]>
Commit | Line | Data |
---|---|---|
6fc6879b JM |
1 | /* |
2 | * Test program for AES | |
c2372d7c | 3 | * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi> |
6fc6879b | 4 | * |
0f3d578e JM |
5 | * This software may be distributed under the terms of the BSD license. |
6 | * See README for more details. | |
6fc6879b JM |
7 | */ |
8 | ||
9 | #include "includes.h" | |
10 | ||
11 | #include "common.h" | |
03da66bd JM |
12 | #include "crypto/crypto.h" |
13 | #include "crypto/aes_wrap.h" | |
a709c5e2 | 14 | #include "crypto/aes_siv.h" |
6fc6879b JM |
15 | |
16 | #define BLOCK_SIZE 16 | |
17 | ||
18 | static void test_aes_perf(void) | |
19 | { | |
20 | #if 0 /* this did not seem to work with new compiler?! */ | |
21 | #ifdef __i386__ | |
22 | #define rdtscll(val) \ | |
23 | __asm__ __volatile__("rdtsc" : "=A" (val)) | |
24 | const int num_iters = 10; | |
25 | int i; | |
26 | unsigned int start, end; | |
27 | u8 key[16], pt[16], ct[16]; | |
28 | void *ctx; | |
29 | ||
30 | printf("keySetupEnc:"); | |
31 | for (i = 0; i < num_iters; i++) { | |
32 | rdtscll(start); | |
33 | ctx = aes_encrypt_init(key, 16); | |
34 | rdtscll(end); | |
35 | aes_encrypt_deinit(ctx); | |
36 | printf(" %d", end - start); | |
37 | } | |
38 | printf("\n"); | |
39 | ||
40 | printf("Encrypt:"); | |
41 | ctx = aes_encrypt_init(key, 16); | |
42 | for (i = 0; i < num_iters; i++) { | |
43 | rdtscll(start); | |
44 | aes_encrypt(ctx, pt, ct); | |
45 | rdtscll(end); | |
46 | printf(" %d", end - start); | |
47 | } | |
48 | aes_encrypt_deinit(ctx); | |
49 | printf("\n"); | |
50 | #endif /* __i386__ */ | |
51 | #endif | |
52 | } | |
53 | ||
54 | ||
55 | static int test_eax(void) | |
56 | { | |
57 | u8 msg[] = { 0xF7, 0xFB }; | |
58 | u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B, | |
59 | 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 }; | |
60 | u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84, | |
61 | 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD }; | |
62 | u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA }; | |
63 | u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D, | |
64 | 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79, | |
65 | 0x67, 0xE5 }; | |
66 | u8 data[sizeof(msg)], tag[BLOCK_SIZE]; | |
67 | ||
68 | memcpy(data, msg, sizeof(msg)); | |
69 | if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), | |
70 | data, sizeof(data), tag)) { | |
71 | printf("AES-128 EAX mode encryption failed\n"); | |
72 | return 1; | |
73 | } | |
74 | if (memcmp(data, cipher, sizeof(data)) != 0) { | |
75 | printf("AES-128 EAX mode encryption returned invalid cipher " | |
76 | "text\n"); | |
77 | return 1; | |
78 | } | |
79 | if (memcmp(tag, cipher + sizeof(data), BLOCK_SIZE) != 0) { | |
80 | printf("AES-128 EAX mode encryption returned invalid tag\n"); | |
81 | return 1; | |
82 | } | |
83 | ||
84 | if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr), | |
85 | data, sizeof(data), tag)) { | |
86 | printf("AES-128 EAX mode decryption failed\n"); | |
87 | return 1; | |
88 | } | |
89 | if (memcmp(data, msg, sizeof(data)) != 0) { | |
90 | printf("AES-128 EAX mode decryption returned invalid plain " | |
91 | "text\n"); | |
92 | return 1; | |
93 | } | |
94 | ||
95 | return 0; | |
96 | } | |
97 | ||
98 | ||
99 | static int test_cbc(void) | |
100 | { | |
101 | struct cbc_test_vector { | |
102 | u8 key[16]; | |
103 | u8 iv[16]; | |
104 | u8 plain[32]; | |
105 | u8 cipher[32]; | |
106 | size_t len; | |
107 | } vectors[] = { | |
108 | { | |
109 | { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b, | |
110 | 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 }, | |
111 | { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30, | |
112 | 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 }, | |
113 | "Single block msg", | |
114 | { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8, | |
115 | 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a }, | |
116 | 16 | |
117 | }, | |
118 | { | |
119 | { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0, | |
120 | 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a }, | |
121 | { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28, | |
122 | 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 }, | |
123 | { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
124 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
125 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | |
126 | 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, | |
127 | { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a, | |
128 | 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a, | |
129 | 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9, | |
130 | 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 }, | |
131 | 32 | |
132 | } | |
133 | }; | |
134 | int ret = 0; | |
135 | u8 *buf; | |
136 | unsigned int i; | |
137 | ||
e7ecab4a | 138 | for (i = 0; i < ARRAY_SIZE(vectors); i++) { |
