3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "crypto/crypto.h"
13 #include "crypto/aes_wrap.h"
17 static void test_aes_perf(void)
19 #if 0 /* this did not seem to work with new compiler?! */
21 #define rdtscll(val) \
22 __asm__ __volatile__("rdtsc" : "=A" (val))
23 const int num_iters
= 10;
25 unsigned int start
, end
;
26 u8 key
[16], pt
[16], ct
[16];
29 printf("keySetupEnc:");
30 for (i
= 0; i
< num_iters
; i
++) {
32 ctx
= aes_encrypt_init(key
, 16);
34 aes_encrypt_deinit(ctx
);
35 printf(" %d", end
- start
);
40 ctx
= aes_encrypt_init(key
, 16);
41 for (i
= 0; i
< num_iters
; i
++) {
43 aes_encrypt(ctx
, pt
, ct
);
45 printf(" %d", end
- start
);
47 aes_encrypt_deinit(ctx
);
55 * GCM test vectors from
56 * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf
58 struct gcm_test_vector
{
67 static const struct gcm_test_vector gcm_tests
[] = {
70 "00000000000000000000000000000000",
73 "000000000000000000000000",
75 "58e2fccefa7e3061367f1d57a4e7455a"
79 "00000000000000000000000000000000",
80 "00000000000000000000000000000000",
82 "000000000000000000000000",
83 "0388dace60b6a392f328c2b971b2fe78",
84 "ab6e47d42cec13bdf53a67b21257bddf"
88 "feffe9928665731c6d6a8f9467308308",
89 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
91 "cafebabefacedbaddecaf888",
92 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
93 "4d5c2af327cd64a62cf35abd2ba6fab4"
97 "feffe9928665731c6d6a8f9467308308",
98 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
99 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
100 "cafebabefacedbaddecaf888",
101 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
102 "5bc94fbc3221a5db94fae95ae7121a47"
106 "feffe9928665731c6d6a8f9467308308",
107 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
108 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
110 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
111 "3612d2e79e3b0785561be14aaca2fccb"
115 "feffe9928665731c6d6a8f9467308308",
116 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
117 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
118 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
119 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
120 "619cc5aefffe0bfa462af43c1699d050"
124 "000000000000000000000000000000000000000000000000",
127 "000000000000000000000000",
129 "cd33b28ac773f74ba00ed1f312572435"
133 "000000000000000000000000000000000000000000000000",
134 "00000000000000000000000000000000",
136 "000000000000000000000000",
137 "98e7247c07f0fe411c267e4384b0f600",
138 "2ff58d80033927ab8ef4d4587514f0fb"
142 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
143 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
145 "cafebabefacedbaddecaf888",
146 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
147 "9924a7c8587336bfb118024db8674a14"
151 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
152 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
153 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
154 "cafebabefacedbaddecaf888",
155 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
156 "2519498e80f1478f37ba55bd6d27618c"
160 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
161 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
162 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
164 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
165 "65dcc57fcf623a24094fcca40d3533f8"
169 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
170 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
171 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
172 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
173 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
174 "dcf566ff291c25bbb8568fc3d376a6d9"
