+ "1332e4ca60482a4ba1a03b3e65008fc5"
+ "da76b70bf1690db4eae29c5f1badd03c"
+ "5ccf2a55d705ddcd86d449511ceb7ec3"
+ "0bf12b1fa35b913f9f747a8afd1b130e"
+ "94bff94effd01a91735ca1726acd0b19"
+ "7c4e5b03393697e126826fb6bbde8ecc"
+ "1e08298516e2c9ed03ff3c1b7860f6de"
+ "76d4cecd94c8119855ef5297ca67e9f3"
+ "e7ff72b1e99785ca0a7e7720c5b36dc6"
+ "d72cac9574c8cbbc2f801e23e56fd344"
+ "b07f22154beba0f08ce8891e643ed995"
+ "c94d9a69c9f1b5f499027a78572aeebd"
+ "74d20cc39881c213ee770b1010e4bea7"
+ "18846977ae119f7a023ab58cca0ad752"
+ "afe656bb3c17256a9f6e9bf19fdd5a38"
+ "fc82bbe872c5539edb609ef4f79c203e"
+ "bb140f2e583cb2ad15b4aa5b655016a8"
+ "449277dbd477ef2c8d6c017db738b18d"
+ "eb4a427d1923ce3ff262735779a418f2"
+ "0a282df920147beabe421ee5319d0568",
+ },
};
@@ -251,7 +456,11 @@ static void test_cipher(const void *opaque)
blocksize = qcrypto_cipher_get_block_len(data->alg);
ivsize = qcrypto_cipher_get_iv_len(data->alg, data->mode);
- g_assert_cmpint(keysize, ==, nkey);
+ if (data->mode == QCRYPTO_CIPHER_MODE_XTS) {
+ g_assert_cmpint(keysize * 2, ==, nkey);
+ } else {
+ g_assert_cmpint(keysize, ==, nkey);
+ }
g_assert_cmpint(ivsize, ==, niv);
if (niv) {
g_assert_cmpint(blocksize, ==, niv);
@@ -380,7 +589,9 @@ int main(int argc, char **argv)
g_assert(qcrypto_init(NULL) == 0);
for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
- g_test_add_data_func(test_data[i].path, &test_data[i], test_cipher);
+ if (qcrypto_cipher_supports(test_data[i].alg)) {
+ g_test_add_data_func(test_data[i].path, &test_data[i], test_cipher);
+ }
}
g_test_add_func("/crypto/cipher/null-iv",
diff --git a/tests/test-crypto-ivgen.c b/tests/test-crypto-ivgen.c
new file mode 100644
index 0000000000..96129da367
--- /dev/null
+++ b/tests/test-crypto-ivgen.c
@@ -0,0 +1,173 @@
+/*
+ * QEMU Crypto IV generator algorithms
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "crypto/ivgen.h"
+
+
+struct QCryptoIVGenTestData {
+ const char *path;
+ uint64_t sector;
+ QCryptoIVGenAlgorithm ivalg;
+ QCryptoHashAlgorithm hashalg;
+ QCryptoCipherAlgorithm cipheralg;
+ const uint8_t *key;
+ size_t nkey;
+ const uint8_t *iv;
+ size_t niv;
+} test_data[] = {
+ /* Small */
+ {
+ "/crypto/ivgen/plain/1",
+ .sector = 0x1,
+ .ivalg = QCRYPTO_IVGEN_ALG_PLAIN,
+ .iv = (const uint8_t *)"\x01\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .niv = 16,
+ },
+ /* Big ! */
+ {
+ "/crypto/ivgen/plain/1f2e3d4c",
+ .sector = 0x1f2e3d4cULL,
+ .ivalg = QCRYPTO_IVGEN_ALG_PLAIN,
+ .iv = (const uint8_t *)"\x4c\x3d\x2e\x1f\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .niv = 16,
+ },
+ /* Truncation */
+ {
+ "/crypto/ivgen/plain/1f2e3d4c5b6a7988",
+ .sector = 0x1f2e3d4c5b6a7988ULL,
+ .ivalg = QCRYPTO_IVGEN_ALG_PLAIN,
+ .iv = (const uint8_t *)"\x88\x79\x6a\x5b\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .niv = 16,
+ },
+ /* Small */
+ {
+ "/crypto/ivgen/plain64/1",
+ .sector = 0x1,
+ .ivalg = QCRYPTO_IVGEN_ALG_PLAIN64,
+ .iv = (const uint8_t *)"\x01\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .niv = 16,
+ },
+ /* Big ! */
+ {
+ "/crypto/ivgen/plain64/1f2e3d4c",
+ .sector = 0x1f2e3d4cULL,
+ .ivalg = QCRYPTO_IVGEN_ALG_PLAIN64,
+ .iv = (const uint8_t *)"\x4c\x3d\x2e\x1f\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .niv = 16,
+ },
+ /* No Truncation */
+ {
+ "/crypto/ivgen/plain64/1f2e3d4c5b6a7988",
+ .sector = 0x1f2e3d4c5b6a7988ULL,
+ .ivalg = QCRYPTO_IVGEN_ALG_PLAIN64,