6fc6879b JM |
139 | struct cbc_test_vector *tv = &vectors[i]; |
140 | buf = malloc(tv->len); | |
141 | if (buf == NULL) { | |
142 | ret++; | |
143 | break; | |
144 | } | |
145 | memcpy(buf, tv->plain, tv->len); | |
1767f7c1 JM |
146 | if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) || |
147 | memcmp(buf, tv->cipher, tv->len) != 0) { | |
6fc6879b JM |
148 | printf("AES-CBC encrypt %d failed\n", i); |
149 | ret++; | |
150 | } | |
151 | memcpy(buf, tv->cipher, tv->len); | |
1767f7c1 JM |
152 | if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) || |
153 | memcmp(buf, tv->plain, tv->len) != 0) { | |
6fc6879b JM |
154 | printf("AES-CBC decrypt %d failed\n", i); |
155 | ret++; | |
156 | } | |
157 | free(buf); | |
158 | } | |
159 | ||
160 | return ret; | |
161 | } | |
162 | ||
163 | ||
c2372d7c JM |
164 | /* |
165 | * GCM test vectors from | |
166 | * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf | |
167 | */ | |
168 | struct gcm_test_vector { | |
169 | char *k; | |
170 | char *p; | |
171 | char *aad; | |
172 | char *iv; | |
173 | char *c; | |
174 | char *t; | |
175 | }; | |
176 | ||
177 | static const struct gcm_test_vector gcm_tests[] = { | |
178 | { | |
179 | /* Test Case 1 */ | |
180 | "00000000000000000000000000000000", | |
181 | "", | |
182 | "", | |
183 | "000000000000000000000000", | |
184 | "", | |
185 | "58e2fccefa7e3061367f1d57a4e7455a" | |
186 | }, | |
187 | { | |
188 | /* Test Case 2 */ | |
189 | "00000000000000000000000000000000", | |
190 | "00000000000000000000000000000000", | |
191 | "", | |
192 | "000000000000000000000000", | |
193 | "0388dace60b6a392f328c2b971b2fe78", | |
194 | "ab6e47d42cec13bdf53a67b21257bddf" | |
195 | }, | |
196 | { | |
197 | /* Test Case 3 */ | |
198 | "feffe9928665731c6d6a8f9467308308", | |
199 | "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", | |
200 | "", | |
201 | "cafebabefacedbaddecaf888", | |
202 | "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985", | |
203 | "4d5c2af327cd64a62cf35abd2ba6fab4" | |
204 | }, | |
205 | { | |
206 | /* Test Case 4 */ | |
207 | "feffe9928665731c6d6a8f9467308308", | |
208 | "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", | |
209 | "feedfacedeadbeeffeedfacedeadbeefabaddad2", | |
210 | "cafebabefacedbaddecaf888", | |
211 | "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091", | |
212 | "5bc94fbc3221a5db94fae95ae7121a47" | |
213 | }, | |
c2372d7c JM |
214 | { |
215 | /* Test Case 5 */ | |
216 | "feffe9928665731c6d6a8f9467308308", | |
217 | "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", | |
218 | "feedfacedeadbeeffeedfacedeadbeefabaddad2", | |
219 | "cafebabefacedbad", | |
220 | "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598", | |
221 | "3612d2e79e3b0785561be14aaca2fccb" | |
222 | }, | |
af0963fa JM |
223 | { |
224 | /* Test Case 6 */ | |
225 | "feffe9928665731c6d6a8f9467308308", | |
226 | "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", | |
227 | "feedfacedeadbeeffeedfacedeadbeefabaddad2", | |
228 | "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b", | |
229 | "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5", | |
230 | "619cc5aefffe0bfa462af43c1699d050" | |
d140db6a JM |
231 | }, |
232 | { | |
233 | /* Test Case 7 */ | |
234 | "000000000000000000000000000000000000000000000000", | |
235 | "", | |
236 | "", | |
237 | "000000000000000000000000", | |
238 | "", | |
239 | "cd33b28ac773f74ba00ed1f312572435" | |
240 | }, | |
241 | { | |
242 | /* Test Case 8 */ | |
243 | "000000000000000000000000000000000000000000000000", | |
244 | "00000000000000000000000000000000", | |
245 | "", | |
246 | "000000000000000000000000", | |
247 | "98e7247c07f0fe411c267e4384b0f600", | |
248 | "2ff58d80033927ab8ef4d4587514f0fb" | |
249 | }, | |
250 | { | |
251 | /* Test Case 9 */ | |
252 | "feffe9928665731c6d6a8f9467308308feffe9928665731c", | |
253 | "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", | |
254 | "", | |
255 | "cafebabefacedbaddecaf888", | |
256 | "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256", | |
257 | "9924a7c8587336bfb118024db8674a14" | |
258 | }, | |
259 | { | |
260 | /* Test Case 10 */ | |
261 | "feffe9928665731c6d6a8f9467308308feffe9928665731c", | |
262 | "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", | |
263 | "feedfacedeadbeeffeedfacedeadbeefabaddad2", | |
264 | "cafebabefacedbaddecaf888", | |
265 | "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710", | |
266 | "2519498e80f1478f37ba55bd6d27618c" | |
267 | }, | |
268 | { | |
269 | /* Test Case 11 */ | |
270 | "feffe9928665731c6d6a8f9467308308feffe9928665731c", | |
271 | "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", | |
272 | "feedfacedeadbeeffeedfacedeadbeefabaddad2", | |
273 | "cafebabefacedbad", | |
274 | "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7", | |
275 | "65dcc57fcf623a24094fcca40d3533f8" | |
276 | }, | |
277 | { | |
278 | /* Test Case 12 */ | |
279 | "feffe9928665731c6d6a8f9467308308feffe9928665731c", | |
