3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "crypto/crypto.h"
13 #include "crypto/aes_wrap.h"
17 static void test_aes_perf(void)
19 #if 0 /* this did not seem to work with new compiler?! */
21 #define rdtscll(val) \
22 __asm__ __volatile__("rdtsc" : "=A" (val))
23 const int num_iters = 10;
25 unsigned int start, end;
26 u8 key[16], pt[16], ct[16];
29 printf("keySetupEnc:");
30 for (i = 0; i < num_iters; i++) {
32 ctx = aes_encrypt_init(key, 16);
34 aes_encrypt_deinit(ctx);
35 printf(" %d", end - start);
40 ctx = aes_encrypt_init(key, 16);
41 for (i = 0; i < num_iters; i++) {
43 aes_encrypt(ctx, pt, ct);
45 printf(" %d", end - start);
47 aes_encrypt_deinit(ctx);
54 static int test_eax(void)
56 u8 msg[] = { 0xF7, 0xFB };
57 u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B,
58 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 };
59 u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84,
60 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD };
61 u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA };
62 u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D,
63 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79,
65 u8 data[sizeof(msg)], tag[BLOCK_SIZE];
67 memcpy(data, msg, sizeof(msg));
68 if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
69 data, sizeof(data), tag)) {
70 printf("AES-128 EAX mode encryption failed\n");
73 if (memcmp(data, cipher, sizeof(data)) != 0) {
74 printf("AES-128 EAX mode encryption returned invalid cipher "
78 if (memcmp(tag, cipher + sizeof(data), BLOCK_SIZE) != 0) {
79 printf("AES-128 EAX mode encryption returned invalid tag\n");
83 if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
84 data, sizeof(data), tag)) {
85 printf("AES-128 EAX mode decryption failed\n");
88 if (memcmp(data, msg, sizeof(data)) != 0) {
89 printf("AES-128 EAX mode decryption returned invalid plain "
98 static int test_cbc(void)
100 struct cbc_test_vector {
108 { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
109 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
110 { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
111 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
113 { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
114 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a },
118 { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
119 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
120 { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
121 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
122 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
123 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
124 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
125 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
126 { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
127 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
128 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
129 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 },
137 for (i = 0; i < ARRAY_SIZE(vectors); i++) {
138 struct cbc_test_vector *tv = &vectors[i];
139 buf = malloc(tv->len);
144 memcpy(buf, tv->plain, tv->len);
145 if (aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len) ||
146 memcmp(buf, tv->cipher, tv->len) != 0) {
147 printf("AES-CBC encrypt %d failed\n", i);
150 memcpy(buf, tv->cipher, tv->len);
151 if (aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len) ||
152 memcmp(buf, tv->plain, tv->len) != 0) {
153 printf("AES-CBC decrypt %d failed\n", i);
164 * GCM test vectors from
165 * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf
167 struct gcm_test_vector {
176 static const struct gcm_test_vector gcm_tests[] = {
179 "00000000000000000000000000000000",
182 "000000000000000000000000",
184 "58e2fccefa7e3061367f1d57a4e7455a"
188 "00000000000000000000000000000000",
189 "00000000000000000000000000000000",
191 "000000000000000000000000",
192 "0388dace60b6a392f328c2b971b2fe78",
193 "ab6e47d42cec13bdf53a67b21257bddf"
197 "feffe9928665731c6d6a8f9467308308",
198 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
200 "cafebabefacedbaddecaf888",
201 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
202 "4d5c2af327cd64a62cf35abd2ba6fab4"
206 "feffe9928665731c6d6a8f9467308308",
207 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
208 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
209 "cafebabefacedbaddecaf888",
210 "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
211 "5bc94fbc3221a5db94fae95ae7121a47"
215 "feffe9928665731c6d6a8f9467308308",
216 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
217 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
219 "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