+ .iv = (const uint8_t *)"\x88\x79\x6a\x5b\x4c\x3d\x2e\x1f"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .niv = 16,
+ },
+ /* Small */
+ {
+ "/crypto/ivgen/essiv/1",
+ .sector = 0x1,
+ .ivalg = QCRYPTO_IVGEN_ALG_ESSIV,
+ .cipheralg = QCRYPTO_CIPHER_ALG_AES_128,
+ .hashalg = QCRYPTO_HASH_ALG_SHA256,
+ .key = (const uint8_t *)"\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .nkey = 16,
+ .iv = (const uint8_t *)"\xd4\x83\x71\xb2\xa1\x94\x53\x88"
+ "\x1c\x7a\x2d\06\x2d\x0b\x65\x46",
+ .niv = 16,
+ },
+ /* Big ! */
+ {
+ "/crypto/ivgen/essiv/1f2e3d4c",
+ .sector = 0x1f2e3d4cULL,
+ .ivalg = QCRYPTO_IVGEN_ALG_ESSIV,
+ .cipheralg = QCRYPTO_CIPHER_ALG_AES_128,
+ .hashalg = QCRYPTO_HASH_ALG_SHA256,
+ .key = (const uint8_t *)"\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .nkey = 16,
+ .iv = (const uint8_t *)"\x5d\x36\x09\x5d\xc6\x9e\x5e\xe9"
+ "\xe3\x02\x8d\xd8\x7a\x3d\xe7\x8f",
+ .niv = 16,
+ },
+ /* No Truncation */
+ {
+ "/crypto/ivgen/essiv/1f2e3d4c5b6a7988",
+ .sector = 0x1f2e3d4c5b6a7988ULL,
+ .ivalg = QCRYPTO_IVGEN_ALG_ESSIV,
+ .cipheralg = QCRYPTO_CIPHER_ALG_AES_128,
+ .hashalg = QCRYPTO_HASH_ALG_SHA256,
+ .key = (const uint8_t *)"\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .nkey = 16,
+ .iv = (const uint8_t *)"\x58\xbb\x81\x94\x51\x83\x23\x23"
+ "\x7a\x08\x93\xa9\xdc\xd2\xd9\xab",
+ .niv = 16,
+ },
+};
+
+
+static void test_ivgen(const void *opaque)
+{
+ const struct QCryptoIVGenTestData *data = opaque;
+ uint8_t *iv = g_new0(uint8_t, data->niv);
+ QCryptoIVGen *ivgen = qcrypto_ivgen_new(
+ data->ivalg,
+ data->cipheralg,
+ data->hashalg,
+ data->key,
+ data->nkey,
+ &error_abort);
+
+ qcrypto_ivgen_calculate(ivgen,
+ data->sector,
+ iv,
+ data->niv,
+ &error_abort);
+
+ g_assert(memcmp(iv, data->iv, data->niv) == 0);
+
+ qcrypto_ivgen_free(ivgen);
+ g_free(iv);
+}
+
+int main(int argc, char **argv)
+{
+ size_t i;
+ g_test_init(&argc, &argv, NULL);
+ for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
+ if (test_data[i].ivalg == QCRYPTO_IVGEN_ALG_ESSIV &&
+ !qcrypto_hash_supports(test_data[i].hashalg)) {
+ continue;
+ }
+ g_test_add_data_func(test_data[i].path,
+ &(test_data[i]),
+ test_ivgen);
+ }
+ return g_test_run();
+}
diff --git a/tests/test-crypto-pbkdf.c b/tests/test-crypto-pbkdf.c
new file mode 100644
index 0000000000..bb9c14c110
--- /dev/null
+++ b/tests/test-crypto-pbkdf.c
@@ -0,0 +1,392 @@
+/*
+ * QEMU Crypto cipher algorithms
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "crypto/init.h"
+#ifndef _WIN32
+#include <sys/resource.h>
+#endif
+
+#if ((defined(CONFIG_NETTLE) || defined(CONFIG_GCRYPT)) && \
+ (defined(_WIN32) || defined(RUSAGE_THREAD)))
+#include "crypto/pbkdf.h"
+
+typedef struct QCryptoPbkdfTestData QCryptoPbkdfTestData;
+struct QCryptoPbkdfTestData {
+ const char *path;
+ QCryptoHashAlgorithm hash;
+ unsigned int iterations;
+ const char *key;
+ size_t nkey;
+ const char *salt;
+ size_t nsalt;
+ const char *out;
+ size_t nout;
+ bool slow;
+};
+
+/* This test data comes from cryptsetup package
+ *
+ * $SRC/lib/crypto_backend/pbkdf2_generic.c
+ *
+ * under LGPLv2.1+ license
+ */
+static QCryptoPbkdfTestData test_data[] = {
+ /* RFC 3962 test data */
+ {
+ .path = "/crypto/pbkdf/rfc3962/sha1/iter1",
+ .hash = QCRYPTO_HASH_ALG_SHA1,
+ .iterations = 1,
+ .key = "password",
+ .nkey = 8,
+ .salt = "ATHENA.MIT.EDUraeburn",
+ .nsalt = 21,
+ .out = "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01"
+ "\x56\x5a\x11\x22\xb2\x56\x35\x15"