280 | "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", | |
281 | "feedfacedeadbeeffeedfacedeadbeefabaddad2", | |
282 | "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b", | |
283 | "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b", | |
284 | "dcf566ff291c25bbb8568fc3d376a6d9" | |
285 | }, | |
286 | { | |
287 | /* Test Case 13 */ | |
288 | "0000000000000000000000000000000000000000000000000000000000000000", | |
289 | "", | |
290 | "", | |
291 | "000000000000000000000000", | |
292 | "", | |
293 | "530f8afbc74536b9a963b4f1c4cb738b" | |
294 | }, | |
295 | { | |
296 | /* Test Case 14 */ | |
297 | "0000000000000000000000000000000000000000000000000000000000000000", | |
298 | "00000000000000000000000000000000", | |
299 | "", | |
300 | "000000000000000000000000", | |
301 | "cea7403d4d606b6e074ec5d3baf39d18", | |
302 | "d0d1c8a799996bf0265b98b5d48ab919" | |
303 | }, | |
304 | { | |
305 | /* Test Case 15 */ | |
306 | "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", | |
307 | "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", | |
308 | "", | |
309 | "cafebabefacedbaddecaf888", | |
310 | "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad", | |
311 | "b094dac5d93471bdec1a502270e3cc6c" | |
312 | }, | |
313 | { | |
314 | /* Test Case 16 */ | |
315 | "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", | |
316 | "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", | |
317 | "feedfacedeadbeeffeedfacedeadbeefabaddad2", | |
318 | "cafebabefacedbaddecaf888", | |
319 | "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662", | |
320 | "76fc6ece0f4e1768cddf8853bb2d551b" | |
321 | }, | |
322 | { | |
323 | /* Test Case 17 */ | |
324 | "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", | |
325 | "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", | |
326 | "feedfacedeadbeeffeedfacedeadbeefabaddad2", | |
327 | "cafebabefacedbad", | |
328 | "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f", | |
329 | "3a337dbf46a792c45e454913fe2ea8f2" | |
330 | }, | |
331 | { | |
332 | /* Test Case 18 */ | |
333 | "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", | |
334 | "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", | |
335 | "feedfacedeadbeeffeedfacedeadbeefabaddad2", | |
336 | "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b", | |
337 | "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f", | |
338 | "a44a8266ee1c8eb0c8b5d4cf5ae9f19a" | |
af0963fa | 339 | } |
c2372d7c JM |
340 | }; |
341 | ||
342 | ||
343 | static int test_gcm(void) | |
344 | { | |
345 | int ret = 0; | |
346 | int i; | |
d140db6a | 347 | u8 k[32], aad[32], iv[64], t[16], tag[16]; |
c2372d7c | 348 | u8 p[64], c[64], tmp[64]; |
d140db6a | 349 | size_t k_len, p_len, aad_len, iv_len; |
c2372d7c | 350 | |
e7ecab4a | 351 | for (i = 0; i < ARRAY_SIZE(gcm_tests); i++) { |
c2372d7c JM |
352 | const struct gcm_test_vector *tc = &gcm_tests[i]; |
353 | ||
d140db6a JM |
354 | k_len = os_strlen(tc->k) / 2; |
355 | if (hexstr2bin(tc->k, k, k_len)) { | |
c2372d7c JM |
356 | printf("Invalid GCM test vector %d (k)\n", i); |
357 | ret++; | |
358 | continue; | |
359 | } | |
360 | ||
361 | p_len = os_strlen(tc->p) / 2; | |
362 | if (hexstr2bin(tc->p, p, p_len)) { | |
363 | printf("Invalid GCM test vector %d (p)\n", i); | |
364 | ret++; | |
365 | continue; | |
366 | } | |
367 | ||
368 | aad_len = os_strlen(tc->aad) / 2; | |
369 | if (hexstr2bin(tc->aad, aad, aad_len)) { | |
370 | printf("Invalid GCM test vector %d (aad)\n", i); | |
371 | ret++; | |
372 | continue; | |
373 | } | |
374 | ||
af0963fa JM |
375 | iv_len = os_strlen(tc->iv) / 2; |
376 | if (hexstr2bin(tc->iv, iv, iv_len)) { | |
c2372d7c JM |
377 | printf("Invalid GCM test vector %d (iv)\n", i); |
378 | ret++; | |
379 | continue; | |
380 | } | |
381 | ||
382 | if (hexstr2bin(tc->c, c, p_len)) { | |
383 | printf("Invalid GCM test vector %d (c)\n", i); | |
384 | ret++; | |
385 | continue; | |
386 | } | |
387 | ||
388 | if (hexstr2bin(tc->t, t, sizeof(t))) { | |
389 | printf("Invalid GCM test vector %d (t)\n", i); | |
390 | ret++; | |
391 | continue; | |
392 | } | |
393 | ||
d140db6a JM |
394 | if (aes_gcm_ae(k, k_len, iv, iv_len, p, p_len, aad, aad_len, |
395 | tmp, tag) < 0) { | |
c2372d7c JM |
396 | printf("GCM-AE failed (test case %d)\n", i); |
397 | ret++; | |
398 | continue; | |
399 | } | |
400 | ||
401 | if (os_memcmp(c, tmp, p_len) != 0) { | |
402 | printf("GCM-AE mismatch (test case %d)\n", i); | |
403 | ret++; | |
404 | } | |
405 | ||
406 | if (os_memcmp(tag, t, sizeof(tag)) != 0) { | |
af0963fa | 407 | printf("GCM-AE tag mismatch (test case %d)\n", i); |
c2372d7c JM |
408 | ret++; |
409 | } | |
410 | ||
77b2c812 JM |
411 | if (p_len == 0) { |
412 | if (aes_gmac(k, k_len, iv, iv_len, aad, aad_len, tag) < | |
413 | 0) { | |
414 | printf("GMAC failed (test case %d)\n", i); | |
415 | ret++; | |
416 | continue; | |
417 | } | |
418 | ||
