3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "crypto/crypto.h"
13 #include "crypto/aes_wrap.h"
17 static void test_aes_perf(void)
19 #if 0 /* this did not seem to work with new compiler?! */
21 #define rdtscll(val) \
22 __asm__ __volatile__("rdtsc" : "=A" (val))
23 const int num_iters
= 10;
25 unsigned int start
, end
;
26 u8 key
[16], pt
[16], ct
[16];
29 printf("keySetupEnc:");
30 for (i
= 0; i
< num_iters
; i
++) {
32 ctx
= aes_encrypt_init(key
, 16);
34 aes_encrypt_deinit(ctx
);
35 printf(" %d", end
- start
);
40 ctx
= aes_encrypt_init(key
, 16);
41 for (i
= 0; i
< num_iters
; i
++) {
43 aes_encrypt(ctx
, pt
, ct
);
45 printf(" %d", end
- start
);
47 aes_encrypt_deinit(ctx
);
54 static int test_eax(void)
56 u8 msg
[] = { 0xF7, 0xFB };
57 u8 key
[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B,
58 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 };
59 u8 nonce
[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84,
60 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD };
61 u8 hdr
[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA };
62 u8 cipher
[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D,
63 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79,
65 u8 data
[sizeof(msg
)], tag
[BLOCK_SIZE
];
67 memcpy(data
, msg
, sizeof(msg
));
68 if (aes_128_eax_encrypt(key
, nonce
, sizeof(nonce
), hdr
, sizeof(hdr
),
69 data
, sizeof(data
), tag
)) {
70 printf("AES-128 EAX mode encryption failed\n");
73 if (memcmp(data
, cipher
, sizeof(data
)) != 0) {
74 printf("AES-128 EAX mode encryption returned invalid cipher "
78 if (memcmp(tag
, cipher
+ sizeof(data
), BLOCK_SIZE
) != 0) {
79 printf("AES-128 EAX mode encryption returned invalid tag\n");
83 if (aes_128_eax_decrypt(key
, nonce
, sizeof(nonce
), hdr
, sizeof(hdr
),
84 data
, sizeof(data
), tag
)) {
85 printf("AES-128 EAX mode decryption failed\n");
88 if (memcmp(data
, msg
, sizeof(data
)) != 0) {
89 printf("AES-128 EAX mode decryption returned invalid plain "
98 static int test_cbc(void)
100 struct cbc_test_vector
{
108 { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
109 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
110 { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
111 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
113 { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
114 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a },
118 { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
119 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
120 { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
121 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
122 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
123 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
124 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
125 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
126 { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
127 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
128 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
129 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 },
137 for (i
= 0; i
< sizeof(vectors
) / sizeof(vectors
[0]); i
++) {
138 struct cbc_test_vector
*tv
= &vectors
[i
];
139 buf
= malloc(tv
->len
);
144 memcpy(buf
, tv
->plain
, tv
->len
);
145 if (aes_128_cbc_encrypt(tv
->key
, tv
->iv
, buf
, tv
->len
) ||
146 memcmp(buf
, tv
->cipher
, tv
->len
) != 0) {
147 printf("AES-CBC encrypt %d failed\n", i
);
150 memcpy(buf
, tv
->cipher
, tv
->len
);
151 if (aes_128_cbc_decrypt(tv
->key
, tv
->iv
, buf
, tv
->len
) ||
152 memcmp(buf
, tv
->plain
, tv
->len
) != 0) {
153 printf("AES-CBC decrypt %d failed\n", i
);
164 * GCM test vectors from
165 * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf
167 struct gcm_test_vector
{
176 static const struct gcm_test_vector gcm_tests
[] = {
179 "00000000000000000000000000000000",
182 "000000000000000000000000",
184 "58e2fccefa7e3061367f1d57a4e7455a"
188 "00000000000000000000000000000000",
189 "00000000000000000000000000000000",
191 "000000000000000000000000",
192 "0388dace60b6a392f328c2b971b2fe78",
193 "ab6e47d42cec13bdf53a67b21257bddf"
197 "feffe9928665731c6d6a8f9467308308",
198 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
200 "cafebabefacedbaddecaf888",
201 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
202 "4d5c2af327cd64a62cf35abd2ba6fab4"
206 "feffe9928665731c6d6a8f9467308308",
207 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
208 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
209 "cafebabefacedbaddecaf888",
210 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
211 "5bc94fbc3221a5db94fae95ae7121a47"
215 "feffe9928665731c6d6a8f9467308308",
216 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
217 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
219 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
220 "3612d2e79e3b0785561be14aaca2fccb"
224 "feffe9928665731c6d6a8f9467308308",
225 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
226 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
227 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
228 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
229 "619cc5aefffe0bfa462af43c1699d050"
233 "000000000000000000000000000000000000000000000000",
236 "000000000000000000000000",
238 "cd33b28ac773f74ba00ed1f312572435"
242 "000000000000000000000000000000000000000000000000",
243 "00000000000000000000000000000000",
245 "000000000000000000000000",
246 "98e7247c07f0fe411c267e4384b0f600",
247 "2ff58d80033927ab8ef4d4587514f0fb"
251 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
252 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
254 "cafebabefacedbaddecaf888",
255 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
256 "9924a7c8587336bfb118024db8674a14"
260 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
261 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
262 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
263 "cafebabefacedbaddecaf888",
264 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
265 "2519498e80f1478f37ba55bd6d27618c"
269 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
270 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
271 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
273 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
274 "65dcc57fcf623a24094fcca40d3533f8"
278 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
279 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
280 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
281 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
282 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