+ "\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3"
+ "\x33\xec\xc0\xe2\xe1\xf7\x08\x37",
+ .nout = 32
+ },
+ {
+ .path = "/crypto/pbkdf/rfc3962/sha1/iter2",
+ .hash = QCRYPTO_HASH_ALG_SHA1,
+ .iterations = 2,
+ .key = "password",
+ .nkey = 8,
+ .salt = "ATHENA.MIT.EDUraeburn",
+ .nsalt = 21,
+ .out = "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e"
+ "\x98\x8b\x62\xc7\x3c\xda\x93\x5d"
+ "\xa0\x53\x78\xb9\x32\x44\xec\x8f"
+ "\x48\xa9\x9e\x61\xad\x79\x9d\x86",
+ .nout = 32
+ },
+ {
+ .path = "/crypto/pbkdf/rfc3962/sha1/iter1200a",
+ .hash = QCRYPTO_HASH_ALG_SHA1,
+ .iterations = 1200,
+ .key = "password",
+ .nkey = 8,
+ .salt = "ATHENA.MIT.EDUraeburn",
+ .nsalt = 21,
+ .out = "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e"
+ "\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b"
+ "\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f"
+ "\x70\x8a\x31\xe2\xe6\x2b\x1e\x13",
+ .nout = 32
+ },
+ {
+ .path = "/crypto/pbkdf/rfc3962/sha1/iter5",
+ .hash = QCRYPTO_HASH_ALG_SHA1,
+ .iterations = 5,
+ .key = "password",
+ .nkey = 8,
+ .salt = "\0224VxxV4\022", /* "\x1234567878563412 */
+ .nsalt = 8,
+ .out = "\xd1\xda\xa7\x86\x15\xf2\x87\xe6"
+ "\xa1\xc8\xb1\x20\xd7\x06\x2a\x49"
+ "\x3f\x98\xd2\x03\xe6\xbe\x49\xa6"
+ "\xad\xf4\xfa\x57\x4b\x6e\x64\xee",
+ .nout = 32
+ },
+ {
+ .path = "/crypto/pbkdf/rfc3962/sha1/iter1200b",
+ .hash = QCRYPTO_HASH_ALG_SHA1,
+ .iterations = 1200,
+ .key = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ .nkey = 64,
+ .salt = "pass phrase equals block size",
+ .nsalt = 29,
+ .out = "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b"
+ "\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9"
+ "\xc5\xec\x59\xf1\xa4\x52\xf5\xcc"
+ "\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1",
+ .nout = 32
+ },
+ {
+ .path = "/crypto/pbkdf/rfc3962/sha1/iter1200c",
+ .hash = QCRYPTO_HASH_ALG_SHA1,
+ .iterations = 1200,
+ .key = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ .nkey = 65,
+ .salt = "pass phrase exceeds block size",
+ .nsalt = 30,
+ .out = "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5"
+ "\x1b\x10\xe6\xa6\x87\x21\xbe\x61"
+ "\x1a\x8b\x4d\x28\x26\x01\xdb\x3b"
+ "\x36\xbe\x92\x46\x91\x5e\xc8\x2a",
+ .nout = 32
+ },
+ {
+ .path = "/crypto/pbkdf/rfc3962/sha1/iter50",
+ .hash = QCRYPTO_HASH_ALG_SHA1,
+ .iterations = 50,
+ .key = "\360\235\204\236", /* g-clef ("\xf09d849e) */
+ .nkey = 4,
+ .salt = "EXAMPLE.COMpianist",
+ .nsalt = 18,
+ .out = "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43"
+ "\xa5\xb8\xbb\x27\x6a\x40\x3b\x39"
+ "\xe7\xfe\x37\xa0\xc4\x1e\x02\xc2"
+ "\x81\xff\x30\x69\xe1\xe9\x4f\x52",
+ .nout = 32
+ },
+
+ /* RFC-6070 test data */
+ {
+ .path = "/crypto/pbkdf/rfc6070/sha1/iter1",
+ .hash = QCRYPTO_HASH_ALG_SHA1,
+ .iterations = 1,
+ .key = "password",
+ .nkey = 8,
+ .salt = "salt",
+ .nsalt = 4,
+ .out = "\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9"
+ "\xb5\x24\xaf\x60\x12\x06\x2f\xe0\x37\xa6",
+ .nout = 20
+ },
+ {
+ .path = "/crypto/pbkdf/rfc6070/sha1/iter2",
+ .hash = QCRYPTO_HASH_ALG_SHA1,
+ .iterations = 2,
+ .key = "password",
+ .nkey = 8,
+ .salt = "salt",
+ .nsalt = 4,
+ .out = "\xea\x6c\x01\x4d\xc7\x2d\x6f\x8c\xcd\x1e"
+ "\xd9\x2a\xce\x1d\x41\xf0\xd8\xde\x89\x57",
+ .nout = 20
+ },
+ {
+ .path = "/crypto/pbkdf/rfc6070/sha1/iter4096",
+ .hash = QCRYPTO_HASH_ALG_SHA1,
+ .iterations = 4096,
+ .key = "password",
+ .nkey = 8,
+ .salt = "salt",
+ .nsalt = 4,
+ .out = "\x4b\x00\x79\x01\xb7\x65\x48\x9a\xbe\xad"