419 | if (os_memcmp(tag, t, sizeof(tag)) != 0) { | |
420 | printf("GMAC tag mismatch (test case %d)\n", i); | |
421 | ret++; | |
422 | } | |
423 | } | |
424 | ||
d140db6a JM |
425 | if (aes_gcm_ad(k, k_len, iv, iv_len, c, p_len, aad, aad_len, |
426 | t, tmp) < 0) { | |
c2372d7c JM |
427 | printf("GCM-AD failed (test case %d)\n", i); |
428 | ret++; | |
429 | continue; | |
430 | } | |
431 | ||
432 | if (os_memcmp(p, tmp, p_len) != 0) { | |
433 | printf("GCM-AD mismatch (test case %d)\n", i); | |
434 | ret++; | |
435 | } | |
436 | } | |
437 | ||
438 | return ret; | |
439 | } | |
440 | ||
441 | ||
a709c5e2 JM |
442 | static int test_siv(void) |
443 | { | |
444 | u8 key[] = { | |
445 | 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, | |
446 | 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0, | |
447 | 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, | |
448 | 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff | |
449 | }; | |
450 | u8 ad[] = { | |
451 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | |
452 | 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, | |
453 | 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27 | |
454 | }; | |
455 | u8 plaintext[] = { | |
456 | 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, | |
457 | 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee | |
458 | }; | |
459 | u8 iv_c[] = { | |
460 | 0x85, 0x63, 0x2d, 0x07, 0xc6, 0xe8, 0xf3, 0x7f, | |
461 | 0x95, 0x0a, 0xcd, 0x32, 0x0a, 0x2e, 0xcc, 0x93, | |
462 | 0x40, 0xc0, 0x2b, 0x96, 0x90, 0xc4, 0xdc, 0x04, | |
463 | 0xda, 0xef, 0x7f, 0x6a, 0xfe, 0x5c | |
464 | }; | |
465 | u8 out[2 * BLOCK_SIZE + sizeof(plaintext)]; | |
466 | const u8 *addr[1]; | |
467 | size_t len[1]; | |
468 | ||
469 | addr[0] = ad; | |
470 | len[0] = sizeof(ad); | |
471 | ||
472 | if (aes_siv_encrypt(key, plaintext, sizeof(plaintext), | |
473 | 1, addr, len, out)) { | |
474 | printf("AES-SIV mode encryption failed\n"); | |
475 | return 1; | |
476 | } | |
477 | if (memcmp(out, iv_c, sizeof(iv_c)) != 0) { | |
478 | printf("AES-SIV mode encryption returned invalid cipher " | |
479 | "text\n"); | |
480 | return 1; | |
481 | } | |
482 | ||
483 | if (aes_siv_decrypt(key, iv_c, sizeof(iv_c), 1, addr, len, out)) { | |
484 | printf("AES-SIV mode decryption failed\n"); | |
485 | return 1; | |
486 | } | |
487 | if (memcmp(out, plaintext, sizeof(plaintext)) != 0) { | |
488 | printf("AES-SIV mode decryption returned invalid plain text\n"); | |
489 | return 1; | |
490 | } | |
491 | printf("AES-SIV test passed\n"); | |
492 | ||
493 | return 0; | |
494 | } | |
495 | ||
496 | ||
6fc6879b JM |
497 | /* OMAC1 AES-128 test vectors from |
498 | * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf | |
499 | * which are same as the examples from NIST SP800-38B | |
500 | * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf | |
501 | */ | |
502 | ||
503 | struct omac1_test_vector { | |
504 | u8 k[16]; | |
505 | u8 msg[64]; | |
506 | int msg_len; | |
507 | u8 tag[16]; | |
508 | }; | |
509 | ||
510 | static struct omac1_test_vector test_vectors[] = | |
511 | { | |
512 | { | |
513 | { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, | |
514 | 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, | |
515 | { }, | |
516 | 0, | |
517 | { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, | |
518 | 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 } | |
519 | }, | |
520 | { | |
521 | { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, | |
522 | 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, | |
523 | { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, | |
524 | 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a}, | |
525 | 16, | |
526 | { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, | |
527 | 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c } | |
528 | }, | |
529 | { | |
530 | { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, | |
531 | 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, | |
532 | { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, | |
533 | 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, | |
534 | 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, | |
535 | 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, | |
536 | 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 }, | |
537 | 40, | |
538 | { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, | |
539 | 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 } | |
540 | }, | |
541 | { | |
542 | { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, | |
543 | 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }, | |
544 | { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, | |
545 | 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, | |
546 | 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, | |
547 | 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, | |
548 | 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, | |