220 "3612d2e79e3b0785561be14aaca2fccb"
224 "feffe9928665731c6d6a8f9467308308",
225 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
226 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
227 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
228 "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
229 "619cc5aefffe0bfa462af43c1699d050"
233 "000000000000000000000000000000000000000000000000",
236 "000000000000000000000000",
238 "cd33b28ac773f74ba00ed1f312572435"
242 "000000000000000000000000000000000000000000000000",
243 "00000000000000000000000000000000",
245 "000000000000000000000000",
246 "98e7247c07f0fe411c267e4384b0f600",
247 "2ff58d80033927ab8ef4d4587514f0fb"
251 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
252 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
254 "cafebabefacedbaddecaf888",
255 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
256 "9924a7c8587336bfb118024db8674a14"
260 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
261 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
262 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
263 "cafebabefacedbaddecaf888",
264 "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
265 "2519498e80f1478f37ba55bd6d27618c"
269 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
270 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
271 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
273 "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
274 "65dcc57fcf623a24094fcca40d3533f8"
278 "feffe9928665731c6d6a8f9467308308feffe9928665731c",
279 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
280 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
281 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
282 "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
283 "dcf566ff291c25bbb8568fc3d376a6d9"
287 "0000000000000000000000000000000000000000000000000000000000000000",
290 "000000000000000000000000",
292 "530f8afbc74536b9a963b4f1c4cb738b"
296 "0000000000000000000000000000000000000000000000000000000000000000",
297 "00000000000000000000000000000000",
299 "000000000000000000000000",
300 "cea7403d4d606b6e074ec5d3baf39d18",
301 "d0d1c8a799996bf0265b98b5d48ab919"
305 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
306 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
308 "cafebabefacedbaddecaf888",
309 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
310 "b094dac5d93471bdec1a502270e3cc6c"
314 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
315 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
316 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
317 "cafebabefacedbaddecaf888",
318 "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
319 "76fc6ece0f4e1768cddf8853bb2d551b"
323 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
324 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
325 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
327 "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
328 "3a337dbf46a792c45e454913fe2ea8f2"
332 "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
333 "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
334 "feedfacedeadbeeffeedfacedeadbeefabaddad2",
335 "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
336 "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
337 "a44a8266ee1c8eb0c8b5d4cf5ae9f19a"
342 static int test_gcm(void)
346 u8 k[32], aad[32], iv[64], t[16], tag[16];
347 u8 p[64], c[64], tmp[64];
348 size_t k_len, p_len, aad_len, iv_len;
350 for (i = 0; i < ARRAY_SIZE(gcm_tests); i++) {
351 const struct gcm_test_vector *tc = &gcm_tests[i];
353 k_len = os_strlen(tc->k) / 2;
354 if (hexstr2bin(tc->k, k, k_len)) {
355 printf("Invalid GCM test vector %d (k)\n", i);
360 p_len = os_strlen(tc->p) / 2;
361 if (hexstr2bin(tc->p, p, p_len)) {
362 printf("Invalid GCM test vector %d (p)\n", i);
367 aad_len = os_strlen(tc->aad) / 2;
368 if (hexstr2bin(tc->aad, aad, aad_len)) {
369 printf("Invalid GCM test vector %d (aad)\n", i);
374 iv_len = os_strlen(tc->iv) / 2;
375 if (hexstr2bin(tc->iv, iv, iv_len)) {
376 printf("Invalid GCM test vector %d (iv)\n", i);
381 if (hexstr2bin(tc->c, c, p_len)) {
382 printf("Invalid GCM test vector %d (c)\n", i);
387 if (hexstr2bin(tc->t, t, sizeof(t))) {
388 printf("Invalid GCM test vector %d (t)\n", i);
393 if (aes_gcm_ae(k, k_len, iv, iv_len, p, p_len, aad, aad_len,
395 printf("GCM-AE failed (test case %d)\n", i);
400 if (os_memcmp(c, tmp, p_len) != 0) {
401 printf("GCM-AE mismatch (test case %d)\n", i);
405 if (os_memcmp(tag, t, sizeof(tag)) != 0) {
406 printf("GCM-AE tag mismatch (test case %d)\n", i);
411 if (aes_gmac(k, k_len, iv, iv_len, aad, aad_len, tag) <