+ "\x49\xd9\x26\xf7\x21\xd0\x65\xa4\x29\xc1",
+ .nout = 20
+ },
+ {
+ .path = "/crypto/pbkdf/rfc6070/sha1/iter16777216",
+ .hash = QCRYPTO_HASH_ALG_SHA1,
+ .iterations = 16777216,
+ .key = "password",
+ .nkey = 8,
+ .salt = "salt",
+ .nsalt = 4,
+ .out = "\xee\xfe\x3d\x61\xcd\x4d\xa4\xe4\xe9\x94"
+ "\x5b\x3d\x6b\xa2\x15\x8c\x26\x34\xe9\x84",
+ .nout = 20,
+ .slow = true,
+ },
+ {
+ .path = "/crypto/pbkdf/rfc6070/sha1/iter4096a",
+ .hash = QCRYPTO_HASH_ALG_SHA1,
+ .iterations = 4096,
+ .key = "passwordPASSWORDpassword",
+ .nkey = 24,
+ .salt = "saltSALTsaltSALTsaltSALTsaltSALTsalt",
+ .nsalt = 36,
+ .out = "\x3d\x2e\xec\x4f\xe4\x1c\x84\x9b\x80\xc8"
+ "\xd8\x36\x62\xc0\xe4\x4a\x8b\x29\x1a\x96"
+ "\x4c\xf2\xf0\x70\x38",
+ .nout = 25
+ },
+ {
+ .path = "/crypto/pbkdf/rfc6070/sha1/iter4096b",
+ .hash = QCRYPTO_HASH_ALG_SHA1,
+ .iterations = 4096,
+ .key = "pass\0word",
+ .nkey = 9,
+ .salt = "sa\0lt",
+ .nsalt = 5,
+ .out = "\x56\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37"
+ "\xd7\xf0\x34\x25\xe0\xc3",
+ .nout = 16
+ },
+
+ /* non-RFC misc test data */
+#ifdef CONFIG_NETTLE
+ {
+ /* empty password test.
+ * Broken with libgcrypt <= 1.5.0, hence CONFIG_NETTLE */
+ .path = "/crypto/pbkdf/nonrfc/sha1/iter2",
+ .hash = QCRYPTO_HASH_ALG_SHA1,
+ .iterations = 2,
+ .key = "",
+ .nkey = 0,
+ .salt = "salt",
+ .nsalt = 4,
+ .out = "\x13\x3a\x4c\xe8\x37\xb4\xd2\x52\x1e\xe2"
+ "\xbf\x03\xe1\x1c\x71\xca\x79\x4e\x07\x97",
+ .nout = 20
+ },
+#endif
+ {
+ /* Password exceeds block size test */
+ .path = "/crypto/pbkdf/nonrfc/sha256/iter1200",
+ .hash = QCRYPTO_HASH_ALG_SHA256,
+ .iterations = 1200,
+ .key = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ .nkey = 65,
+ .salt = "pass phrase exceeds block size",
+ .nsalt = 30,
+ .out = "\x22\x34\x4b\xc4\xb6\xe3\x26\x75"
+ "\xa8\x09\x0f\x3e\xa8\x0b\xe0\x1d"
+ "\x5f\x95\x12\x6a\x2c\xdd\xc3\xfa"
+ "\xcc\x4a\x5e\x6d\xca\x04\xec\x58",
+ .nout = 32
+ },
+#if 0
+ {
+ .path = "/crypto/pbkdf/nonrfc/sha512/iter1200",
+ .hash = QCRYPTO_HASH_ALG_SHA512,
+ .iterations = 1200,
+ .key = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ .nkey = 129,
+ .salt = "pass phrase exceeds block size",
+ .nsalt = 30,
+ .out = "\x0f\xb2\xed\x2c\x0e\x6e\xfb\x7d"
+ "\x7d\x8e\xdd\x58\x01\xb4\x59\x72"
+ "\x99\x92\x16\x30\x5e\xa4\x36\x8d"
+ "\x76\x14\x80\xf3\xe3\x7a\x22\xb9",
+ .nout = 32
+ },
+ {
+ .path = "/crypto/pbkdf/nonrfc/whirlpool/iter1200",
+ .hash = QCRYPTO_HASH_ALG_WHIRLPOOL,
+ .iterations = 1200,
+ .key = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+ "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ .nkey = 65,
+ .salt = "pass phrase exceeds block size",
+ .nsalt = 30,
+ .out = "\x9c\x1c\x74\xf5\x88\x26\xe7\x6a"
+ "\x53\x58\xf4\x0c\x39\xe7\x80\x89"
+ "\x07\xc0\x31\x19\x9a\x50\xa2\x48"
+ "\xf1\xd9\xfe\x78\x64\xe5\x84\x50",
+ .nout = 32
+ }
+#endif
+};
+
+
+static inline char hex(int i)
+{
+ if (i < 10) {
+ return '0' + i;
+ }
+ return 'a' + (i - 10);
+}
+
+static char *hex_string(const uint8_t *bytes,
+ size_t len)
+{
+ char *hexstr = g_new0(char, len * 2 + 1);
+ size_t i;
+
+ for (i = 0; i < len; i++) {
+ hexstr[i * 2] = hex((bytes[i] >> 4) & 0xf);
+ hexstr[i * 2 + 1] = hex(bytes[i] & 0xf);
+ }
+ hexstr[len * 2] = '\0';
+
+ return hexstr;
+}
+
+static void test_pbkdf(const void *opaque)
+{
+ const QCryptoPbkdfTestData *data = opaque;
+ size_t nout = data->nout;
+ uint8_t *out = g_new0(uint8_t, nout);
