3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "crypto/crypto.h"
13 #include "crypto/aes_wrap.h"
14 #include "crypto/aes_siv.h"
18 static void test_aes_perf(void)
20 #if 0 /* this did not seem to work with new compiler?! */
22 #define rdtscll(val) \
23 __asm__ __volatile__("rdtsc" : "=A" (val))
24 const int num_iters
= 10;
26 unsigned int start
, end
;
27 u8 key
[16], pt
[16], ct
[16];
30 printf("keySetupEnc:");
31 for (i
= 0; i
< num_iters
; i
++) {
33 ctx
= aes_encrypt_init(key
, 16);
35 aes_encrypt_deinit(ctx
);
36 printf(" %d", end
- start
);
41 ctx
= aes_encrypt_init(key
, 16);
42 for (i
= 0; i
< num_iters
; i
++) {
44 aes_encrypt(ctx
, pt
, ct
);
46 printf(" %d", end
- start
);
48 aes_encrypt_deinit(ctx
);
55 static int test_eax(void)
57 u8 msg
[] = { 0xF7, 0xFB };
58 u8 key
[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B,
59 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 };
60 u8 nonce
[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84,
61 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD };
62 u8 hdr
[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA };
63 u8 cipher
[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D,
64 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79,
66 u8 data
[sizeof(msg
)], tag
[BLOCK_SIZE
];
68 memcpy(data
, msg
, sizeof(msg
));
69 if (aes_128_eax_encrypt(key
, nonce
, sizeof(nonce
), hdr
, sizeof(hdr
),
70 data
, sizeof(data
), tag
)) {
71 printf("AES-128 EAX mode encryption failed\n");
74 if (memcmp(data
, cipher
, sizeof(data
)) != 0) {
75 printf("AES-128 EAX mode encryption returned invalid cipher "
79 if (memcmp(tag
, cipher
+ sizeof(data
), BLOCK_SIZE
) != 0) {
80 printf("AES-128 EAX mode encryption returned invalid tag\n");
84 if (aes_128_eax_decrypt(key
, nonce
, sizeof(nonce
), hdr
, sizeof(hdr
),
85 data
, sizeof(data
), tag
)) {
86 printf("AES-128 EAX mode decryption failed\n");
89 if (memcmp(data
, msg
, sizeof(data
)) != 0) {
90 printf("AES-128 EAX mode decryption returned invalid plain "
99 static int test_cbc(void)
101 struct cbc_test_vector
{
109 { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
110 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
111 { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
112 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
114 { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
115 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a },
119 { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
120 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
121 { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
122 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
123 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
124 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
125 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
126 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
127 { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
128 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
129 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
130 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 },
138 for (i
= 0; i
< ARRAY_SIZE(vectors
); i
++) {
139 struct cbc_test_vector
*tv
= &vectors
[i
];
140 buf
= malloc(tv
->len
);
145 memcpy(buf
, tv
->plain
, tv
->len
);
146 if (aes_128_cbc_encrypt(tv
->key
, tv
->iv
, buf
, tv
->len
) ||
147 memcmp(buf
, tv
->cipher
, tv
->len
) != 0) {
148 printf("AES-CBC encrypt %d failed\n", i
);
151 memcpy(buf
, tv
->cipher
, tv
->len
);
152 if (aes_128_cbc_decrypt(tv
->key
, tv
->iv
, buf
, tv
->len
) ||
153 memcmp(buf
, tv
->plain
, tv
->len
) != 0) {
154 printf("AES-CBC decrypt %d failed\n", i
);
165 * GCM test vectors from
166 * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf
168 struct gcm_test_vector
{
177 static const struct gcm_test_vector gcm_tests
[] = {
180 "00000000000000000000000000000000",
183 "000000000000000000000000",
185 "58e2fccefa7e3061367f1d57a4e7455a"
189 "00000000000000000000000000000000",
190 "00000000000000000000000000000000",
192 "000000000000000000000000",
193 "0388dace60b6a392f328c2b971b2fe78",
194 "ab6e47d42cec13bdf53a67b21257bddf"
198 "feffe9928665731c6d6a8f9467308308",
199 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