549 | 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, | |
550 | 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, | |
551 | 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }, | |
552 | 64, | |
553 | { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, | |
554 | 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe } | |
555 | }, | |
556 | }; | |
557 | ||
558 | ||
eefec1e4 | 559 | static int test_key_wrap(void) |
6fc6879b | 560 | { |
eefec1e4 JM |
561 | unsigned int i; |
562 | int ret = 0; | |
563 | ||
564 | /* RFC 3394 - Test vector 4.1 */ | |
565 | u8 kek41[] = { | |
6fc6879b JM |
566 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, |
567 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f | |
568 | }; | |
eefec1e4 | 569 | u8 plain41[] = { |
6fc6879b JM |
570 | 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, |
571 | 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff | |
572 | }; | |
eefec1e4 | 573 | u8 crypt41[] = { |
6fc6879b JM |
574 | 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47, |
575 | 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82, | |
576 | 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5 | |
577 | }; | |
eefec1e4 JM |
578 | /* RFC 3394 - Test vector 4.2 */ |
579 | u8 kek42[] = { | |
580 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
581 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
582 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 | |
583 | }; | |
584 | u8 plain42[] = { | |
585 | 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, | |
586 | 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff | |
587 | }; | |
588 | u8 crypt42[] = { | |
589 | 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35, | |
590 | 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2, | |
591 | 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D | |
592 | }; | |
593 | /* RFC 3394 - Test vector 4.3 */ | |
594 | u8 kek43[] = { | |
595 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
596 | 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, | |
597 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | |
598 | 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F | |
599 | }; | |
600 | u8 plain43[] = { | |
601 | 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, | |
602 | 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff | |
603 | }; | |
604 | u8 crypt43[] = { | |
605 | 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2, | |
606 | 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A, | |
607 | 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7, | |
608 | }; | |
609 | /* RFC 3394 - Test vector 4.4 */ | |
610 | u8 kek44[] = { | |
611 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
612 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
613 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 | |
614 | }; | |
615 | u8 plain44[] = { | |
616 | 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, | |
617 | 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, | |
618 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 | |
619 | }; | |
620 | u8 crypt44[] = { | |
621 | 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32, | |
622 | 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC, | |
623 | 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93, | |
624 | 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2 | |
625 | }; | |
626 | /* RFC 3394 - Test vector 4.5 */ | |
627 | u8 kek45[] = { | |
628 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
629 | 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, | |
630 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | |
631 | 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F | |
632 | }; | |
633 | u8 plain45[] = { | |
634 | 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, | |
635 | 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, | |
636 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 | |
637 | }; | |
638 | u8 crypt45[] = { | |
639 | 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F, | |
640 | 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4, | |
641 | 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95, | |
642 | 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1, | |
643 | }; | |
644 | /* RFC 3394 - Test vector 4.6 */ | |
645 | u8 kek46[] = { | |
646 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
647 | 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, | |
648 | 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | |
649 | 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F | |
650 | }; | |
651 | u8 plain46[] = { | |
652 | 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, | |
653 | 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, | |
654 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
655 | 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F | |
656 | }; | |
657 | u8 crypt46[] = { | |