413 printf("GMAC failed (test case %d)\n", i);
418 if (os_memcmp(tag, t, sizeof(tag)) != 0) {
419 printf("GMAC tag mismatch (test case %d)\n", i);
424 if (aes_gcm_ad(k, k_len, iv, iv_len, c, p_len, aad, aad_len,
426 printf("GCM-AD failed (test case %d)\n", i);
431 if (os_memcmp(p, tmp, p_len) != 0) {
432 printf("GCM-AD mismatch (test case %d)\n", i);
441 /* OMAC1 AES-128 test vectors from
442 * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf
443 * which are same as the examples from NIST SP800-38B
444 * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
447 struct omac1_test_vector {
454 static struct omac1_test_vector test_vectors[] =
457 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
458 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
461 { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
462 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }
465 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
466 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
467 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
468 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a},
470 { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
471 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }
474 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
475 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
476 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
477 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
478 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
479 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
480 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 },
482 { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
483 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 }
486 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
487 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
488 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
489 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
490 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
491 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
492 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
493 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
494 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
495 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
497 { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
498 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe }
503 static int test_key_wrap(void)
508 /* RFC 3394 - Test vector 4.1 */
510 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
511 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
514 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
515 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
518 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
519 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
520 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
522 /* RFC 3394 - Test vector 4.2 */
524 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
525 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
526 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
529 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
530 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
533 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
534 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
535 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
537 /* RFC 3394 - Test vector 4.3 */
539 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
540 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
541 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
542 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
545 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
546 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
549 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
550 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
551 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7,
553 /* RFC 3394 - Test vector 4.4 */
555 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
556 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
557 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
560 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
561 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
562 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
565 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
566 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
567 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
568 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
570 /* RFC 3394 - Test vector 4.5 */