201 "cafebabefacedbaddecaf888",
202 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
203 "4d5c2af327cd64a62cf35abd2ba6fab4"
207 "feffe9928665731c6d6a8f9467308308",
208 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
209 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
210 "cafebabefacedbaddecaf888",
211 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
212 "5bc94fbc3221a5db94fae95ae7121a47"
216 "feffe9928665731c6d6a8f9467308308",
217 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
218 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
220 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
221 "3612d2e79e3b0785561be14aaca2fccb"
225 "feffe9928665731c6d6a8f9467308308",
226 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
227 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
228 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
229 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
230 "619cc5aefffe0bfa462af43c1699d050"
234 "000000000000000000000000000000000000000000000000",
237 "000000000000000000000000",
239 "cd33b28ac773f74ba00ed1f312572435"
243 "000000000000000000000000000000000000000000000000",
244 "00000000000000000000000000000000",
246 "000000000000000000000000",
247 "98e7247c07f0fe411c267e4384b0f600",
248 "2ff58d80033927ab8ef4d4587514f0fb"
252 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
253 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
255 "cafebabefacedbaddecaf888",
256 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
257 "9924a7c8587336bfb118024db8674a14"
261 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
262 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
263 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
264 "cafebabefacedbaddecaf888",
265 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
266 "2519498e80f1478f37ba55bd6d27618c"
270 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
271 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
272 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
274 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
275 "65dcc57fcf623a24094fcca40d3533f8"
279 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
280 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
281 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
282 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
283 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
284 "dcf566ff291c25bbb8568fc3d376a6d9"
288 "0000000000000000000000000000000000000000000000000000000000000000",
291 "000000000000000000000000",
293 "530f8afbc74536b9a963b4f1c4cb738b"
297 "0000000000000000000000000000000000000000000000000000000000000000",
298 "00000000000000000000000000000000",
300 "000000000000000000000000",
301 "cea7403d4d606b6e074ec5d3baf39d18",
302 "d0d1c8a799996bf0265b98b5d48ab919"
306 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
307 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
309 "cafebabefacedbaddecaf888",
310 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
311 "b094dac5d93471bdec1a502270e3cc6c"
315 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
316 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
317 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
318 "cafebabefacedbaddecaf888",
319 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
320 "76fc6ece0f4e1768cddf8853bb2d551b"
324 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
325 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
326 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
328 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
329 "3a337dbf46a792c45e454913fe2ea8f2"
333 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
334 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
335 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
336 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
337 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
338 "a44a8266ee1c8eb0c8b5d4cf5ae9f19a"
343 static int test_gcm(void)
347 u8 k
[32], aad
[32], iv
[64], t
[16], tag
[16];
348 u8 p
[64], c
[64], tmp
[64];
349 size_t k_len
, p_len
, aad_len
, iv_len
;
351 for (i
= 0; i
< ARRAY_SIZE(gcm_tests
); i
++) {
