Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-net-ipmid / 4cb73595dd5716e8767d1dcab9496ccb4c0dd8f4 / . / test / cipher.cpp
blob: 402a22f4bfa9f85d2148a5f66248b1d74605489f [file] [log] [blame]
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]1#include "crypt_algo.hpp"
2#include "integrity_algo.hpp"
3#include "message_parsers.hpp"
Vernon Mauery9b307be2017-11-22 09:28:16 -0800[diff] [blame]4#include "rmcp.hpp"
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]5
6#include <openssl/evp.h>
7#include <openssl/hmac.h>
8#include <openssl/rand.h>
9#include <openssl/sha.h>
10
11#include <iostream>
12#include <vector>
13
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]14#include <gtest/gtest.h>
15
16TEST(IntegrityAlgo, HMAC_SHA1_96_GenerateIntegrityDataCheck)
17{
18 /*
19 * Step-1 Generate Integrity Data for the packet, using the implemented API
20 */
21 // Packet = RMCP Session Header (4 bytes) + Packet (8 bytes)
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]22 std::vector<uint8_t> packet = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12};
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]23
24 // Hardcoded Session Integrity Key
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]25 std::vector<uint8_t> sik = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
26 11, 12, 13, 14, 15, 16, 17, 18, 19, 20};
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]27
28 auto algoPtr = std::make_unique<cipher::integrity::AlgoSHA1>(sik);
29
30 ASSERT_EQ(true, (algoPtr != NULL));
31
32 // Generate the Integrity Data
33 auto response = algoPtr->generateIntegrityData(packet);
34
35 EXPECT_EQ(true, (response.size() ==
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]36 cipher::integrity::AlgoSHA1::SHA1_96_AUTHCODE_LENGTH));
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]37
38 /*
39 * Step-2 Generate Integrity data using OpenSSL SHA1 algorithm
40 */
Vernon Mauery9b307be2017-11-22 09:28:16 -0800[diff] [blame]41 std::vector<uint8_t> k1(SHA_DIGEST_LENGTH);
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]42 constexpr rmcp::Const_n const1 = {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
43 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
44 0x01, 0x01, 0x01, 0x01, 0x01, 0x01};
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]45
46 // Generated K1 for the integrity algorithm with the additional key keyed
47 // with SIK.
48 unsigned int mdLen = 0;
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]49 if (HMAC(EVP_sha1(), sik.data(), sik.size(), const1.data(), const1.size(),
50 k1.data(), &mdLen) == NULL)
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]51 {
52 FAIL() << "Generating Key1 failed";
53 }
54
55 mdLen = 0;
Vernon Mauery70fd29c2017-11-30 13:11:43 -0800[diff] [blame]56 std::vector<uint8_t> output(SHA_DIGEST_LENGTH);
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]57 size_t length = packet.size() - message::parser::RMCP_SESSION_HEADER_SIZE;
58
Vernon Mauery9b307be2017-11-22 09:28:16 -0800[diff] [blame]59 if (HMAC(EVP_sha1(), k1.data(), k1.size(),
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]60 packet.data() + message::parser::RMCP_SESSION_HEADER_SIZE, length,
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]61 output.data(), &mdLen) == NULL)
62 {
63 FAIL() << "Generating integrity data failed";
64 }
65
66 output.resize(cipher::integrity::AlgoSHA1::SHA1_96_AUTHCODE_LENGTH);
67
68 /*
69 * Step-3 Check if the integrity data we generated using the implemented API
70 * matches with one generated by OpenSSL SHA1 algorithm.