178 "0000000000000000000000000000000000000000000000000000000000000000",
181 "000000000000000000000000",
183 "530f8afbc74536b9a963b4f1c4cb738b"
187 "0000000000000000000000000000000000000000000000000000000000000000",
188 "00000000000000000000000000000000",
190 "000000000000000000000000",
191 "cea7403d4d606b6e074ec5d3baf39d18",
192 "d0d1c8a799996bf0265b98b5d48ab919"
196 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
197 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
199 "cafebabefacedbaddecaf888",
200 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
201 "b094dac5d93471bdec1a502270e3cc6c"
205 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
206 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
207 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
208 "cafebabefacedbaddecaf888",
209 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
210 "76fc6ece0f4e1768cddf8853bb2d551b"
214 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
215 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
216 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
218 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
219 "3a337dbf46a792c45e454913fe2ea8f2"
223 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
224 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
225 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
226 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
227 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
228 "a44a8266ee1c8eb0c8b5d4cf5ae9f19a"
233 static int test_gcm(void)
237 u8 k
[32], aad
[32], iv
[64], t
[16], tag
[16];
238 u8 p
[64], c
[64], tmp
[64];
239 size_t k_len
, p_len
, aad_len
, iv_len
;
241 for (i
= 0; i
< ARRAY_SIZE(gcm_tests
); i
++) {
242 const struct gcm_test_vector
*tc
= &gcm_tests
[i
];
244 k_len
= os_strlen(tc
->k
) / 2;
245 if (hexstr2bin(tc
->k
, k
, k_len
)) {
246 printf("Invalid GCM test vector %d (k)\n", i
);
251 p_len
= os_strlen(tc
->p
) / 2;
252 if (hexstr2bin(tc
->p
, p
, p_len
)) {
253 printf("Invalid GCM test vector %d (p)\n", i
);
258 aad_len
= os_strlen(tc
->aad
) / 2;
259 if (hexstr2bin(tc
->aad
, aad
, aad_len
)) {
260 printf("Invalid GCM test vector %d (aad)\n", i
);
265 iv_len
= os_strlen(tc
->iv
) / 2;
266 if (hexstr2bin(tc
->iv
, iv
, iv_len
)) {
267 printf("Invalid GCM test vector %d (iv)\n", i
);
272 if (hexstr2bin(tc
->c
, c
, p_len
)) {
273 printf("Invalid GCM test vector %d (c)\n", i
);
278 if (hexstr2bin(tc
->t
, t
, sizeof(t
))) {
279 printf("Invalid GCM test vector %d (t)\n", i
);
284 if (aes_gcm_ae(k
, k_len
, iv
, iv_len
, p
, p_len
, aad
, aad_len
,
286 printf("GCM-AE failed (test case %d)\n", i
);
291 if (os_memcmp(c
, tmp
, p_len
) != 0) {
292 printf("GCM-AE mismatch (test case %d)\n", i
);
296 if (os_memcmp(tag
, t
, sizeof(tag
)) != 0) {
297 printf("GCM-AE tag mismatch (test case %d)\n", i
);
302 if (aes_gmac(k
, k_len
, iv
, iv_len
, aad
, aad_len
, tag
) <
304 printf("GMAC failed (test case %d)\n", i
);
309 if (os_memcmp(tag
, t
, sizeof(tag
)) != 0) {
310 printf("GMAC tag mismatch (test case %d)\n", i
);
315 if (aes_gcm_ad(k
, k_len
, iv
, iv_len
, c
, p_len
, aad
, aad_len
,
317 printf("GCM-AD failed (test case %d)\n", i
);
322 if (os_memcmp(p
, tmp
, p_len
) != 0) {
323 printf("GCM-AD mismatch (test case %d)\n", i
);
332 static int test_nist_key_wrap_ae(const char *fname
)
336 char buf
[15000], *pos
, *pos2
;
337 u8 bin
[2000], k
[32], p
[1024], c
[1024 + 8], result
[1024 + 8];
338 size_t bin_len
, k_len
= 0, p_len
= 0, c_len
= 0;
341 printf("NIST KW AE tests from %s\n", fname
);
343 f
= fopen(fname
, "r");
345 printf("%s does not exist - cannot validate test vectors\n",
350 while (fgets(buf
, sizeof(buf
), f
)) {
353 pos
= os_strchr(buf
, '=');
357 while (pos2
>= buf