352 const struct gcm_test_vector
*tc
= &gcm_tests
[i
];
354 k_len
= os_strlen(tc
->k
) / 2;
355 if (hexstr2bin(tc
->k
, k
, k_len
)) {
356 printf("Invalid GCM test vector %d (k)\n", i
);
361 p_len
= os_strlen(tc
->p
) / 2;
362 if (hexstr2bin(tc
->p
, p
, p_len
)) {
363 printf("Invalid GCM test vector %d (p)\n", i
);
368 aad_len
= os_strlen(tc
->aad
) / 2;
369 if (hexstr2bin(tc
->aad
, aad
, aad_len
)) {
370 printf("Invalid GCM test vector %d (aad)\n", i
);
375 iv_len
= os_strlen(tc
->iv
) / 2;
376 if (hexstr2bin(tc
->iv
, iv
, iv_len
)) {
377 printf("Invalid GCM test vector %d (iv)\n", i
);
382 if (hexstr2bin(tc
->c
, c
, p_len
)) {
383 printf("Invalid GCM test vector %d (c)\n", i
);
388 if (hexstr2bin(tc
->t
, t
, sizeof(t
))) {
389 printf("Invalid GCM test vector %d (t)\n", i
);
394 if (aes_gcm_ae(k
, k_len
, iv
, iv_len
, p
, p_len
, aad
, aad_len
,
396 printf("GCM-AE failed (test case %d)\n", i
);
401 if (os_memcmp(c
, tmp
, p_len
) != 0) {
402 printf("GCM-AE mismatch (test case %d)\n", i
);
406 if (os_memcmp(tag
, t
, sizeof(tag
)) != 0) {
407 printf("GCM-AE tag mismatch (test case %d)\n", i
);
412 if (aes_gmac(k
, k_len
, iv
, iv_len
, aad
, aad_len
, tag
) <
414 printf("GMAC failed (test case %d)\n", i
);
419 if (os_memcmp(tag
, t
, sizeof(tag
)) != 0) {
420 printf("GMAC tag mismatch (test case %d)\n", i
);
425 if (aes_gcm_ad(k
, k_len
, iv
, iv_len
, c
, p_len
, aad
, aad_len
,
427 printf("GCM-AD failed (test case %d)\n", i
);
432 if (os_memcmp(p
, tmp
, p_len
) != 0) {
433 printf("GCM-AD mismatch (test case %d)\n", i
);
442 static int test_siv(void)
445 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
446 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
447 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
448 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
451 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
452 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
453 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27
456 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
457 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee
460 0x85, 0x63, 0x2d, 0x07, 0xc6, 0xe8, 0xf3, 0x7f,
461 0x95, 0x0a, 0xcd, 0x32, 0x0a, 0x2e, 0xcc, 0x93,
462 0x40, 0xc0, 0x2b, 0x96, 0x90, 0xc4, 0xdc, 0x04,
463 0xda, 0xef, 0x7f, 0x6a, 0xfe, 0x5c
465 u8 out
[2 * BLOCK_SIZE
+ sizeof(plaintext
)];
472 if (aes_siv_encrypt(key
, plaintext
, sizeof(plaintext
),
473 1, addr
, len
, out
)) {
474 printf("AES-SIV mode encryption failed\n");
477 if (memcmp(out
, iv_c
, sizeof(iv_c
)) != 0) {
478 printf("AES-SIV mode encryption returned invalid cipher "
483 if (aes_siv_decrypt(key
, iv_c
, sizeof(iv_c
), 1, addr
, len
, out
)) {
484 printf("AES-SIV mode decryption failed\n");
487 if (memcmp(out
, plaintext
, sizeof(plaintext
)) != 0) {
488 printf("AES-SIV mode decryption returned invalid plain text\n");
491 printf("AES-SIV test passed\n");
497 /* OMAC1 AES-128 test vectors from
498 * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf
499 * which are same as the examples from NIST SP800-38B
500 * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
503 struct omac1_test_vector
{
510 static struct omac1_test_vector test_vectors
[] =
513 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
514 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
517 { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
518 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }
521 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
522 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
523 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
524 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a},
526 { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
527 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }
530 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
531 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
532 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
533 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
534 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
535 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
536 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 },
538 { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