572 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
573 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
574 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
575 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
578 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
579 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
580 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
583 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
584 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
585 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
586 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1,
588 /* RFC 3394 - Test vector 4.6 */
590 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
591 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
592 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
593 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
596 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
597 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
598 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
599 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
602 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
603 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
604 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
605 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
606 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
610 printf("RFC 3394 - Test vector 4.1\n");
611 if (aes_wrap(kek41, sizeof(kek41), sizeof(plain41) / 8, plain41,
613 printf("AES-WRAP-128 reported failure\n");
616 if (memcmp(result, crypt41, sizeof(crypt41)) != 0) {
617 printf("AES-WRAP-128 failed\n");
620 if (aes_unwrap(kek41, sizeof(kek41), sizeof(plain41) / 8, crypt41,
622 printf("AES-UNWRAP-128 reported failure\n");
625 if (memcmp(result, plain41, sizeof(plain41)) != 0) {
626 printf("AES-UNWRAP-128 failed\n");
628 for (i = 0; i < sizeof(plain41); i++)
629 printf(" %02x", result[i]);
633 printf("RFC 3394 - Test vector 4.2\n");
634 if (aes_wrap(kek42, sizeof(kek42), sizeof(plain42) / 8, plain42,
636 printf("AES-WRAP-192 reported failure\n");
639 if (memcmp(result, crypt42, sizeof(crypt42)) != 0) {
640 printf("AES-WRAP-192 failed\n");
643 if (aes_unwrap(kek42, sizeof(kek42), sizeof(plain42) / 8, crypt42,
645 printf("AES-UNWRAP-192 reported failure\n");
648 if (memcmp(result, plain42, sizeof(plain42)) != 0) {
649 printf("AES-UNWRAP-192 failed\n");
651 for (i = 0; i < sizeof(plain42); i++)
652 printf(" %02x", result[i]);
656 printf("RFC 3394 - Test vector 4.3\n");
657 if (aes_wrap(kek43, sizeof(kek43), sizeof(plain43) / 8, plain43,
659 printf("AES-WRAP-256 reported failure\n");
662 if (memcmp(result, crypt43, sizeof(crypt43)) != 0) {
663 printf("AES-WRAP-256 failed\n");
666 if (aes_unwrap(kek43, sizeof(kek43), sizeof(plain43) / 8, crypt43,
668 printf("AES-UNWRAP-256 reported failure\n");
671 if (memcmp(result, plain43, sizeof(plain43)) != 0) {
672 printf("AES-UNWRAP-256 failed\n");
674 for (i = 0; i < sizeof(plain43); i++)
675 printf(" %02x", result[i]);
679 printf("RFC 3394 - Test vector 4.4\n");
680 if (aes_wrap(kek44, sizeof(kek44), sizeof(plain44) / 8, plain44,
682 printf("AES-WRAP-192 reported failure\n");
685 if (memcmp(result, crypt44, sizeof(crypt44)) != 0) {
686 printf("AES-WRAP-192 failed\n");
689 if (aes_unwrap(kek44, sizeof(kek44), sizeof(plain44) / 8, crypt44,
691 printf("AES-UNWRAP-192 reported failure\n");
694 if (memcmp(result, plain44, sizeof(plain44)) != 0) {
695 printf("AES-UNWRAP-192 failed\n");
697 for (i = 0; i < sizeof(plain44); i++)
698 printf(" %02x", result[i]);
702 printf("RFC 3394 - Test vector 4.5\n");
703 if (aes_wrap(kek45, sizeof(kek45), sizeof(plain45) / 8, plain45,
705 printf("AES-WRAP-256 reported failure\n");
708 if (memcmp(result, crypt45, sizeof(crypt45)) != 0) {
709 printf("AES-WRAP-256 failed\n");
711 for (i = 0; i < sizeof(crypt45); i++)
712 printf(" %02x", result[i]);
715 if (aes_unwrap(kek45, sizeof(kek45), sizeof(plain45) / 8, crypt45,
717 printf("AES-UNWRAP-256 reported failure\n");
720 if (memcmp(result, plain45, sizeof(plain45)) != 0) {
721 printf("AES-UNWRAP-256 failed\n");
723 for (i = 0; i < sizeof(plain45); i++)
724 printf(" %02x", result[i]);
728 printf("RFC 3394 - Test vector 4.6\n");
729 if (aes_wrap(kek46, sizeof(kek46), sizeof(plain46) / 8, plain46,
731 printf("AES-WRAP-256 reported failure\n");
734 if (memcmp(result, crypt46, sizeof(crypt46)) != 0) {
735 printf("AES-WRAP-256 failed\n");
738 if (aes_unwrap(kek46, sizeof(kek46), sizeof(plain46) / 8, crypt46,
740 printf("AES-UNWRAP-256 reported failure\n");
743 if (memcmp(result, plain46, sizeof(plain46)) != 0) {
744 printf("AES-UNWRAP-256 failed\n");