283 "dcf566ff291c25bbb8568fc3d376a6d9"
287 "0000000000000000000000000000000000000000000000000000000000000000",
290 "000000000000000000000000",
292 "530f8afbc74536b9a963b4f1c4cb738b"
296 "0000000000000000000000000000000000000000000000000000000000000000",
297 "00000000000000000000000000000000",
299 "000000000000000000000000",
300 "cea7403d4d606b6e074ec5d3baf39d18",
301 "d0d1c8a799996bf0265b98b5d48ab919"
305 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
306 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
308 "cafebabefacedbaddecaf888",
309 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
310 "b094dac5d93471bdec1a502270e3cc6c"
314 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
315 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
316 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
317 "cafebabefacedbaddecaf888",
318 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
319 "76fc6ece0f4e1768cddf8853bb2d551b"
323 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
324 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
325 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
327 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
328 "3a337dbf46a792c45e454913fe2ea8f2"
332 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
333 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
334 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
335 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
336 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
337 "a44a8266ee1c8eb0c8b5d4cf5ae9f19a"
342 static int test_gcm(void)
346 u8 k
[32], aad
[32], iv
[64], t
[16], tag
[16];
347 u8 p
[64], c
[64], tmp
[64];
348 size_t k_len
, p_len
, aad_len
, iv_len
;
350 for (i
= 0; i
< sizeof(gcm_tests
) / sizeof(gcm_tests
[0]); i
++) {
351 const struct gcm_test_vector
*tc
= &gcm_tests
[i
];
353 k_len
= os_strlen(tc
->k
) / 2;
354 if (hexstr2bin(tc
->k
, k
, k_len
)) {
355 printf("Invalid GCM test vector %d (k)\n", i
);
360 p_len
= os_strlen(tc
->p
) / 2;
361 if (hexstr2bin(tc
->p
, p
, p_len
)) {
362 printf("Invalid GCM test vector %d (p)\n", i
);
367 aad_len
= os_strlen(tc
->aad
) / 2;
368 if (hexstr2bin(tc
->aad
, aad
, aad_len
)) {
369 printf("Invalid GCM test vector %d (aad)\n", i
);
374 iv_len
= os_strlen(tc
->iv
) / 2;
375 if (hexstr2bin(tc
->iv
, iv
, iv_len
)) {
376 printf("Invalid GCM test vector %d (iv)\n", i
);
381 if (hexstr2bin(tc
->c
, c
, p_len
)) {
382 printf("Invalid GCM test vector %d (c)\n", i
);
387 if (hexstr2bin(tc
->t
, t
, sizeof(t
))) {
388 printf("Invalid GCM test vector %d (t)\n", i
);
393 if (aes_gcm_ae(k
, k_len
, iv
, iv_len
, p
, p_len
, aad
, aad_len
,
395 printf("GCM-AE failed (test case %d)\n", i
);
400 if (os_memcmp(c
, tmp
, p_len
) != 0) {
401 printf("GCM-AE mismatch (test case %d)\n", i
);
405 if (os_memcmp(tag
, t
, sizeof(tag
)) != 0) {
406 printf("GCM-AE tag mismatch (test case %d)\n", i
);
410 if (aes_gcm_ad(k
, k_len
, iv
, iv_len
, c
, p_len
, aad
, aad_len
,
412 printf("GCM-AD failed (test case %d)\n", i
);
417 if (os_memcmp(p
, tmp
, p_len
) != 0) {
418 printf("GCM-AD mismatch (test case %d)\n", i
);
427 /* OMAC1 AES-128 test vectors from
428 * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf
429 * which are same as the examples from NIST SP800-38B
430 * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
433 struct omac1_test_vector
{
440 static struct omac1_test_vector test_vectors
[] =
443 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
444 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
447 { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
448 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }
451 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
452 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
453 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
454 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a},
456 { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
457 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }
460 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
461 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
462 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
463 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
464 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
465 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
466 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 },
468 { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
469 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 }
472 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
473 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
474 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
475 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
476 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
477 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
478 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
479 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
480 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
481 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
483 { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
484 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe }
489 int main(int argc
, char *argv
[])
492 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
493 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
496 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
497 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
500 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
501 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
502 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
507 struct omac1_test_vector
*tv
;
509 if (aes_wrap(kek
, 2, plain
, result
)) {
510 printf("AES-WRAP-128-128 reported failure\n");
513 if (memcmp(result
, crypt
, 24) != 0) {
514 printf("AES-WRAP-128-128 failed\n");
517 if (aes_unwrap(kek
, 2, crypt
, result
)) {
518 printf("AES-UNWRAP-128-128 reported failure\n");
521 if (memcmp(result
, plain
, 16) != 0) {
522 printf("AES-UNWRAP-128-128 failed\n");
524 for (i
= 0; i
< 16; i
++)
525 printf(" %02x", result
[i
]);
531 for (i
= 0; i
< sizeof(test_vectors
) / sizeof(test_vectors
[0]); i
++) {
532 tv
= &test_vectors
[i
];
533 if (omac1_aes_128(tv
->k
, tv
->msg
, tv
->msg_len
, result
) ||
534 memcmp(result
, tv
->tag
, 16) != 0) {
535 printf("OMAC1-AES-128 test vector %d failed\n", i
);
539 if (tv
->msg_len
> 1) {
545 addr
[1] = tv
->msg
+ 1;
546 len
[1] = tv
->msg_len
- 1;
548 if (omac1_aes_128_vector(tv
->k
, 2, addr
, len
,
550 memcmp(result
, tv
->tag
, 16) != 0) {
551 printf("OMAC1-AES-128(vector) test vector %d "