&& *pos2
== ' ')
362 pos2
= os_strchr(pos
, '\r');
364 pos2
= os_strchr(pos
, '\n');
368 pos2
= pos
+ os_strlen(pos
);
371 printf("%s = %s\n", buf
, pos
);
375 if (os_strcmp(buf
, "COUNT") == 0) {
376 printf("Test %s - ", pos
);
380 bin_len
= os_strlen(pos
);
381 if (bin_len
> sizeof(bin
) * 2) {
382 printf("Too long binary data (%s)\n", buf
);
385 if (bin_len
& 0x01) {
386 printf("Odd number of hexstring values (%s)\n",
391 if (hexstr2bin(pos
, bin
, bin_len
) < 0) {
392 printf("Invalid hex string '%s' (%s)\n", pos
, buf
);
396 if (os_strcmp(buf
, "K") == 0) {
397 if (bin_len
> sizeof(k
)) {
398 printf("Too long K (%u)\n", (unsigned) bin_len
);
401 os_memcpy(k
, bin
, bin_len
);
406 if (os_strcmp(buf
, "P") == 0) {
407 if (bin_len
> sizeof(p
)) {
408 printf("Too long P (%u)\n", (unsigned) bin_len
);
411 os_memcpy(p
, bin
, bin_len
);
416 if (os_strcmp(buf
, "C") != 0) {
417 printf("Unexpected field '%s'\n", buf
);
421 if (bin_len
> sizeof(c
)) {
422 printf("Too long C (%u)\n", (unsigned) bin_len
);
425 os_memcpy(c
, bin
, bin_len
);
428 if (p_len
% 8 != 0 || c_len
% 8 != 0 || c_len
- p_len
!= 8) {
429 printf("invalid parameter length (p_len=%u c_len=%u)\n",
430 (unsigned) p_len
, (unsigned) c_len
);
434 if (aes_wrap(k
, k_len
, p_len
/ 8, p
, result
)) {
435 printf("aes_wrap() failed\n");
440 if (os_memcmp(c
, result
, c_len
) == 0) {
452 printf("Test case failed\n");
454 printf("%d test vectors OK\n", ok
);
460 static int test_nist_key_wrap_ad(const char *fname
)
464 char buf
[15000], *pos
, *pos2
;
465 u8 bin
[2000], k
[32], p
[1024], c
[1024 + 8], result
[1024 + 8];
466 size_t bin_len
, k_len
= 0, p_len
= 0, c_len
= 0;
470 printf("NIST KW AD tests from %s\n", fname
);
472 f
= fopen(fname
, "r");
474 printf("%s does not exist - cannot validate test vectors\n",
479 while (fgets(buf
, sizeof(buf
), f
)) {
483 pos
= os_strchr(buf
, '=');
485 if (os_strncmp(buf
, "FAIL", 4) == 0) {
492 while (pos2
>= buf
&& *pos2
== ' ')
497 pos2
= os_strchr(pos
, '\r');
499 pos2
= os_strchr(pos
, '\n');
503 pos2
= pos
+ os_strlen(pos
);
506 printf("%s = %s\n", buf
, pos
);
510 if (os_strcmp(buf
, "COUNT") == 0) {
511 printf("Test %s - ", pos
);
515 bin_len
= os_strlen(pos
);
516 if (bin_len
> sizeof(bin
) * 2) {
517 printf("Too long binary data (%s)\n", buf
);
520 if (bin_len
& 0x01) {
521 printf("Odd number of hexstring values (%s)\n",
526 if (hexstr2bin(pos
, bin
, bin_len
) < 0) {
527 printf("Invalid hex string '%s' (%s)\n", pos
, buf
);
531 if (os_strcmp(buf
, "K") == 0) {
532 if (bin_len
> sizeof(k
)) {
533 printf("Too long K (%u)\n", (unsigned) bin_len
);
536 os_memcpy(k
, bin
, bin_len
);
541 if (os_strcmp(buf
, "C") == 0) {
542 if (bin_len
> sizeof(c
)) {
543 printf("Too long C (%u)\n", (unsigned) bin_len
);
546 os_memcpy(c
, bin
, bin_len
);
553 if (os_strcmp(buf
, "P") != 0) {
554 printf("Unexpected field '%s'\n", buf
);
558 if (bin_len
> sizeof(p
)) {
559 printf("Too long P (%u)\n", (unsigned) bin_len
);
562 os_memcpy(p
, bin
, bin_len
);
565 if (p_len
% 8 != 0 || c_len
% 8 != 0 ||
566 c_len
- p_len
!= 8) {
567 printf("invalid parameter length (p_len=%u c_len=%u)\n",
568 (unsigned) p_len
, (unsigned) c_len
);
573 if (aes_unwrap(k
, k_len
, (c_len
/ 8) - 1, c
, result
)) {
575 printf("OK (fail reported)\n");
579 printf("aes_unwrap() failed\n");
585 printf("FAIL (mismatch not reported)\n");
587 } else if (os_memcmp(p
, result
, p_len
) == 0) {
599 printf("Test case failed\n");
601 printf("%d test vectors OK\n", ok
);
607 int main(int argc
, char *argv
[])
611 if (argc
>= 3 && os_strcmp(argv
[1], "NIST-KW-AE") == 0)
612 ret
+= test_nist_key_wrap_ae(argv
[2]);
613 else if (argc
>= 3 && os_strcmp(argv
[1], "NIST-KW-AD") == 0)
614 ret
+= test_nist_key_wrap_ad(argv
[2]);