size_t ctxsize;
/** Block size */
size_t blocksize;
+ /** Authentication tag size */
+ size_t authsize;
/** Set key
*
* @v ctx Context
*/
void ( * decrypt ) ( void *ctx, const void *src, void *dst,
size_t len );
+ /** Generate authentication tag
+ *
+ * @v ctx Context
+ * @v auth Authentication tag
+ */
+ void ( * auth ) ( void *ctx, void *auth );
};
/** A public key algorithm */
cipher_decrypt ( (cipher), (ctx), (src), (dst), (len) ); \
} while ( 0 )
+static inline void cipher_auth ( struct cipher_algorithm *cipher, void *ctx,
+ void *auth ) {
+ cipher->auth ( ctx, auth );
+}
+
static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) {
return ( cipher->blocksize == 1 );
}
+static inline int is_auth_cipher ( struct cipher_algorithm *cipher ) {
+ return cipher->authsize;
+}
+
static inline int pubkey_init ( struct pubkey_algorithm *pubkey, void *ctx,
const void *key, size_t key_len ) {
return pubkey->init ( ctx, key, key_len );
size_t len );
extern void cipher_null_decrypt ( void *ctx, const void *src, void *dst,
size_t len );
+extern void cipher_null_auth ( void *ctx, void *auth );
extern int pubkey_null_init ( void *ctx, const void *key, size_t key_len );
extern size_t pubkey_null_max_len ( void *ctx );
0x43, 0xb1, 0xcd, 0x7f, 0x59, 0x8e, 0xce, 0x23,
0x88, 0x1b, 0x00, 0xe3, 0xed, 0x03, 0x06, 0x88,
0x7b, 0x0c, 0x78, 0x5e, 0x27, 0xe8, 0xad, 0x3f,
- 0x82, 0x23, 0x20, 0x71, 0x04, 0x72, 0x5d, 0xd4 ) );
+ 0x82, 0x23, 0x20, 0x71, 0x04, 0x72, 0x5d, 0xd4 ), AUTH() );
/** AES-128-CBC */
CIPHER_TEST ( aes_128_cbc, &aes_cbc_algorithm,
0x73, 0xbe, 0xd6, 0xb8, 0xe3, 0xc1, 0x74, 0x3b,
0x71, 0x16, 0xe6, 0x9e, 0x22, 0x22, 0x95, 0x16,
0x3f, 0xf1, 0xca, 0xa1, 0x68, 0x1f, 0xac, 0x09,
- 0x12, 0x0e, 0xca, 0x30, 0x75, 0x86, 0xe1, 0xa7 ) );
+ 0x12, 0x0e, 0xca, 0x30, 0x75, 0x86, 0xe1, 0xa7 ), AUTH() );
/** AES-192-ECB (same test as AES-192-Core) */
CIPHER_TEST ( aes_192_ecb, &aes_ecb_algorithm,
0xef, 0x7a, 0xfd, 0x22, 0x70, 0xe2, 0xe6, 0x0a,
0xdc, 0xe0, 0xba, 0x2f, 0xac, 0xe6, 0x44, 0x4e,
0x9a, 0x4b, 0x41, 0xba, 0x73, 0x8d, 0x6c, 0x72,
- 0xfb, 0x16, 0x69, 0x16, 0x03, 0xc1, 0x8e, 0x0e ) );
+ 0xfb, 0x16, 0x69, 0x16, 0x03, 0xc1, 0x8e, 0x0e ), AUTH() );
/** AES-192-CBC */
CIPHER_TEST ( aes_192_cbc, &aes_cbc_algorithm,
0x57, 0x1b, 0x24, 0x20, 0x12, 0xfb, 0x7a, 0xe0,
0x7f, 0xa9, 0xba, 0xac, 0x3d, 0xf1, 0x02, 0xe0,
0x08, 0xb0, 0xe2, 0x79, 0x88, 0x59, 0x88, 0x81,
- 0xd9, 0x20, 0xa9, 0xe6, 0x4f, 0x56, 0x15, 0xcd ) );
+ 0xd9, 0x20, 0xa9, 0xe6, 0x4f, 0x56, 0x15, 0xcd ), AUTH() );
/** AES-256-ECB (same test as AES-256-Core) */
CIPHER_TEST ( aes_256_ecb, &aes_ecb_algorithm,
0xb6, 0xed, 0x21, 0xb9, 0x9c, 0xa6, 0xf4, 0xf9,
0xf1, 0x53, 0xe7, 0xb1, 0xbe, 0xaf, 0xed, 0x1d,
0x23, 0x30, 0x4b, 0x7a, 0x39, 0xf9, 0xf3, 0xff,
- 0x06, 0x7d, 0x8d, 0x8f, 0x9e, 0x24, 0xec, 0xc7 ) );
+ 0x06, 0x7d, 0x8d, 0x8f, 0x9e, 0x24, 0xec, 0xc7 ), AUTH() );
/** AES-256-CBC */
CIPHER_TEST ( aes_256_cbc, &aes_cbc_algorithm,
0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf,
0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61,