71 */
72 auto check = std::equal(output.begin(), output.end(), response.begin());
73 EXPECT_EQ(true, check);
74}
75
76TEST(IntegrityAlgo, HMAC_SHA1_96_VerifyIntegrityDataPass)
77{
78 /*
79 * Step-1 Generate Integrity data using OpenSSL SHA1 algorithm
80 */
81
82 // Packet = RMCP Session Header (4 bytes) + Packet (8 bytes)
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]83 std::vector<uint8_t> packet = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12};
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]84
85 // Hardcoded Session Integrity Key
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]86 std::vector<uint8_t> sik = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
87 11, 12, 13, 14, 15, 16, 17, 18, 19, 20};
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]88
Vernon Mauery9b307be2017-11-22 09:28:16 -0800[diff] [blame]89 std::vector<uint8_t> k1(SHA_DIGEST_LENGTH);
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]90 constexpr rmcp::Const_n const1 = {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
91 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
92 0x01, 0x01, 0x01, 0x01, 0x01, 0x01};
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]93
94 // Generated K1 for the integrity algorithm with the additional key keyed
95 // with SIK.
96 unsigned int mdLen = 0;
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]97 if (HMAC(EVP_sha1(), sik.data(), sik.size(), const1.data(), const1.size(),
98 k1.data(), &mdLen) == NULL)
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]99 {
100 FAIL() << "Generating Key1 failed";
101 }
102
103 mdLen = 0;
Vernon Mauery70fd29c2017-11-30 13:11:43 -0800[diff] [blame]104 std::vector<uint8_t> output(SHA_DIGEST_LENGTH);
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]105 size_t length = packet.size() - message::parser::RMCP_SESSION_HEADER_SIZE;
106
Vernon Mauery9b307be2017-11-22 09:28:16 -0800[diff] [blame]107 if (HMAC(EVP_sha1(), k1.data(), k1.size(),
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]108 packet.data() + message::parser::RMCP_SESSION_HEADER_SIZE, length,
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]109 output.data(), &mdLen) == NULL)
110 {
111 FAIL() << "Generating integrity data failed";
112 }
113
114 output.resize(cipher::integrity::AlgoSHA1::SHA1_96_AUTHCODE_LENGTH);
115
116 /*
117 * Step-2 Insert the integrity data into the packet
118 */
119 auto packetSize = packet.size();
120 packet.insert(packet.end(), output.begin(), output.end());
121
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]122 // Point to the integrity data in the packet
123 auto integrityIter = packet.cbegin();
124 std::advance(integrityIter, packetSize);
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]125
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]126 /*
127 * Step-3 Invoke the verifyIntegrityData API and validate the response
128 */
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]129
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]130 auto algoPtr = std::make_unique<cipher::integrity::AlgoSHA1>(sik);
131 ASSERT_EQ(true, (algoPtr != NULL));
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]132
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]133 auto check = algoPtr->verifyIntegrityData(
134 packet, packetSize - message::parser::RMCP_SESSION_HEADER_SIZE,
135 integrityIter);
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]136
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]137 EXPECT_EQ(true, check);
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]138}
139
140TEST(IntegrityAlgo, HMAC_SHA1_96_VerifyIntegrityDataFail)
141{
142 /*
143 * Step-1 Add hardcoded Integrity data to the packet
144 */
145
146 // Packet = RMCP Session Header (4 bytes) + Packet (8 bytes)
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]147 std::vector<uint8_t> packet = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12};
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]148
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]149 std::vector<uint8_t> integrity = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12};
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]150
151 packet.insert(packet.end(), integrity.begin(), integrity.end());
152
153 // Point to the integrity data in the packet
154 auto integrityIter = packet.cbegin();
155 std::advance(integrityIter, packet.size());
156
157 /*
158 * Step-2 Invoke the verifyIntegrityData API and validate the response
159 */
160
161 // Hardcoded Session Integrity Key
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]162 std::vector<uint8_t> sik = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
163 11, 12, 13, 14, 15, 16, 17, 18, 19, 20};