658 | 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4, | |
659 | 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26, | |
660 | 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26, | |
661 | 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B, | |
662 | 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21 | |
663 | }; | |
664 | u8 result[40]; | |
665 | ||
666 | printf("RFC 3394 - Test vector 4.1\n"); | |
667 | if (aes_wrap(kek41, sizeof(kek41), sizeof(plain41) / 8, plain41, | |
668 | result)) { | |
669 | printf("AES-WRAP-128 reported failure\n"); | |
670 | ret++; | |
671 | } | |
672 | if (memcmp(result, crypt41, sizeof(crypt41)) != 0) { | |
673 | printf("AES-WRAP-128 failed\n"); | |
674 | ret++; | |
675 | } | |
676 | if (aes_unwrap(kek41, sizeof(kek41), sizeof(plain41) / 8, crypt41, | |
677 | result)) { | |
678 | printf("AES-UNWRAP-128 reported failure\n"); | |
679 | ret++; | |
680 | } | |
681 | if (memcmp(result, plain41, sizeof(plain41)) != 0) { | |
682 | printf("AES-UNWRAP-128 failed\n"); | |
683 | ret++; | |
684 | for (i = 0; i < sizeof(plain41); i++) | |
685 | printf(" %02x", result[i]); | |
686 | printf("\n"); | |
687 | } | |
6fc6879b | 688 | |
eefec1e4 JM |
689 | printf("RFC 3394 - Test vector 4.2\n"); |
690 | if (aes_wrap(kek42, sizeof(kek42), sizeof(plain42) / 8, plain42, | |
691 | result)) { | |
692 | printf("AES-WRAP-192 reported failure\n"); | |
6fc6879b JM |
693 | ret++; |
694 | } | |
eefec1e4 JM |
695 | if (memcmp(result, crypt42, sizeof(crypt42)) != 0) { |
696 | printf("AES-WRAP-192 failed\n"); | |
6fc6879b JM |
697 | ret++; |
698 | } | |
eefec1e4 JM |
699 | if (aes_unwrap(kek42, sizeof(kek42), sizeof(plain42) / 8, crypt42, |
700 | result)) { | |
701 | printf("AES-UNWRAP-192 reported failure\n"); | |
6fc6879b JM |
702 | ret++; |
703 | } | |
eefec1e4 JM |
704 | if (memcmp(result, plain42, sizeof(plain42)) != 0) { |
705 | printf("AES-UNWRAP-192 failed\n"); | |
6fc6879b | 706 | ret++; |
eefec1e4 | 707 | for (i = 0; i < sizeof(plain42); i++) |
6fc6879b JM |
708 | printf(" %02x", result[i]); |
709 | printf("\n"); | |
710 | } | |
711 | ||
eefec1e4 JM |
712 | printf("RFC 3394 - Test vector 4.3\n"); |
713 | if (aes_wrap(kek43, sizeof(kek43), sizeof(plain43) / 8, plain43, | |
714 | result)) { | |
715 | printf("AES-WRAP-256 reported failure\n"); | |
716 | ret++; | |
717 | } | |
718 | if (memcmp(result, crypt43, sizeof(crypt43)) != 0) { | |
719 | printf("AES-WRAP-256 failed\n"); | |
720 | ret++; | |
721 | } | |
722 | if (aes_unwrap(kek43, sizeof(kek43), sizeof(plain43) / 8, crypt43, | |
723 | result)) { | |
724 | printf("AES-UNWRAP-256 reported failure\n"); | |
725 | ret++; | |
726 | } | |
727 | if (memcmp(result, plain43, sizeof(plain43)) != 0) { | |
728 | printf("AES-UNWRAP-256 failed\n"); | |
729 | ret++; | |
730 | for (i = 0; i < sizeof(plain43); i++) | |
731 | printf(" %02x", result[i]); | |
732 | printf("\n"); | |
733 | } | |
734 | ||
735 | printf("RFC 3394 - Test vector 4.4\n"); | |
736 | if (aes_wrap(kek44, sizeof(kek44), sizeof(plain44) / 8, plain44, | |
737 | result)) { | |
738 | printf("AES-WRAP-192 reported failure\n"); | |
739 | ret++; | |
740 | } | |
741 | if (memcmp(result, crypt44, sizeof(crypt44)) != 0) { | |
742 | printf("AES-WRAP-192 failed\n"); | |
743 | ret++; | |
744 | } | |
745 | if (aes_unwrap(kek44, sizeof(kek44), sizeof(plain44) / 8, crypt44, | |
746 | result)) { | |
747 | printf("AES-UNWRAP-192 reported failure\n"); | |
748 | ret++; | |
749 | } | |
750 | if (memcmp(result, plain44, sizeof(plain44)) != 0) { | |
751 | printf("AES-UNWRAP-192 failed\n"); | |
752 | ret++; | |
753 | for (i = 0; i < sizeof(plain44); i++) | |
754 | printf(" %02x", result[i]); | |
755 | printf("\n"); | |
756 | } | |
757 | ||
758 | printf("RFC 3394 - Test vector 4.5\n"); | |
759 | if (aes_wrap(kek45, sizeof(kek45), sizeof(plain45) / 8, plain45, | |
760 | result)) { | |
761 | printf("AES-WRAP-256 reported failure\n"); | |
762 | ret++; | |
763 | } | |
764 | if (memcmp(result, crypt45, sizeof(crypt45)) != 0) { | |
765 | printf("AES-WRAP-256 failed\n"); | |
766 | ret++; | |
767 | for (i = 0; i < sizeof(crypt45); i++) | |
768 | printf(" %02x", result[i]); | |
769 | printf("\n"); | |
770 | } | |
771 | if (aes_unwrap(kek45, sizeof(kek45), sizeof(plain45) / 8, crypt45, | |
772 | result)) { | |
773 | printf("AES-UNWRAP-256 reported failure\n"); | |
774 | ret++; | |
775 | } | |
776 | if (memcmp(result, plain45, sizeof(plain45)) != 0) { | |
777 | printf("AES-UNWRAP-256 failed\n"); | |
778 | ret++; | |
779 | for (i = 0; i < sizeof(plain45); i++) | |
780 | printf(" %02x", result[i]); | |
781 | printf("\n"); | |
782 | } | |
783 | ||
784 | printf("RFC 3394 - Test vector 4.6\n"); | |
785 | if (aes_wrap(kek46, sizeof(kek46), sizeof(plain46) / 8, plain46, | |
786 | result)) { | |
787 | printf("AES-WRAP-256 reported failure\n"); | |
788 | ret++; | |
789 | } | |
790 | if (memcmp(result, crypt46, sizeof(crypt46)) != 0) { | |
791 | printf("AES-WRAP-256 failed\n"); | |