+ gchar *expect, *actual;
+
+ qcrypto_pbkdf2(data->hash,
+ (uint8_t *)data->key, data->nkey,
+ (uint8_t *)data->salt, data->nsalt,
+ data->iterations,
+ (uint8_t *)out, nout,
+ &error_abort);
+
+ expect = hex_string((const uint8_t *)data->out, data->nout);
+ actual = hex_string(out, nout);
+
+ g_assert_cmpstr(actual, ==, expect);
+
+ g_free(actual);
+ g_free(expect);
+ g_free(out);
+}
+
+
+static void test_pbkdf_timing(void)
+{
+ uint8_t key[32];
+ uint8_t salt[32];
+ int iters;
+
+ memset(key, 0x5d, sizeof(key));
+ memset(salt, 0x7c, sizeof(salt));
+
+ iters = qcrypto_pbkdf2_count_iters(QCRYPTO_HASH_ALG_SHA256,
+ key, sizeof(key),
+ salt, sizeof(salt),
+ &error_abort);
+
+ g_assert(iters >= (1 << 15));
+}
+
+
+int main(int argc, char **argv)
+{
+ size_t i;
+
+ g_test_init(&argc, &argv, NULL);
+
+ g_assert(qcrypto_init(NULL) == 0);
+
+ for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
+ if (!test_data[i].slow ||
+ g_test_slow()) {
+ g_test_add_data_func(test_data[i].path, &test_data[i], test_pbkdf);
+ }
+ }
+
+ if (g_test_slow()) {
+ g_test_add_func("/crypt0/pbkdf/timing", test_pbkdf_timing);
+ }
+
+ return g_test_run();
+}
+#else
+int main(int argc, char **argv)
+{
+ return 0;
+}
+#endif
diff --git a/tests/test-crypto-xts.c b/tests/test-crypto-xts.c
new file mode 100644
index 0000000000..7f68b063cd
--- /dev/null
+++ b/tests/test-crypto-xts.c
@@ -0,0 +1,423 @@
+/*
+ * QEMU Crypto XTS cipher mode
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * This code is originally derived from public domain / WTFPL code in
+ * LibTomCrypt crytographic library http://libtom.org. The XTS code
+ * was donated by Elliptic Semiconductor Inc (www.ellipticsemi.com)
+ * to the LibTom Projects
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "crypto/init.h"
+#include "crypto/xts.h"
+#include "crypto/aes.h"
+
+typedef struct {
+ const char *path;
+ int keylen;
+ unsigned char key1[32];
+ unsigned char key2[32];
+ uint64_t seqnum;
+ unsigned long PTLEN;
+ unsigned char PTX[512], CTX[512];
+} QCryptoXTSTestData;
+
+static const QCryptoXTSTestData test_data[] = {
+ /* #1 32 byte key, 32 byte PTX */
+ {
+ "/crypto/xts/t-1-key-32-ptx-32",
+ 32,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ 0,
+ 32,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x91, 0x7c, 0xf6, 0x9e, 0xbd, 0x68, 0xb2, 0xec,
+ 0x9b, 0x9f, 0xe9, 0xa3, 0xea, 0xdd, 0xa6, 0x92,
+ 0xcd, 0x43, 0xd2, 0xf5, 0x95, 0x98, 0xed, 0x85,
+ 0x8c, 0x02, 0xc2, 0x65, 0x2f, 0xbf, 0x92, 0x2e },
+ },
+
+ /* #2, 32 byte key, 32 byte PTX */
+ {
+ "/crypto/xts/t-2-key-32-ptx-32",
+ 32,
+ { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+ 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 },
+ { 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
+ 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 },
+ 0x3333333333LL,
+ 32,
+ { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
+ 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
+ 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
+ 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
+ { 0xc4, 0x54, 0x18, 0x5e, 0x6a, 0x16, 0x93, 0x6e,
+ 0x39, 0x33, 0x40, 0x38, 0xac, 0xef, 0x83, 0x8b,
+ 0xfb, 0x18, 0x6f, 0xff, 0x74, 0x80, 0xad, 0xc4,
+ 0x28, 0x93, 0x82, 0xec, 0xd6, 0xd3, 0x94, 0xf0 },
+ },
+
+ /* #5 from xts.7, 32 byte key, 32 byte PTX */
+ {
+ "/crypto/xts/t-5-key-32-ptx-32",
+ 32,
+ { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
+ 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 },
+ { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8,
+ 0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 },
+ 0x123456789aLL,
+ 32,
+ { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
+ 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
+ 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
+ 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
+ { 0xb0, 0x1f, 0x86, 0xf8, 0xed, 0xc1, 0x86, 0x37,
+ 0x06, 0xfa, 0x8a, 0x42, 0x53, 0xe3, 0x4f, 0x28,
+ 0xaf, 0x31, 0x9d, 0xe3, 0x83, 0x34, 0x87, 0x0f,
+ 0x4d, 0xd1, 0xf9, 0x4c, 0xbe, 0x98, 0x32, 0xf1 },
+ },
+
+ /* #4, 32 byte key, 512 byte PTX */
+ {
+ "/crypto/xts/t-4-key-32-ptx-512",
+ 32,
+ { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45,
+ 0x23, 0x53, 0x60, 0x28, 0x74, 0x71, 0x35, 0x26 },
+ { 0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93,
+ 0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95 },
+ 0,
+ 512,
+ {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+ 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+ 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+ 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+ 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+ 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+ 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
+ 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+ 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+ 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
+ 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+ 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
+ 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+ 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+ 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+ 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+ 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+ 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+ 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+ 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
+ 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+ 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+ 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
+ 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+ 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
+ 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+ 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
+ },
+ {
+ 0x27, 0xa7, 0x47, 0x9b, 0xef, 0xa1, 0xd4, 0x76,
+ 0x48, 0x9f, 0x30, 0x8c, 0xd4, 0xcf, 0xa6, 0xe2,
+ 0xa9, 0x6e, 0x4b, 0xbe, 0x32, 0x08, 0xff, 0x25,
+ 0x28, 0x7d, 0xd3, 0x81, 0x96, 0x16, 0xe8, 0x9c,
+ 0xc7, 0x8c, 0xf7, 0xf5, 0xe5, 0x43, 0x44, 0x5f,
+ 0x83, 0x33, 0xd8, 0xfa, 0x7f, 0x56, 0x00, 0x00,
+ 0x05, 0x27, 0x9f, 0xa5, 0xd8, 0xb5, 0xe4, 0xad,
+ 0x40, 0xe7, 0x36, 0xdd, 0xb4, 0xd3, 0x54, 0x12,
+ 0x32, 0x80, 0x63, 0xfd, 0x2a, 0xab, 0x53, 0xe5,
+ 0xea, 0x1e, 0x0a, 0x9f, 0x33, 0x25, 0x00, 0xa5,
+ 0xdf, 0x94, 0x87, 0xd0, 0x7a, 0x5c, 0x92, 0xcc,
+ 0x51, 0x2c, 0x88, 0x66, 0xc7, 0xe8, 0x60, 0xce,
+ 0x93, 0xfd, 0xf1, 0x66, 0xa2, 0x49, 0x12, 0xb4,
+ 0x22, 0x97, 0x61, 0x46, 0xae, 0x20, 0xce, 0x84,
+ 0x6b, 0xb7, 0xdc, 0x9b, 0xa9, 0x4a, 0x76, 0x7a,
+ 0xae, 0xf2, 0x0c, 0x0d, 0x61, 0xad, 0x02, 0x65,
+ 0x5e, 0xa9, 0x2d, 0xc4, 0xc4, 0xe4, 0x1a, 0x89,
+ 0x52, 0xc6, 0x51, 0xd3, 0x31, 0x74, 0xbe, 0x51,
+ 0xa1, 0x0c, 0x42, 0x11, 0x10, 0xe6, 0xd8, 0x15,
+ 0x88, 0xed, 0xe8, 0x21, 0x03, 0xa2, 0x52, 0xd8,