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]164
165 auto algoPtr = std::make_unique<cipher::integrity::AlgoSHA1>(sik);
166
167 ASSERT_EQ(true, (algoPtr != NULL));
168
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]169 // Verify the Integrity Data
170 auto check = algoPtr->verifyIntegrityData(
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]171 packet, packet.size() - message::parser::RMCP_SESSION_HEADER_SIZE,
172 integrityIter);
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]173
174 EXPECT_EQ(false, check);
175}
176
Vernon Mauery7e9e2ef2017-11-29 08:36:29 -0800[diff] [blame]177TEST(IntegrityAlgo, HMAC_SHA256_128_GenerateIntegrityDataCheck)
178{
179 /*
180 * Step-1 Generate Integrity Data for the packet, using the implemented API
181 */
182 // Packet = RMCP Session Header (4 bytes) + Packet (8 bytes)
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]183 std::vector<uint8_t> packet = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12};
Vernon Mauery7e9e2ef2017-11-29 08:36:29 -0800[diff] [blame]184
185 // Hardcoded Session Integrity Key
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]186 std::vector<uint8_t> sik = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11,
187 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22,
188 23, 24, 25, 26, 27, 28, 29, 30, 31, 32};
Vernon Mauery7e9e2ef2017-11-29 08:36:29 -0800[diff] [blame]189
190 auto algoPtr = std::make_unique<cipher::integrity::AlgoSHA256>(sik);
191
192 ASSERT_EQ(true, (algoPtr != NULL));
193
194 // Generate the Integrity Data
195 auto response = algoPtr->generateIntegrityData(packet);
196
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]197 EXPECT_EQ(true,
198 (response.size() ==
199 cipher::integrity::AlgoSHA256::SHA256_128_AUTHCODE_LENGTH));
Vernon Mauery7e9e2ef2017-11-29 08:36:29 -0800[diff] [blame]200
201 /*
202 * Step-2 Generate Integrity data using OpenSSL SHA256 algorithm
203 */
204 std::vector<uint8_t> k1(SHA256_DIGEST_LENGTH);
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]205 constexpr rmcp::Const_n const1 = {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
206 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
207 0x01, 0x01, 0x01, 0x01, 0x01, 0x01};
Vernon Mauery7e9e2ef2017-11-29 08:36:29 -0800[diff] [blame]208
209 // Generated K1 for the integrity algorithm with the additional key keyed
210 // with SIK.
211 unsigned int mdLen = 0;
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]212 if (HMAC(EVP_sha256(), sik.data(), sik.size(), const1.data(), const1.size(),
213 k1.data(), &mdLen) == NULL)
Vernon Mauery7e9e2ef2017-11-29 08:36:29 -0800[diff] [blame]214 {
215 FAIL() << "Generating Key1 failed";
216 }
217
218 mdLen = 0;
219 std::vector<uint8_t> output(SHA256_DIGEST_LENGTH);
220 size_t length = packet.size() - message::parser::RMCP_SESSION_HEADER_SIZE;
221
222 if (HMAC(EVP_sha256(), k1.data(), k1.size(),
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]223 packet.data() + message::parser::RMCP_SESSION_HEADER_SIZE, length,
Vernon Mauery7e9e2ef2017-11-29 08:36:29 -0800[diff] [blame]224 output.data(), &mdLen) == NULL)
225 {
226 FAIL() << "Generating integrity data failed";
227 }
228
229 output.resize(cipher::integrity::AlgoSHA256::SHA256_128_AUTHCODE_LENGTH);
230
231 /*
232 * Step-3 Check if the integrity data we generated using the implemented API
233 * matches with one generated by OpenSSL SHA256 algorithm.
234 */
235 auto check = std::equal(output.begin(), output.end(), response.begin());
236 EXPECT_EQ(true, check);
237}
238
239TEST(IntegrityAlgo, HMAC_SHA256_128_VerifyIntegrityDataPass)
240{
241 /*
242 * Step-1 Generate Integrity data using OpenSSL SHA256 algorithm
243 */
244
245 // Packet = RMCP Session Header (4 bytes) + Packet (8 bytes)
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]246 std::vector<uint8_t> packet = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12};
Vernon Mauery7e9e2ef2017-11-29 08:36:29 -0800[diff] [blame]247
248 // Hardcoded Session Integrity Key
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]249 std::vector<uint8_t> sik = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11,
250 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22,
251 23, 24, 25, 26, 27, 28, 29, 30, 31, 32};
Vernon Mauery7e9e2ef2017-11-29 08:36:29 -0800[diff] [blame]252
253 std::vector<uint8_t> k1(SHA256_DIGEST_LENGTH);
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]254 constexpr rmcp::Const_n const1 = {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
255 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
256 0x01, 0x01, 0x01, 0x01, 0x01, 0x01};
Vernon Mauery7e9e2ef2017-11-29 08:36:29 -0800[diff] [blame]257
258 // Generated K1 for the integrity algorithm with the additional key keyed
259 // with SIK.