539 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 }
542 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
543 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
544 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
545 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
546 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
547 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
548 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
549 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
550 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
551 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
553 { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
554 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe }
559 static int test_key_wrap(void)
564 /* RFC 3394 - Test vector 4.1 */
566 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
567 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
570 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
571 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
574 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
575 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
576 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
578 /* RFC 3394 - Test vector 4.2 */
580 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
581 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
582 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
585 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
586 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
589 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
590 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
591 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
593 /* RFC 3394 - Test vector 4.3 */
595 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
596 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
597 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
598 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
601 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
602 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
605 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
606 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
607 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7,
609 /* RFC 3394 - Test vector 4.4 */
611 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
612 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
613 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
616 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
617 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
618 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
621 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
622 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
623 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
624 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
626 /* RFC 3394 - Test vector 4.5 */
628 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
629 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
630 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
631 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
634 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
635 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
636 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
639 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
640 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
641 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
642 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1,
644 /* RFC 3394 - Test vector 4.6 */
646 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
647 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
648 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
649 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
652 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
653 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
654 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
655 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
658 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
659 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
660 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
661 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
662 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
666 printf("RFC 3394 - Test vector 4.1\n");
667 if (aes_wrap(kek41
, sizeof(kek41
), sizeof(plain41
) / 8, plain41
,
669 printf("AES-WRAP-128 reported failure\n");
672 if (memcmp(result
, crypt41
, sizeof(crypt41
)) != 0) {
673 printf("AES-WRAP-128 failed\n");
676 if (aes_unwrap(kek41
, sizeof(kek41
), sizeof(plain41
) / 8, crypt41
,
678 printf("AES-UNWRAP-128 reported failure\n");
681 if (memcmp(result
, plain41
, sizeof(plain41
)) != 0) {
682 printf("AES-UNWRAP-128 failed\n");
684 for (i
= 0; i
< sizeof(plain41
); i
++)
685 printf(" %02x", result
[i
]);
689 printf("RFC 3394 - Test vector 4.2\n");
690 if (aes_wrap(kek42
, sizeof(kek42
), sizeof(plain42
) / 8, plain42
,
692 printf("AES-WRAP-192 reported failure\n");
695 if (memcmp(result
, crypt42
, sizeof(crypt42
)) != 0) {
696 printf("AES-WRAP-192 failed\n");
699 if (aes_unwrap(kek42
, sizeof(kek42
), sizeof(plain42
) / 8, crypt42
,
701 printf("AES-UNWRAP-192 reported failure\n");
704 if (memcmp(result
, plain42
, sizeof(plain42
)) != 0) {
705 printf("AES-UNWRAP-192 failed\n");
707 for (i
= 0; i
< sizeof(plain42
); i
++)
708 printf(" %02x", result
[i
]);
712 printf("RFC 3394 - Test vector 4.3\n");
713 if (aes_wrap(kek43
, sizeof(kek43
), sizeof(plain43
) / 8, plain43
,
715 printf("AES-WRAP-256 reported failure\n");
718 if (memcmp(result
, crypt43
, sizeof(crypt43
)) != 0) {
719 printf("AES-WRAP-256 failed\n");
722 if (aes_unwrap(kek43
, sizeof(kek43
), sizeof(plain43
) / 8, crypt43
,
724 printf("AES-UNWRAP-256 reported failure\n");
727 if (memcmp(result
, plain43
, sizeof(plain43
)) != 0) {
728 printf("AES-UNWRAP-256 failed\n");
730 for (i
= 0; i
< sizeof(plain43
); i
++)
731 printf(" %02x", result
[i
]);
735 printf("RFC 3394 - Test vector 4.4\n");
736 if (aes_wrap(kek44
, sizeof(kek44
), sizeof(plain44
) / 8, plain44
,
738 printf("AES-WRAP-192 reported failure\n");
741 if (memcmp(result
, crypt44
, sizeof(crypt44
)) != 0) {
742 printf("AES-WRAP-192 failed\n");
745 if (aes_unwrap(kek44
, sizeof(kek44
), sizeof(plain44
) / 8, crypt44
,
747 printf("AES-UNWRAP-192 reported failure\n");
750 if (memcmp(result
, plain44
, sizeof(plain44
)) != 0) {
751 printf("AES-UNWRAP-192 failed\n");
753 for (i
= 0; i
< sizeof(plain44
); i
++)
754 printf(" %02x", result
[i
]);
758 printf("RFC 3394 - Test vector 4.5\n");
759 if (aes_wrap(kek45
, sizeof(kek45
), sizeof(plain45
) / 8, plain45
,
761 printf("AES-WRAP-256 reported failure\n");
764 if (memcmp(result
, crypt45
, sizeof(crypt45
)) != 0) {
765 printf("AES-WRAP-256 failed\n");
767 for (i
= 0; i
< sizeof(crypt45
); i
++)
768 printf(" %02x", result
[i
]);
771 if (aes_unwrap(kek45
, sizeof(kek45
), sizeof(plain45
) / 8, crypt45
,
773 printf("AES-UNWRAP-256 reported failure\n");
776 if (memcmp(result
, plain45
, sizeof(plain45
)) != 0) {
777 printf("AES-UNWRAP-256 failed\n");
779 for (i
= 0; i
< sizeof(plain45
); i
++)
780 printf(" %02x", result
[i
]);
784 printf("RFC 3394 - Test vector 4.6\n");
785 if (aes_wrap(kek46
, sizeof(kek46
), sizeof(plain46
) / 8, plain46
,
787 printf("AES-WRAP-256 reported failure\n");
790 if (memcmp(result
, crypt46
, sizeof(crypt46
)) != 0) {
791 printf("AES-WRAP-256 failed\n");
794 if (aes_unwrap(kek46
, sizeof(kek46
), sizeof(plain46
) / 8, crypt46
,
796 printf("AES-UNWRAP-256 reported failure\n");
799 if (memcmp(result
, plain46
, sizeof(plain46
)) != 0) {
800 printf("AES-UNWRAP-256 failed\n");
802 for (i
= 0; i
< sizeof(plain46
); i
++)
803 printf(" %02x", result
[i
]);
811 static int test_nist_key_wrap_ae(const char *fname
)
815 char buf
[15000], *pos
, *pos2
;
816 u8 bin
[2000], k
[32], p
[1024], c
[1024 + 8], result
[1024 + 8];
817 size_t bin_len
, k_len
= 0, p_len
= 0, c_len
= 0;
820 printf("NIST KW AE tests from %s\n", fname
);
822 f
= fopen(fname
, "r");
824 printf("%s does not exist - cannot validate test vectors\n",
829 while (fgets(buf
, sizeof(buf
), f
)) {
832 pos
= os_strchr(buf
, '=');
836 while (pos2
>= buf
&& *pos2
== ' ')
841 pos2
= os_strchr(pos
, '\r');
843 pos2
= os_strchr(pos
, '\n');
847 pos2
= pos
+ os_strlen(pos
);