+ 0xa7, 0x50, 0xe8, 0x76, 0x8d, 0xef, 0xff, 0xed,
+ 0x91, 0x22, 0x81, 0x0a, 0xae, 0xb9, 0x9f, 0x91,
+ 0x72, 0xaf, 0x82, 0xb6, 0x04, 0xdc, 0x4b, 0x8e,
+ 0x51, 0xbc, 0xb0, 0x82, 0x35, 0xa6, 0xf4, 0x34,
+ 0x13, 0x32, 0xe4, 0xca, 0x60, 0x48, 0x2a, 0x4b,
+ 0xa1, 0xa0, 0x3b, 0x3e, 0x65, 0x00, 0x8f, 0xc5,
+ 0xda, 0x76, 0xb7, 0x0b, 0xf1, 0x69, 0x0d, 0xb4,
+ 0xea, 0xe2, 0x9c, 0x5f, 0x1b, 0xad, 0xd0, 0x3c,
+ 0x5c, 0xcf, 0x2a, 0x55, 0xd7, 0x05, 0xdd, 0xcd,
+ 0x86, 0xd4, 0x49, 0x51, 0x1c, 0xeb, 0x7e, 0xc3,
+ 0x0b, 0xf1, 0x2b, 0x1f, 0xa3, 0x5b, 0x91, 0x3f,
+ 0x9f, 0x74, 0x7a, 0x8a, 0xfd, 0x1b, 0x13, 0x0e,
+ 0x94, 0xbf, 0xf9, 0x4e, 0xff, 0xd0, 0x1a, 0x91,
+ 0x73, 0x5c, 0xa1, 0x72, 0x6a, 0xcd, 0x0b, 0x19,
+ 0x7c, 0x4e, 0x5b, 0x03, 0x39, 0x36, 0x97, 0xe1,
+ 0x26, 0x82, 0x6f, 0xb6, 0xbb, 0xde, 0x8e, 0xcc,
+ 0x1e, 0x08, 0x29, 0x85, 0x16, 0xe2, 0xc9, 0xed,
+ 0x03, 0xff, 0x3c, 0x1b, 0x78, 0x60, 0xf6, 0xde,
+ 0x76, 0xd4, 0xce, 0xcd, 0x94, 0xc8, 0x11, 0x98,
+ 0x55, 0xef, 0x52, 0x97, 0xca, 0x67, 0xe9, 0xf3,
+ 0xe7, 0xff, 0x72, 0xb1, 0xe9, 0x97, 0x85, 0xca,
+ 0x0a, 0x7e, 0x77, 0x20, 0xc5, 0xb3, 0x6d, 0xc6,
+ 0xd7, 0x2c, 0xac, 0x95, 0x74, 0xc8, 0xcb, 0xbc,
+ 0x2f, 0x80, 0x1e, 0x23, 0xe5, 0x6f, 0xd3, 0x44,
+ 0xb0, 0x7f, 0x22, 0x15, 0x4b, 0xeb, 0xa0, 0xf0,
+ 0x8c, 0xe8, 0x89, 0x1e, 0x64, 0x3e, 0xd9, 0x95,
+ 0xc9, 0x4d, 0x9a, 0x69, 0xc9, 0xf1, 0xb5, 0xf4,
+ 0x99, 0x02, 0x7a, 0x78, 0x57, 0x2a, 0xee, 0xbd,
+ 0x74, 0xd2, 0x0c, 0xc3, 0x98, 0x81, 0xc2, 0x13,
+ 0xee, 0x77, 0x0b, 0x10, 0x10, 0xe4, 0xbe, 0xa7,
+ 0x18, 0x84, 0x69, 0x77, 0xae, 0x11, 0x9f, 0x7a,
+ 0x02, 0x3a, 0xb5, 0x8c, 0xca, 0x0a, 0xd7, 0x52,
+ 0xaf, 0xe6, 0x56, 0xbb, 0x3c, 0x17, 0x25, 0x6a,
+ 0x9f, 0x6e, 0x9b, 0xf1, 0x9f, 0xdd, 0x5a, 0x38,
+ 0xfc, 0x82, 0xbb, 0xe8, 0x72, 0xc5, 0x53, 0x9e,
+ 0xdb, 0x60, 0x9e, 0xf4, 0xf7, 0x9c, 0x20, 0x3e,
+ 0xbb, 0x14, 0x0f, 0x2e, 0x58, 0x3c, 0xb2, 0xad,
+ 0x15, 0xb4, 0xaa, 0x5b, 0x65, 0x50, 0x16, 0xa8,
+ 0x44, 0x92, 0x77, 0xdb, 0xd4, 0x77, 0xef, 0x2c,
+ 0x8d, 0x6c, 0x01, 0x7d, 0xb7, 0x38, 0xb1, 0x8d,
+ 0xeb, 0x4a, 0x42, 0x7d, 0x19, 0x23, 0xce, 0x3f,
+ 0xf2, 0x62, 0x73, 0x57, 0x79, 0xa4, 0x18, 0xf2,
+ 0x0a, 0x28, 0x2d, 0xf9, 0x20, 0x14, 0x7b, 0xea,
+ 0xbe, 0x42, 0x1e, 0xe5, 0x31, 0x9d, 0x05, 0x68,
+ }
+ },
+
+ /* #7, 32 byte key, 17 byte PTX */
+ {
+ "/crypto/xts/t-7-key-32-ptx-17",
+ 32,
+ { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
+ 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 },
+ { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8,
+ 0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 },
+ 0x123456789aLL,
+ 17,
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 },
+ { 0x6c, 0x16, 0x25, 0xdb, 0x46, 0x71, 0x52, 0x2d,
+ 0x3d, 0x75, 0x99, 0x60, 0x1d, 0xe7, 0xca, 0x09, 0xed },
+ },
+
+ /* #15, 32 byte key, 25 byte PTX */
+ {
+ "/crypto/xts/t-15-key-32-ptx-25",
+ 32,
+ { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
+ 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 },
+ { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8,
+ 0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 },
+ 0x123456789aLL,
+ 25,
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18 },
+ { 0x8f, 0x4d, 0xcb, 0xad, 0x55, 0x55, 0x8d, 0x7b,
+ 0x4e, 0x01, 0xd9, 0x37, 0x9c, 0xd4, 0xea, 0x22,
+ 0xed, 0xbf, 0x9d, 0xac, 0xe4, 0x5d, 0x6f, 0x6a, 0x73 },
+ },
+
+ /* #21, 32 byte key, 31 byte PTX */
+ {
+ "/crypto/xts/t-21-key-32-ptx-31",
+ 32,
+ { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