746 for (i = 0; i < sizeof(plain46); i++)
747 printf(" %02x", result[i]);
755 static int test_nist_key_wrap_ae(const char *fname)
759 char buf[15000], *pos, *pos2;
760 u8 bin[2000], k[32], p[1024], c[1024 + 8], result[1024 + 8];
761 size_t bin_len, k_len = 0, p_len = 0, c_len = 0;
764 printf("NIST KW AE tests from %s\n", fname);
766 f = fopen(fname, "r");
768 printf("%s does not exist - cannot validate test vectors\n",
773 while (fgets(buf, sizeof(buf), f)) {
776 pos = os_strchr(buf, '=');
780 while (pos2 >= buf && *pos2 == ' ')
785 pos2 = os_strchr(pos, '\r');
787 pos2 = os_strchr(pos, '\n');
791 pos2 = pos + os_strlen(pos);
794 printf("%s = %s\n", buf, pos);
798 if (os_strcmp(buf, "COUNT") == 0) {
799 printf("Test %s - ", pos);
803 bin_len = os_strlen(pos);
804 if (bin_len > sizeof(bin) * 2) {
805 printf("Too long binary data (%s)\n", buf);
808 if (bin_len & 0x01) {
809 printf("Odd number of hexstring values (%s)\n",
814 if (hexstr2bin(pos, bin, bin_len) < 0) {
815 printf("Invalid hex string '%s' (%s)\n", pos, buf);
819 if (os_strcmp(buf, "K") == 0) {
820 if (bin_len > sizeof(k)) {
821 printf("Too long K (%u)\n", (unsigned) bin_len);
824 os_memcpy(k, bin, bin_len);
829 if (os_strcmp(buf, "P") == 0) {
830 if (bin_len > sizeof(p)) {
831 printf("Too long P (%u)\n", (unsigned) bin_len);
834 os_memcpy(p, bin, bin_len);
839 if (os_strcmp(buf, "C") != 0) {
840 printf("Unexpected field '%s'\n", buf);
844 if (bin_len > sizeof(c)) {
845 printf("Too long C (%u)\n", (unsigned) bin_len);
848 os_memcpy(c, bin, bin_len);
851 if (p_len % 8 != 0 || c_len % 8 != 0 || c_len - p_len != 8) {
852 printf("invalid parameter length (p_len=%u c_len=%u)\n",
853 (unsigned) p_len, (unsigned) c_len);
857 if (aes_wrap(k, k_len, p_len / 8, p, result)) {
858 printf("aes_wrap() failed\n");
863 if (os_memcmp(c, result, c_len) == 0) {
875 printf("Test case failed\n");
877 printf("%d test vectors OK\n", ok);
883 static int test_nist_key_wrap_ad(const char *fname)
887 char buf[15000], *pos, *pos2;
888 u8 bin[2000], k[32], p[1024], c[1024 + 8], result[1024 + 8];
889 size_t bin_len, k_len = 0, p_len = 0, c_len = 0;
893 printf("NIST KW AD tests from %s\n", fname);
895 f = fopen(fname, "r");
897 printf("%s does not exist - cannot validate test vectors\n",
902 while (fgets(buf, sizeof(buf), f)) {
906 pos = os_strchr(buf, '=');
908 if (os_strncmp(buf, "FAIL", 4) == 0) {
915 while (pos2 >= buf && *pos2 == ' ')
920 pos2 = os_strchr(pos, '\r');
922 pos2 = os_strchr(pos, '\n');
926 pos2 = pos + os_strlen(pos);
929 printf("%s = %s\n", buf, pos);
933 if (os_strcmp(buf, "COUNT") == 0) {
934 printf("Test %s - ", pos);
938 bin_len = os_strlen(pos);
939 if (bin_len > sizeof(bin) * 2) {
940 printf("Too long binary data (%s)\n", buf);
943 if (bin_len & 0x01) {
944 printf("Odd number of hexstring values (%s)\n",
949 if (hexstr2bin(pos, bin, bin_len) < 0) {
950 printf("Invalid hex string '%s' (%s)\n", pos, buf);
954 if (os_strcmp(buf, "K") == 0) {
955 if (bin_len > sizeof(k)) {
956 printf("Too long K (%u)\n", (unsigned) bin_len);
959 os_memcpy(k, bin, bin_len);
964 if (os_strcmp(buf, "C") == 0) {
965 if (bin_len > sizeof(c)) {
966 printf("Too long C (%u)\n", (unsigned) bin_len);
969 os_memcpy(c, bin, bin_len);
976 if (os_strcmp(buf, "P") != 0) {
977 printf("Unexpected field '%s'\n", buf);
981 if (bin_len > sizeof(p)) {
982 printf("Too long P (%u)\n", (unsigned) bin_len);
985 os_memcpy(p, bin, bin_len);
988 if (p_len % 8 != 0 || c_len % 8 != 0 ||
989 c_len - p_len != 8) {
990 printf("invalid parameter length (p_len=%u c_len=%u)\n",
991 (unsigned) p_len, (unsigned) c_len);
996 if (aes_unwrap(k, k_len, (c_len / 8) - 1, c, result)) {
998 printf("OK (fail reported)\n");
1002 printf("aes_unwrap() failed\n");
1008 printf("FAIL (mismatch not reported)\n");
1010 } else if (os_memcmp(p, result, p_len) == 0) {
1022 printf("Test case failed\n");
1024 printf("%d test vectors OK\n", ok);
1030 int main(int argc, char *argv[])
1035 struct omac1_test_vector *tv;
1037 if (argc >= 3 && os_strcmp(argv[1], "NIST-KW-AE") == 0)
1038 ret += test_nist_key_wrap_ae(argv[2]);
1039 else if (argc >= 3 && os_strcmp(argv[1], "NIST-KW-AD") == 0)
1040 ret += test_nist_key_wrap_ad(argv[2]);
1042 ret += test_key_wrap();
1046 for (i = 0; i < ARRAY_SIZE(test_vectors); i++) {
1047 tv = &test_vectors[i];
1048 if (omac1_aes_128(tv->k, tv->msg, tv->msg_len, result) ||
1049 memcmp(result, tv->tag, 16) != 0) {
1050 printf("OMAC1-AES-128 test vector %d failed\n", i);
1054 if (tv->msg_len > 1) {
1060 addr[1] = tv->msg + 1;
1061 len[1] = tv->msg_len - 1;
1063 if (omac1_aes_128_vector(tv->k, 2, addr, len,
1065 memcmp(result, tv->tag, 16) != 0) {
1066 printf("OMAC1-AES-128(vector) test vector %d "
1080 printf("FAILED!\n");