850 printf("%s = %s\n", buf
, pos
);
854 if (os_strcmp(buf
, "COUNT") == 0) {
855 printf("Test %s - ", pos
);
859 bin_len
= os_strlen(pos
);
860 if (bin_len
> sizeof(bin
) * 2) {
861 printf("Too long binary data (%s)\n", buf
);
864 if (bin_len
& 0x01) {
865 printf("Odd number of hexstring values (%s)\n",
870 if (hexstr2bin(pos
, bin
, bin_len
) < 0) {
871 printf("Invalid hex string '%s' (%s)\n", pos
, buf
);
875 if (os_strcmp(buf
, "K") == 0) {
876 if (bin_len
> sizeof(k
)) {
877 printf("Too long K (%u)\n", (unsigned) bin_len
);
880 os_memcpy(k
, bin
, bin_len
);
885 if (os_strcmp(buf
, "P") == 0) {
886 if (bin_len
> sizeof(p
)) {
887 printf("Too long P (%u)\n", (unsigned) bin_len
);
890 os_memcpy(p
, bin
, bin_len
);
895 if (os_strcmp(buf
, "C") != 0) {
896 printf("Unexpected field '%s'\n", buf
);
900 if (bin_len
> sizeof(c
)) {
901 printf("Too long C (%u)\n", (unsigned) bin_len
);
904 os_memcpy(c
, bin
, bin_len
);
907 if (p_len
% 8 != 0 || c_len
% 8 != 0 || c_len
- p_len
!= 8) {
908 printf("invalid parameter length (p_len=%u c_len=%u)\n",
909 (unsigned) p_len
, (unsigned) c_len
);
913 if (aes_wrap(k
, k_len
, p_len
/ 8, p
, result
)) {
914 printf("aes_wrap() failed\n");
919 if (os_memcmp(c
, result
, c_len
) == 0) {
931 printf("Test case failed\n");
933 printf("%d test vectors OK\n", ok
);
939 static int test_nist_key_wrap_ad(const char *fname
)
943 char buf
[15000], *pos
, *pos2
;
944 u8 bin
[2000], k
[32], p
[1024], c
[1024 + 8], result
[1024 + 8];
945 size_t bin_len
, k_len
= 0, p_len
= 0, c_len
= 0;
949 printf("NIST KW AD tests from %s\n", fname
);
951 f
= fopen(fname
, "r");
953 printf("%s does not exist - cannot validate test vectors\n",
958 while (fgets(buf
, sizeof(buf
), f
)) {
962 pos
= os_strchr(buf
, '=');
964 if (os_strncmp(buf
, "FAIL", 4) == 0) {
971 while (pos2
>= buf
&& *pos2
== ' ')
976 pos2
= os_strchr(pos
, '\r');
978 pos2
= os_strchr(pos
, '\n');
982 pos2
= pos
+ os_strlen(pos
);
985 printf("%s = %s\n", buf
, pos
);
989 if (os_strcmp(buf
, "COUNT") == 0) {
990 printf("Test %s - ", pos
);
994 bin_len
= os_strlen(pos
);
995 if (bin_len
> sizeof(bin
) * 2) {
996 printf("Too long binary data (%s)\n", buf
);
999 if (bin_len
& 0x01) {
1000 printf("Odd number of hexstring values (%s)\n",
1005 if (hexstr2bin(pos
, bin
, bin_len
) < 0) {
1006 printf("Invalid hex string '%s' (%s)\n", pos
, buf
);
1010 if (os_strcmp(buf
, "K") == 0) {
1011 if (bin_len
> sizeof(k
)) {
1012 printf("Too long K (%u)\n", (unsigned) bin_len
);
1015 os_memcpy(k
, bin
, bin_len
);
1020 if (os_strcmp(buf
, "C") == 0) {
1021 if (bin_len
> sizeof(c
)) {
1022 printf("Too long C (%u)\n", (unsigned) bin_len
);
1025 os_memcpy(c
, bin
, bin_len
);
1032 if (os_strcmp(buf
, "P") != 0) {
1033 printf("Unexpected field '%s'\n", buf
);
1037 if (bin_len
> sizeof(p
)) {
1038 printf("Too long P (%u)\n", (unsigned) bin_len
);
1041 os_memcpy(p
, bin
, bin_len
);
1044 if (p_len
% 8 != 0 || c_len
% 8 != 0 ||
1045 c_len
- p_len
!= 8) {
1046 printf("invalid parameter length (p_len=%u c_len=%u)\n",
1047 (unsigned) p_len
, (unsigned) c_len
);
1052 if (aes_unwrap(k
, k_len
, (c_len
/ 8) - 1, c
, result
)) {
1054 printf("OK (fail reported)\n");
1058 printf("aes_unwrap() failed\n");
1064 printf("FAIL (mismatch not reported)\n");
1066 } else if (os_memcmp(p
, result
, p_len
) == 0) {
1078 printf("Test case failed\n");
1080 printf("%d test vectors OK\n", ok
);
1086 int main(int argc
, char *argv
[])
1091 struct omac1_test_vector
*tv
;
1093 if (argc
>= 3 && os_strcmp(argv
[1], "NIST-KW-AE") == 0)
1094 ret
+= test_nist_key_wrap_ae(argv
[2]);
1095 else if (argc
>= 3 && os_strcmp(argv
[1], "NIST-KW-AD") == 0)
1096 ret
+= test_nist_key_wrap_ad(argv
[2]);
1098 ret
+= test_key_wrap();
1102 for (i
= 0; i
< ARRAY_SIZE(test_vectors
); i
++) {
1103 tv
= &test_vectors
[i
];
1104 if (omac1_aes_128(tv
->k
, tv
->msg
, tv
->msg_len
, result
) ||
1105 memcmp(result
, tv
->tag
, 16) != 0) {
1106 printf("OMAC1-AES-128 test vector %d failed\n", i
);
1110 if (tv
->msg_len
> 1) {
1116 addr
[1] = tv
->msg
+ 1;
1117 len
[1] = tv
->msg_len
- 1;
1119 if (omac1_aes_128_vector(tv
->k
, 2, addr
, len
,
1121 memcmp(result
, tv
->tag
, 16) != 0) {
1122 printf("OMAC1-AES-128(vector) test vector %d "
1138 printf("FAILED!\n");