+ 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 },
+ { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8,
+ 0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 },
+ 0x123456789aLL,
+ 31,
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e },
+ { 0xd0, 0x5b, 0xc0, 0x90, 0xa8, 0xe0, 0x4f, 0x1b,
+ 0x3d, 0x3e, 0xcd, 0xd5, 0xba, 0xec, 0x0f, 0xd4,
+ 0xed, 0xbf, 0x9d, 0xac, 0xe4, 0x5d, 0x6f, 0x6a,
+ 0x73, 0x06, 0xe6, 0x4b, 0xe5, 0xdd, 0x82 },
+ },
+};
+
+#define STORE64L(x, y) \
+ do { \
+ (y)[7] = (unsigned char)(((x) >> 56) & 255); \
+ (y)[6] = (unsigned char)(((x) >> 48) & 255); \
+ (y)[5] = (unsigned char)(((x) >> 40) & 255); \
+ (y)[4] = (unsigned char)(((x) >> 32) & 255); \
+ (y)[3] = (unsigned char)(((x) >> 24) & 255); \
+ (y)[2] = (unsigned char)(((x) >> 16) & 255); \
+ (y)[1] = (unsigned char)(((x) >> 8) & 255); \
+ (y)[0] = (unsigned char)((x) & 255); \
+ } while (0)
+
+struct TestAES {
+ AES_KEY enc;
+ AES_KEY dec;
+};
+
+static void test_xts_aes_encrypt(const void *ctx,
+ size_t length,
+ uint8_t *dst,
+ const uint8_t *src)
+{
+ const struct TestAES *aesctx = ctx;
+
+ AES_encrypt(src, dst, &aesctx->enc);
+}
+
+
+static void test_xts_aes_decrypt(const void *ctx,
+ size_t length,
+ uint8_t *dst,
+ const uint8_t *src)
+{
+ const struct TestAES *aesctx = ctx;
+
+ AES_decrypt(src, dst, &aesctx->dec);
+}
+
+
+static void test_xts(const void *opaque)
+{
+ const QCryptoXTSTestData *data = opaque;
+ unsigned char OUT[512], Torg[16], T[16];
+ uint64_t seq;
+ int j;
+ unsigned long len;
+ struct TestAES aesdata;
+ struct TestAES aestweak;
+
+ for (j = 0; j < 2; j++) {
+ /* skip the cases where
+ * the length is smaller than 2*blocklen
+ * or the length is not a multiple of 32
+ */
+ if ((j == 1) && ((data->PTLEN < 32) || (data->PTLEN % 32))) {
+ continue;
+ }
+ len = data->PTLEN / 2;
+
+ AES_set_encrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.enc);
+ AES_set_decrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.dec);
+ AES_set_encrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.enc);
+ AES_set_decrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.dec);
+
+ seq = data->seqnum;
+ STORE64L(seq, Torg);
+ memset(Torg + 8, 0, 8);
+
+ memcpy(T, Torg, sizeof(T));
+ if (j == 0) {
+ xts_encrypt(&aesdata, &aestweak,
+ test_xts_aes_encrypt,
+ test_xts_aes_decrypt,
+ T, data->PTLEN, OUT, data->PTX);
+ } else {
+ xts_encrypt(&aesdata, &aestweak,
+ test_xts_aes_encrypt,
+ test_xts_aes_decrypt,
+ T, len, OUT, data->PTX);
+ xts_encrypt(&aesdata, &aestweak,
+ test_xts_aes_encrypt,
+ test_xts_aes_decrypt,
+ T, len, &OUT[len], &data->PTX[len]);
+ }
+
+ g_assert(memcmp(OUT, data->CTX, data->PTLEN) == 0);
+
+ memcpy(T, Torg, sizeof(T));
+ if (j == 0) {
+ xts_decrypt(&aesdata, &aestweak,
+ test_xts_aes_encrypt,
+ test_xts_aes_decrypt,
+ T, data->PTLEN, OUT, data->CTX);
+ } else {
+ xts_decrypt(&aesdata, &aestweak,
+ test_xts_aes_encrypt,
+ test_xts_aes_decrypt,
+ T, len, OUT, data->CTX);
+ xts_decrypt(&aesdata, &aestweak,
+ test_xts_aes_encrypt,
+ test_xts_aes_decrypt,
+ T, len, &OUT[len], &data->CTX[len]);
+ }
+
+ g_assert(memcmp(OUT, data->PTX, data->PTLEN) == 0);
+ }
+}
+
+
+int main(int argc, char **argv)
+{
+ size_t i;
+
+ g_test_init(&argc, &argv, NULL);
+
+ g_assert(qcrypto_init(NULL) == 0);
+
+ for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
+ g_test_add_data_func(test_data[i].path, &test_data[i], test_xts);
+ }
+
+ return g_test_run();
+}