260 unsigned int mdLen = 0;
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]261 if (HMAC(EVP_sha256(), sik.data(), sik.size(), const1.data(), const1.size(),
262 k1.data(), &mdLen) == NULL)
Vernon Mauery7e9e2ef2017-11-29 08:36:29 -0800[diff] [blame]263 {
264 FAIL() << "Generating Key1 failed";
265 }
266
267 mdLen = 0;
268 std::vector<uint8_t> output(SHA256_DIGEST_LENGTH);
269 size_t length = packet.size() - message::parser::RMCP_SESSION_HEADER_SIZE;
270
271 if (HMAC(EVP_sha256(), k1.data(), k1.size(),
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]272 packet.data() + message::parser::RMCP_SESSION_HEADER_SIZE, length,
Vernon Mauery7e9e2ef2017-11-29 08:36:29 -0800[diff] [blame]273 output.data(), &mdLen) == NULL)
274 {
275 FAIL() << "Generating integrity data failed";
276 }
277
278 output.resize(cipher::integrity::AlgoSHA256::SHA256_128_AUTHCODE_LENGTH);
279
280 /*
281 * Step-2 Insert the integrity data into the packet
282 */
283 auto packetSize = packet.size();
284 packet.insert(packet.end(), output.begin(), output.end());
285
286 // Point to the integrity data in the packet
287 auto integrityIter = packet.cbegin();
288 std::advance(integrityIter, packetSize);
289
290 /*
291 * Step-3 Invoke the verifyIntegrityData API and validate the response
292 */
293
294 auto algoPtr = std::make_unique<cipher::integrity::AlgoSHA256>(sik);
295 ASSERT_EQ(true, (algoPtr != NULL));
296
297 auto check = algoPtr->verifyIntegrityData(
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]298 packet, packetSize - message::parser::RMCP_SESSION_HEADER_SIZE,
299 integrityIter);
Vernon Mauery7e9e2ef2017-11-29 08:36:29 -0800[diff] [blame]300
301 EXPECT_EQ(true, check);
302}
303
304TEST(IntegrityAlgo, HMAC_SHA256_128_VerifyIntegrityDataFail)
305{
306 /*
307 * Step-1 Add hardcoded Integrity data to the packet
308 */
309
310 // Packet = RMCP Session Header (4 bytes) + Packet (8 bytes)
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]311 std::vector<uint8_t> packet = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12};
Vernon Mauery7e9e2ef2017-11-29 08:36:29 -0800[diff] [blame]312
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]313 std::vector<uint8_t> integrity = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12};
Vernon Mauery7e9e2ef2017-11-29 08:36:29 -0800[diff] [blame]314
315 packet.insert(packet.end(), integrity.begin(), integrity.end());
316
317 // Point to the integrity data in the packet
318 auto integrityIter = packet.cbegin();
319 std::advance(integrityIter, packet.size());
320
321 /*
322 * Step-2 Invoke the verifyIntegrityData API and validate the response
323 */
324
325 // Hardcoded Session Integrity Key
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]326 std::vector<uint8_t> sik = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11,
327 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22,
328 23, 24, 25, 26, 27, 28, 29, 30, 31, 32};
Vernon Mauery7e9e2ef2017-11-29 08:36:29 -0800[diff] [blame]329
330 auto algoPtr = std::make_unique<cipher::integrity::AlgoSHA256>(sik);
331
332 ASSERT_EQ(true, (algoPtr != NULL));
333
Vernon Mauery7e9e2ef2017-11-29 08:36:29 -0800[diff] [blame]334 // Verify the Integrity Data
335 auto check = algoPtr->verifyIntegrityData(
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]336 packet, packet.size() - message::parser::RMCP_SESSION_HEADER_SIZE,
337 integrityIter);
Vernon Mauery7e9e2ef2017-11-29 08:36:29 -0800[diff] [blame]338
339 EXPECT_EQ(false, check);
340}
341
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]342TEST(CryptAlgo, AES_CBC_128_EncryptPayloadValidate)
343{
344 /*
345 * Step-1 Generate the encrypted data using the implemented API for