0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc,
- 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b ) );
+ 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b ), AUTH() );
/**
* Perform AES self-test
size_t len = test->len;
uint8_t ctx[cipher->ctxsize];
uint8_t ciphertext[len];
+ uint8_t auth[cipher->authsize];
/* Initialise cipher */
okx ( cipher_setkey ( cipher, ctx, test->key, test->key_len ) == 0,
/* Process additional data, if applicable */
if ( test->additional_len ) {
+ okx ( is_auth_cipher ( cipher ), file, line );
cipher_encrypt ( cipher, ctx, test->additional, NULL,
test->additional_len );
}
/* Compare against expected ciphertext */
okx ( memcmp ( ciphertext, test->ciphertext, len ) == 0, file, line );
+
+ /* Check authentication tag */
+ okx ( cipher->authsize == test->auth_len, file, line );
+ cipher_auth ( cipher, ctx, auth );
+ okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line );
}
/**
size_t len = test->len;
uint8_t ctx[cipher->ctxsize];
uint8_t plaintext[len];
+ uint8_t auth[cipher->authsize];
/* Initialise cipher */
okx ( cipher_setkey ( cipher, ctx, test->key, test->key_len ) == 0,
/* Process additional data, if applicable */
if ( test->additional_len ) {
+ okx ( is_auth_cipher ( cipher ), file, line );
cipher_decrypt ( cipher, ctx, test->additional, NULL,
test->additional_len );
}
/* Compare against expected plaintext */
okx ( memcmp ( plaintext, test->plaintext, len ) == 0, file, line );
+
+ /* Check authentication tag */
+ okx ( cipher->authsize == test->auth_len, file, line );
+ cipher_auth ( cipher, ctx, auth );
+ okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line );
}
/**
const void *ciphertext;
/** Length of text */
size_t len;
+ /** Authentication tag */
+ const void *auth;
+ /** Length of authentication tag */
+ size_t auth_len;
};
/** Define inline key */
/** Define inline ciphertext data */
#define CIPHERTEXT(...) { __VA_ARGS__ }
+/** Define inline authentication tag */
+#define AUTH(...) { __VA_ARGS__ }
+
/**
* Define a cipher test
*
* @v ADDITIONAL Additional data
* @v PLAINTEXT Plaintext
* @v CIPHERTEXT Ciphertext
+ * @v AUTH Authentication tag
* @ret test Cipher test
*/
#define CIPHER_TEST( name, CIPHER, KEY, IV, ADDITIONAL, PLAINTEXT, \
- CIPHERTEXT ) \
+ CIPHERTEXT, AUTH ) \
static const uint8_t name ## _key [] = KEY; \
static const uint8_t name ## _iv [] = IV; \
static const uint8_t name ## _additional [] = ADDITIONAL; \
static const uint8_t name ## _plaintext [] = PLAINTEXT; \
static const uint8_t name ## _ciphertext \
[ sizeof ( name ## _plaintext ) ] = CIPHERTEXT; \
+ static const uint8_t name ## _auth [] = AUTH; \
static struct cipher_test name = { \
.cipher = CIPHER, \
.key = name ## _key, \
.plaintext = name ## _plaintext, \
.ciphertext = name ## _ciphertext, \
.len = sizeof ( name ## _plaintext ), \
+ .auth = name ## _auth, \
+ .auth_len = sizeof ( name ## _auth ), \
}
extern void cipher_encrypt_okx ( struct cipher_test *test, const char *file,
projects / thirdparty / ipxe.git / commitdiff
