3
* Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
9
* Alternatively, this software may be distributed under the terms of BSD
12
* See README and COPYING for more details.
23
static void test_aes_perf(void)
25
#if 0 /* this did not seem to work with new compiler?! */
27
#define rdtscll(val) \
28
__asm__ __volatile__("rdtsc" : "=A" (val))
29
const int num_iters = 10;
31
unsigned int start, end;
32
u8 key[16], pt[16], ct[16];
35
printf("keySetupEnc:");
36
for (i = 0; i < num_iters; i++) {
38
ctx = aes_encrypt_init(key, 16);
40
aes_encrypt_deinit(ctx);
41
printf(" %d", end - start);
46
ctx = aes_encrypt_init(key, 16);
47
for (i = 0; i < num_iters; i++) {
49
aes_encrypt(ctx, pt, ct);
51
printf(" %d", end - start);
53
aes_encrypt_deinit(ctx);
60
static int test_eax(void)
62
u8 msg[] = { 0xF7, 0xFB };
63
u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B,
64
0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 };
65
u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84,
66
0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD };
67
u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA };
68
u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D,
69
0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79,
71
u8 data[sizeof(msg)], tag[BLOCK_SIZE];
73
memcpy(data, msg, sizeof(msg));
74
if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
75
data, sizeof(data), tag)) {
76
printf("AES-128 EAX mode encryption failed\n");
79
if (memcmp(data, cipher, sizeof(data)) != 0) {
80
printf("AES-128 EAX mode encryption returned invalid cipher "
84
if (memcmp(tag, cipher + sizeof(data), BLOCK_SIZE) != 0) {
85
printf("AES-128 EAX mode encryption returned invalid tag\n");
89
if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
90
data, sizeof(data), tag)) {
91
printf("AES-128 EAX mode decryption failed\n");
94
if (memcmp(data, msg, sizeof(data)) != 0) {
95
printf("AES-128 EAX mode decryption returned invalid plain "
104
static int test_cbc(void)
106
struct cbc_test_vector {
114
{ 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
115
0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
116
{ 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
117
0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
119
{ 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
120
0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a },
124
{ 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
125
0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
126
{ 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
127
0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
128
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
129
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
130
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
131
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
132
{ 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
133
0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
134
0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
135
0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 },
143
for (i = 0; i < sizeof(vectors) / sizeof(vectors[0]); i++) {
144
struct cbc_test_vector *tv = &vectors[i];
145
buf = malloc(tv->len);
150
memcpy(buf, tv->plain, tv->len);
151
aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len);
152
if (memcmp(buf, tv->cipher, tv->len) != 0) {
153
printf("AES-CBC encrypt %d failed\n", i);
156
memcpy(buf, tv->cipher, tv->len);
157
aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len);
158
if (memcmp(buf, tv->plain, tv->len) != 0) {
159
printf("AES-CBC decrypt %d failed\n", i);
169
/* OMAC1 AES-128 test vectors from
170
* http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf
171
* which are same as the examples from NIST SP800-38B
172
* http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
175
struct omac1_test_vector {
182
static struct omac1_test_vector test_vectors[] =
185
{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
186
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
189
{ 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
190
0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }
193
{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
194
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
195
{ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
196
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a},
198
{ 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
199
0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }
202
{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
203
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
204
{ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
205
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
206
0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
207
0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
208
0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 },
210
{ 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
211
0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 }
214
{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
215
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
216
{ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
217
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
218
0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
219
0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
220
0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
221
0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
222
0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
223
0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
225
{ 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
226
0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe }
231
int main(int argc, char *argv[])
234
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
235
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
238
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
239
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
242
0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
243
0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
244
0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
249
struct omac1_test_vector *tv;
251
if (aes_wrap(kek, 2, plain, result)) {
252
printf("AES-WRAP-128-128 reported failure\n");
255
if (memcmp(result, crypt, 24) != 0) {
256
printf("AES-WRAP-128-128 failed\n");
259
if (aes_unwrap(kek, 2, crypt, result)) {
260
printf("AES-UNWRAP-128-128 reported failure\n");
263
if (memcmp(result, plain, 16) != 0) {
264
printf("AES-UNWRAP-128-128 failed\n");
266
for (i = 0; i < 16; i++)
267
printf(" %02x", result[i]);
273
for (i = 0; i < sizeof(test_vectors) / sizeof(test_vectors[0]); i++) {
274
tv = &test_vectors[i];
275
omac1_aes_128(tv->k, tv->msg, tv->msg_len, result);
276
if (memcmp(result, tv->tag, 16) != 0) {
277
printf("OMAC1-AES-128 test vector %d failed\n", i);