346 * AES-CBC-128
347 */
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]348 std::vector<uint8_t> payload = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12};
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]349
350 // Hardcoded Session Integrity Key
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]351 std::vector<uint8_t> sik = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
352 11, 12, 13, 14, 15, 16, 17, 18, 19, 20};
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]353
Vernon Mauery9b307be2017-11-22 09:28:16 -0800[diff] [blame]354 std::vector<uint8_t> k2(SHA_DIGEST_LENGTH);
355 unsigned int mdLen = 0;
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]356 constexpr rmcp::Const_n const1 = {0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
357 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
358 0x02, 0x02, 0x02, 0x02, 0x02, 0x02};
Vernon Mauery9b307be2017-11-22 09:28:16 -0800[diff] [blame]359
360 // Generated K2 for the confidentiality algorithm with the additional key
361 // keyed with SIK.
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]362 if (HMAC(EVP_sha1(), sik.data(), sik.size(), const1.data(), const1.size(),
363 k2.data(), &mdLen) == NULL)
Vernon Mauery9b307be2017-11-22 09:28:16 -0800[diff] [blame]364 {
365 FAIL() << "Generating K2 for confidentiality algorithm failed";
366 }
367
368 auto cryptPtr = std::make_unique<cipher::crypt::AlgoAES128>(k2);
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]369
370 ASSERT_EQ(true, (cryptPtr != NULL));
371
372 auto cipher = cryptPtr->encryptPayload(payload);
373
374 /*
375 * Step-2 Decrypt the encrypted payload using OpenSSL EVP_aes_128_cbc()
376 * implementation
377 */
378
Adriana Kobylak584fa882018-09-06 15:52:05 -0500[diff] [blame]379 EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
380 if (!EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, k2.data(),
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]381 cipher.data()))
382 {
Adriana Kobylak584fa882018-09-06 15:52:05 -0500[diff] [blame]383 EVP_CIPHER_CTX_free(ctx);
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]384 FAIL() << "EVP_DecryptInit_ex failed for type AES-CBC-128";
385 }
386
Adriana Kobylak584fa882018-09-06 15:52:05 -0500[diff] [blame]387 EVP_CIPHER_CTX_set_padding(ctx, 0);
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]388 std::vector<uint8_t> output(cipher.size() +
389 cipher::crypt::AlgoAES128::AESCBC128BlockSize);
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]390 int outputLen = 0;
391
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]392 if (!EVP_DecryptUpdate(
393 ctx, output.data(), &outputLen,
394 cipher.data() + cipher::crypt::AlgoAES128::AESCBC128ConfHeader,
395 cipher.size() - cipher::crypt::AlgoAES128::AESCBC128ConfHeader))
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]396 {
Adriana Kobylak584fa882018-09-06 15:52:05 -0500[diff] [blame]397 EVP_CIPHER_CTX_free(ctx);
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]398 FAIL() << "EVP_DecryptUpdate failed";
399 }
400
401 output.resize(outputLen);
Adriana Kobylak584fa882018-09-06 15:52:05 -0500[diff] [blame]402 EVP_CIPHER_CTX_free(ctx);
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]403
404 /*
405 * Step -3 Check if the plain payload matches with the decrypted one
406 */
407 auto check = std::equal(payload.begin(), payload.end(), output.begin());
408 EXPECT_EQ(true, check);
409}
410
411TEST(CryptAlgo, AES_CBC_128_DecryptPayloadValidate)
412{
413 /*
414 * Step-1 Encrypt the payload using OpenSSL EVP_aes_128_cbc()
415 * implementation
416 */
417