792 | ret++; | |
793 | } | |
794 | if (aes_unwrap(kek46, sizeof(kek46), sizeof(plain46) / 8, crypt46, | |
795 | result)) { | |
796 | printf("AES-UNWRAP-256 reported failure\n"); | |
797 | ret++; | |
798 | } | |
799 | if (memcmp(result, plain46, sizeof(plain46)) != 0) { | |
800 | printf("AES-UNWRAP-256 failed\n"); | |
801 | ret++; | |
802 | for (i = 0; i < sizeof(plain46); i++) | |
803 | printf(" %02x", result[i]); | |
804 | printf("\n"); | |
805 | } | |
806 | ||
807 | return ret; | |
808 | } | |
809 | ||
810 | ||
b1f4015c JM |
811 | static int test_nist_key_wrap_ae(const char *fname) |
812 | { | |
813 | FILE *f; | |
814 | int ret = 0; | |
815 | char buf[15000], *pos, *pos2; | |
816 | u8 bin[2000], k[32], p[1024], c[1024 + 8], result[1024 + 8]; | |
817 | size_t bin_len, k_len = 0, p_len = 0, c_len = 0; | |
818 | int ok = 0; | |
819 | ||
820 | printf("NIST KW AE tests from %s\n", fname); | |
821 | ||
822 | f = fopen(fname, "r"); | |
823 | if (f == NULL) { | |
824 | printf("%s does not exist - cannot validate test vectors\n", | |
825 | fname); | |
826 | return 1; | |
827 | } | |
828 | ||
829 | while (fgets(buf, sizeof(buf), f)) { | |
830 | if (buf[0] == '#') | |
831 | continue; | |
832 | pos = os_strchr(buf, '='); | |
833 | if (pos == NULL) | |
834 | continue; | |
835 | pos2 = pos - 1; | |
836 | while (pos2 >= buf && *pos2 == ' ') | |
837 | *pos2-- = '\0'; | |
838 | *pos++ = '\0'; | |
839 | while (*pos == ' ') | |
840 | *pos++ = '\0'; | |
841 | pos2 = os_strchr(pos, '\r'); | |
842 | if (!pos2) | |
843 | pos2 = os_strchr(pos, '\n'); | |
844 | if (pos2) | |
845 | *pos2 = '\0'; | |
846 | else | |
847 | pos2 = pos + os_strlen(pos); | |
848 | ||
849 | if (buf[0] == '[') { | |
850 | printf("%s = %s\n", buf, pos); | |
851 | continue; | |
852 | } | |
853 | ||
854 | if (os_strcmp(buf, "COUNT") == 0) { | |
855 | printf("Test %s - ", pos); | |
856 | continue; | |
857 | } | |
858 | ||
859 | bin_len = os_strlen(pos); | |
860 | if (bin_len > sizeof(bin) * 2) { | |
861 | printf("Too long binary data (%s)\n", buf); | |
862 | return 1; | |
863 | } | |
864 | if (bin_len & 0x01) { | |
865 | printf("Odd number of hexstring values (%s)\n", | |
866 | buf); | |
867 | return 1; | |
868 | } | |
869 | bin_len /= 2; | |
870 | if (hexstr2bin(pos, bin, bin_len) < 0) { | |
871 | printf("Invalid hex string '%s' (%s)\n", pos, buf); | |
872 | return 1; | |
873 | } | |
874 | ||
875 | if (os_strcmp(buf, "K") == 0) { | |
876 | if (bin_len > sizeof(k)) { | |
877 | printf("Too long K (%u)\n", (unsigned) bin_len); | |
878 | return 1; | |
879 | } | |
880 | os_memcpy(k, bin, bin_len); | |
881 | k_len = bin_len; | |
882 | continue; | |
883 | } | |
884 | ||
885 | if (os_strcmp(buf, "P") == 0) { | |
886 | if (bin_len > sizeof(p)) { | |
887 | printf("Too long P (%u)\n", (unsigned) bin_len); | |
888 | return 1; | |
889 | } | |
890 | os_memcpy(p, bin, bin_len); | |
891 | p_len = bin_len; | |
892 | continue; | |
893 | } | |
894 | ||
895 | if (os_strcmp(buf, "C") != 0) { | |
896 | printf("Unexpected field '%s'\n", buf); | |
897 | continue; | |
898 | } | |
899 | ||
900 | if (bin_len > sizeof(c)) { | |
901 | printf("Too long C (%u)\n", (unsigned) bin_len); | |
902 | return 1; | |
903 | } | |
904 | os_memcpy(c, bin, bin_len); | |
905 | c_len = bin_len; | |
906 | ||
907 | if (p_len % 8 != 0 || c_len % 8 != 0 || c_len - p_len != 8) { | |
908 | printf("invalid parameter length (p_len=%u c_len=%u)\n", | |
909 | (unsigned) p_len, (unsigned) c_len); | |
910 | continue; | |
911 | } | |
912 | ||
913 | if (aes_wrap(k, k_len, p_len / 8, p, result)) { | |
914 | printf("aes_wrap() failed\n"); | |
915 | ret++; | |
916 | continue; | |
917 | } | |
918 | ||
919 | if (os_memcmp(c, result, c_len) == 0) { | |
920 | printf("OK\n"); | |
921 | ok++; | |
922 | } else { | |
923 | printf("FAIL\n"); | |
924 | ret++; | |
925 | } | |
926 | } | |
927 | ||
928 | fclose(f); | |
929 | ||
930 | if (ret) | |
931 | printf("Test case failed\n"); | |
932 | else | |
933 | printf("%d test vectors OK\n", ok); | |
934 | ||
935 | return ret; | |
936 | } | |
937 | ||
938 | ||
939 | static int test_nist_key_wrap_ad(const char *fname) | |
940 | { | |
941 | FILE *f; | |
942 | int ret = 0; | |
943 | char buf[15000], *pos, *pos2; | |
944 | u8 bin[2000], k[32], p[1024], c[1024 + 8], result[1024 + 8]; | |
945 | size_t bin_len, k_len = 0, p_len = 0, c_len = 0; | |
946 | int ok = 0; | |
947 | int fail; | |
948 | ||
949 | printf("NIST KW AD tests from %s\n", fname); | |
950 | ||
951 | f = fopen(fname, "r"); | |
952 | if (f == NULL) { | |
953 | printf("%s does not exist - cannot validate test vectors\n", | |
954 | fname); | |
955 | return 1; | |
956 | } | |
957 | ||
958 | while (fgets(buf, sizeof(buf), f)) { | |
959 | if (buf[0] == '#') | |
960 | continue; | |
961 | fail = 0; | |
962 | pos = os_strchr(buf, '='); | |
963 | if (pos == NULL) { | |
964 | if (os_strncmp(buf, "FAIL", 4) == 0) { | |
965 | fail = 1; | |
966 | goto skip_val_parse; | |