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]418 std::vector<uint8_t> payload = {1, 2, 3, 4, 5, 6, 7, 8,
419 9, 10, 11, 12, 13, 14, 15, 16};
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]420 payload.resize(payload.size() + 1);
421 payload.back() = 0;
422
423 // Hardcoded Session Integrity Key
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]424 std::vector<uint8_t> sik = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
425 11, 12, 13, 14, 15, 16, 17, 18, 19, 20};
Adriana Kobylak584fa882018-09-06 15:52:05 -0500[diff] [blame]426 EVP_CIPHER_CTX* ctx;
427 ctx = EVP_CIPHER_CTX_new();
Vernon Mauery9b307be2017-11-22 09:28:16 -0800[diff] [blame]428 std::vector<uint8_t> k2(SHA_DIGEST_LENGTH);
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]429 unsigned int mdLen = 0;
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]430 constexpr rmcp::Const_n const1 = {0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
431 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
432 0x02, 0x02, 0x02, 0x02, 0x02, 0x02};
433 std::vector<uint8_t> output(payload.size() +
434 cipher::crypt::AlgoAES128::AESCBC128BlockSize);
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]435
436 if (!RAND_bytes(output.data(),
437 cipher::crypt::AlgoAES128::AESCBC128ConfHeader))
438 {
439 FAIL() << "RAND_bytes failed";
440 }
441
442 // Generated K2 for the confidentiality algorithm with the additional key
443 // keyed with SIK.
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]444 if (HMAC(EVP_sha1(), sik.data(), sik.size(), const1.data(), const1.size(),
445 k2.data(), &mdLen) == NULL)
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]446 {
447 FAIL() << "Generating K2 for confidentiality algorithm failed";
448 }
449
Adriana Kobylak584fa882018-09-06 15:52:05 -0500[diff] [blame]450 if (!EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, k2.data(),
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]451 output.data()))
452 {
Adriana Kobylak584fa882018-09-06 15:52:05 -0500[diff] [blame]453 EVP_CIPHER_CTX_free(ctx);
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]454 FAIL() << "EVP_EncryptInit_ex failed for type AES-CBC-128";
455 }
456
Adriana Kobylak584fa882018-09-06 15:52:05 -0500[diff] [blame]457 EVP_CIPHER_CTX_set_padding(ctx, 0);
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]458 int outputLen = 0;
459
Vernon Mauery9e801a22018-10-12 13:20:49 -0700[diff] [blame]460 if (!EVP_EncryptUpdate(
461 ctx, output.data() + cipher::crypt::AlgoAES128::AESCBC128ConfHeader,
462 &outputLen, payload.data(), payload.size()))
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]463 {
Adriana Kobylak584fa882018-09-06 15:52:05 -0500[diff] [blame]464 EVP_CIPHER_CTX_free(ctx);
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]465 FAIL() << "EVP_EncryptUpdate failed";
466 }
467
468 output.resize(cipher::crypt::AlgoAES128::AESCBC128ConfHeader + outputLen);
Adriana Kobylak584fa882018-09-06 15:52:05 -0500[diff] [blame]469 EVP_CIPHER_CTX_free(ctx);
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]470
471 /*
472 * Step-2 Decrypt the encrypted payload using the implemented API for
473 * AES-CBC-128
474 */
475
Vernon Mauery9b307be2017-11-22 09:28:16 -0800[diff] [blame]476 auto cryptPtr = std::make_unique<cipher::crypt::AlgoAES128>(k2);
Tom Joseph1e5a76a2017-01-30 19:25:06 +0530[diff] [blame]477
478 ASSERT_EQ(true, (cryptPtr != NULL));
479
480 auto plain = cryptPtr->decryptPayload(output, 0, output.size());
481
482 /*
483 * Step -3 Check if the plain payload matches with the decrypted one
484 */
485 auto check = std::equal(payload.begin(), payload.end(), plain.begin());
486 EXPECT_EQ(true, check);
487}