967 | } | |
968 | continue; | |
969 | } | |
970 | pos2 = pos - 1; | |
971 | while (pos2 >= buf && *pos2 == ' ') | |
972 | *pos2-- = '\0'; | |
973 | *pos++ = '\0'; | |
974 | while (*pos == ' ') | |
975 | *pos++ = '\0'; | |
976 | pos2 = os_strchr(pos, '\r'); | |
977 | if (!pos2) | |
978 | pos2 = os_strchr(pos, '\n'); | |
979 | if (pos2) | |
980 | *pos2 = '\0'; | |
981 | else | |
982 | pos2 = pos + os_strlen(pos); | |
983 | ||
984 | if (buf[0] == '[') { | |
985 | printf("%s = %s\n", buf, pos); | |
986 | continue; | |
987 | } | |
988 | ||
989 | if (os_strcmp(buf, "COUNT") == 0) { | |
990 | printf("Test %s - ", pos); | |
991 | continue; | |
992 | } | |
993 | ||
994 | bin_len = os_strlen(pos); | |
995 | if (bin_len > sizeof(bin) * 2) { | |
996 | printf("Too long binary data (%s)\n", buf); | |
997 | return 1; | |
998 | } | |
999 | if (bin_len & 0x01) { | |
1000 | printf("Odd number of hexstring values (%s)\n", | |
1001 | buf); | |
1002 | return 1; | |
1003 | } | |
1004 | bin_len /= 2; | |
1005 | if (hexstr2bin(pos, bin, bin_len) < 0) { | |
1006 | printf("Invalid hex string '%s' (%s)\n", pos, buf); | |
1007 | return 1; | |
1008 | } | |
1009 | ||
1010 | if (os_strcmp(buf, "K") == 0) { | |
1011 | if (bin_len > sizeof(k)) { | |
1012 | printf("Too long K (%u)\n", (unsigned) bin_len); | |
1013 | return 1; | |
1014 | } | |
1015 | os_memcpy(k, bin, bin_len); | |
1016 | k_len = bin_len; | |
1017 | continue; | |
1018 | } | |
1019 | ||
1020 | if (os_strcmp(buf, "C") == 0) { | |
1021 | if (bin_len > sizeof(c)) { | |
1022 | printf("Too long C (%u)\n", (unsigned) bin_len); | |
1023 | return 1; | |
1024 | } | |
1025 | os_memcpy(c, bin, bin_len); | |
1026 | c_len = bin_len; | |
1027 | continue; | |
1028 | } | |
1029 | ||
1030 | skip_val_parse: | |
1031 | if (!fail) { | |
1032 | if (os_strcmp(buf, "P") != 0) { | |
1033 | printf("Unexpected field '%s'\n", buf); | |
1034 | continue; | |
1035 | } | |
1036 | ||
1037 | if (bin_len > sizeof(p)) { | |
1038 | printf("Too long P (%u)\n", (unsigned) bin_len); | |
1039 | return 1; | |
1040 | } | |
1041 | os_memcpy(p, bin, bin_len); | |
1042 | p_len = bin_len; | |
1043 | ||
1044 | if (p_len % 8 != 0 || c_len % 8 != 0 || | |
1045 | c_len - p_len != 8) { | |
1046 | printf("invalid parameter length (p_len=%u c_len=%u)\n", | |
1047 | (unsigned) p_len, (unsigned) c_len); | |
1048 | continue; | |
1049 | } | |
1050 | } | |
1051 | ||
1052 | if (aes_unwrap(k, k_len, (c_len / 8) - 1, c, result)) { | |
1053 | if (fail) { | |
1054 | printf("OK (fail reported)\n"); | |
1055 | ok++; | |
1056 | continue; | |
1057 | } | |
1058 | printf("aes_unwrap() failed\n"); | |
1059 | ret++; | |
1060 | continue; | |
1061 | } | |
1062 | ||
1063 | if (fail) { | |
1064 | printf("FAIL (mismatch not reported)\n"); | |
1065 | ret++; | |
1066 | } else if (os_memcmp(p, result, p_len) == 0) { | |
1067 | printf("OK\n"); | |
1068 | ok++; | |
1069 | } else { | |
1070 | printf("FAIL\n"); | |
1071 | ret++; | |
1072 | } | |
1073 | } | |
1074 | ||
1075 | fclose(f); | |
1076 | ||
1077 | if (ret) | |
1078 | printf("Test case failed\n"); | |
1079 | else | |
1080 | printf("%d test vectors OK\n", ok); | |
1081 | ||
1082 | return ret; | |
1083 | } | |
1084 | ||
1085 | ||
eefec1e4 JM |
1086 | int main(int argc, char *argv[]) |
1087 | { | |
1088 | u8 result[24]; | |
1089 | int ret = 0; | |
1090 | unsigned int i; | |
1091 | struct omac1_test_vector *tv; | |
1092 | ||
b1f4015c JM |
1093 | if (argc >= 3 && os_strcmp(argv[1], "NIST-KW-AE") == 0) |
1094 | ret += test_nist_key_wrap_ae(argv[2]); | |
1095 | else if (argc >= 3 && os_strcmp(argv[1], "NIST-KW-AD") == 0) | |
1096 | ret += test_nist_key_wrap_ad(argv[2]); | |
1097 | ||
eefec1e4 JM |
1098 | ret += test_key_wrap(); |
1099 | ||
6fc6879b JM |
1100 | test_aes_perf(); |
1101 | ||
e7ecab4a | 1102 | for (i = 0; i < ARRAY_SIZE(test_vectors); i++) { |
6fc6879b | 1103 | tv = &test_vectors[i]; |
1767f7c1 JM |
1104 | if (omac1_aes_128(tv->k, tv->msg, tv->msg_len, result) || |
1105 | memcmp(result, tv->tag, 16) != 0) { | |
6fc6879b JM |
1106 | printf("OMAC1-AES-128 test vector %d failed\n", i); |
1107 | ret++; | |
1108 | } | |
1109 | ||
1110 | if (tv->msg_len > 1) { | |
1111 | const u8 *addr[2]; | |
1112 | size_t len[2]; | |
1113 | ||
1114 | addr[0] = tv->msg; | |
1115 | len[0] = 1; | |
1116 | addr[1] = tv->msg + 1; | |
1117 | len[1] = tv->msg_len - 1; | |
1118 | ||
1767f7c1 JM |
1119 | if (omac1_aes_128_vector(tv->k, 2, addr, len, |
1120 | result) || | |
1121 | memcmp(result, tv->tag, 16) != 0) { | |
6fc6879b JM |
1122 | printf("OMAC1-AES-128(vector) test vector %d " |
1123 | "failed\n", i); | |
1124 | ret++; | |
1125 | } | |
1126 | } | |
1127 | } | |
1128 | ||
1129 | ret += test_eax(); | |
1130 | ||
1131 | ret += test_cbc(); | |
1132 | ||
c2372d7c JM |
1133 | ret += test_gcm(); |
1134 | ||
a709c5e2 JM |
1135 | ret += test_siv(); |
1136 | ||
6fc6879b JM |
1137 | if (ret) |
1138 | printf("FAILED!\n"); | |
1139 | ||
1140 | return ret; | |
1141 | } |