Cyclic0007/micro-AES
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test vectors updated

Browse Source
This commit is contained in:
polfosol
2024-12-02 13:48:20 +03:30
parent 691d859ff4
commit 4e83264a6a
43 changed files with 145667 additions and 2599 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
README.md
View File

@@ -2,7 +2,7 @@
**A minimalist ANSI-C compatible API for the AES encryption and block cipher modes**.
[![here](https://img.shields.io/badge/%C2%B5AES-white.png?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAFGklEQVR42r1XA5RjSxD9Wtu2bWX2e23btm3btm17Nxpmx8zYiK3XLzO/6vz0nuxb7yQ759xJ0l1V93Z1tX762r+cnJyCFoulJnxWART5Cvu8n+n+atLShJBlgCCi1WrtsbEpbHx8CnzXQZsUsAtEVef6sSzb12w1m6FfAXgIv/tgO8MwF+C3HuAL2Avxy3ySHIynEr1eyW7dKrB37ChlW7fOBuRQ2D084sjcuXwik8mA4AAEy099IbhXlVlV/POMzqPusb2HAAltNlsjaZo0Fdp0xSYVi3wc+DgEOCZ9bNS/QMc5wucHs+3apSLZZ9GmjZ5cveoDJBLwLQm+zcOTwxN/G/VbNiBnzvk5KGAFiDzRbWs3AbYBbCmKlEywr8zlx/QdJvfvSyA4gwRfiWx240Yk8gEB5ztt7kSJTHKdXA6jb6A1apUweg22N17S2AtsH3yMfCATEhIDAU1cEjuPF0tGjhSSceP49n/+CYE2O8fGjsJ1Zp2JErVZ1UYEgq4B5q25uUaEbQhMPwjo9kHqoTGcdOoU+F7gtm0zyNOnflh0IPAQFh6OlISERENtRL1n2727ZO2NtWJKJIwQRoHtn4AonHdsKzKhSDTEiUW+9wSgIfH2DuPMr46Ni0uCvgVcB6x0VqPJYni8eGpP9u8XlZteLgiJik4oiuRhaPcs+FkYFbXo0iIhtC/CGFwBe8iMGQJnATiv2P6ZlTKdvHz5LmMmiV84kLBIVGF6hUDozzKajRn4nQp44P8A0/8CBpSHK+CJvVOnIOfCIqmpGWBY6TP7xG/Eas2A1ZKFPno/LxyplZLlH5s/Jf+Y/Jn0NwLqQ2+wGPTgW4wrQGz/448op/RroS3zI7xcv5dQlMHoQ+bP548/Oh5XgJ0S4pRg0RUcVzABfzdf1lwMPne4IykGjTFY6c7zD20qwLYvIAKLj64Ext8/qvKMyv604KA/C7DLxtiU/HB+ZKIsEX//4UxeGBqi2ePHxbipOE0Bw/bv7/01AD+5Q7QxPjYkDsgJClhxbYUIC5hOF9RES/jN4xbSHPbECTEGyDXGjRMO3DuQ75hrncagUQBxiS/N4Wpa/bmFOdA/Kt/ofFko4M+NfwphCZ5Gjh8igPz9d/DeJ3u9kRyQHZAQEA/ZbfXjBJw/74UVT/cAPAExvisFMOzAgV7s8OHcYsXtWuEv9Y6iJ+CBpwd8IP1jXSqAPH7sj2se0nqdjYjA5Wp51zdvHt9jnYfQsflkmS1mPGoLuE5Au3YpMKI4CPqrw+cZ6dFDQjcsVWxEfJ5ReQwoYPC+wXzo34l2LhMAJCpiMOC2XN7h85bufriEeWt5QiQHkISshAyr1VrLtQIAZM0aPJg2OE7ChJTU2DTy4IHEpFKo6dYL6U+HKUqksV1bhKtWYWqXQxYKAYkJDxrcanc92uWF5Ihpp6bxoe+yWwSQmzd9YeQD8HbjG+sb3XJFSzGS0ttPwfEF4+HqlQoCy7pFgF0qjYe5rYPnBpIhqRPo5XM5xnSHAAuc+wxeQOC+z+ClkiPAqNAp5Dh69wiAjQangGRmKrpv7y4oMblEhLOAdqvb4eXzEsZziwAKMnq06Ib3Nf+qs6u+LTu1bDAV4CX1wnPfw+0CEHgTZqOjEyvP+v/SUWZKGbzjBX/3+w8rm0gkEfQt8DUgly550zo4zT8twWfc9/LTLOxjMzOziL9/5NeAzcjAa5UyWZEsg88AfBe64iVcAp/fX4ka+E4AlAH8lhve/wC9phuOb7e8lwAAAABJRU5ErkJggg==)](../../ "µAES") ![C](https://img.shields.io/badge/langauge-C-blue.svg) [![version](https://img.shields.io/badge/version-1.8.0-blue)](../../files/12339506/micro_aes-v1.8.0.zip "micro_aes-v1.8.0.zip") [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
[![this](https://img.shields.io/badge/%C2%B5AES-white.png?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAFGklEQVR42r1XA5RjSxD9Wtu2bWX2e23btm3btm17Nxpmx8zYiK3XLzO/6vz0nuxb7yQ759xJ0l1V93Z1tX762r+cnJyCFoulJnxWART5Cvu8n+n+atLShJBlgCCi1WrtsbEpbHx8CnzXQZsUsAtEVef6sSzb12w1m6FfAXgIv/tgO8MwF+C3HuAL2Avxy3ySHIynEr1eyW7dKrB37ChlW7fOBuRQ2D084sjcuXwik8mA4AAEy099IbhXlVlV/POMzqPusb2HAAltNlsjaZo0Fdp0xSYVi3wc+DgEOCZ9bNS/QMc5wucHs+3apSLZZ9GmjZ5cveoDJBLwLQm+zcOTwxN/G/VbNiBnzvk5KGAFiDzRbWs3AbYBbCmKlEywr8zlx/QdJvfvSyA4gwRfiWx240Yk8gEB5ztt7kSJTHKdXA6jb6A1apUweg22N17S2AtsH3yMfCATEhIDAU1cEjuPF0tGjhSSceP49n/+CYE2O8fGjsJ1Zp2JErVZ1UYEgq4B5q25uUaEbQhMPwjo9kHqoTGcdOoU+F7gtm0zyNOnflh0IPAQFh6OlISERENtRL1n2727ZO2NtWJKJIwQRoHtn4AonHdsKzKhSDTEiUW+9wSgIfH2DuPMr46Ni0uCvgVcB6x0VqPJYni8eGpP9u8XlZteLgiJik4oiuRhaPcs+FkYFbXo0iIhtC/CGFwBe8iMGQJnATiv2P6ZlTKdvHz5LmMmiV84kLBIVGF6hUDozzKajRn4nQp44P8A0/8CBpSHK+CJvVOnIOfCIqmpGWBY6TP7xG/Eas2A1ZKFPno/LxyplZLlH5s/Jf+Y/Jn0NwLqQ2+wGPTgW4wrQGz/448op/RroS3zI7xcv5dQlMHoQ+bP548/Oh5XgJ0S4pRg0RUcVzABfzdf1lwMPne4IykGjTFY6c7zD20qwLYvIAKLj64Ext8/qvKMyv604KA/C7DLxtiU/HB+ZKIsEX//4UxeGBqi2ePHxbipOE0Bw/bv7/01AD+5Q7QxPjYkDsgJClhxbYUIC5hOF9RES/jN4xbSHPbECTEGyDXGjRMO3DuQ75hrncagUQBxiS/N4Wpa/bmFOdA/Kt/ofFko4M+NfwphCZ5Gjh8igPz9d/DeJ3u9kRyQHZAQEA/ZbfXjBJw/74UVT/cAPAExvisFMOzAgV7s8OHcYsXtWuEv9Y6iJ+CBpwd8IP1jXSqAPH7sj2se0nqdjYjA5Wp51zdvHt9jnYfQsflkmS1mPGoLuE5Au3YpMKI4CPqrw+cZ6dFDQjcsVWxEfJ5ReQwoYPC+wXzo34l2LhMAJCpiMOC2XN7h85bufriEeWt5QiQHkISshAyr1VrLtQIAZM0aPJg2OE7ChJTU2DTy4IHEpFKo6dYL6U+HKUqksV1bhKtWYWqXQxYKAYkJDxrcanc92uWF5Ihpp6bxoe+yWwSQmzd9YeQD8HbjG+sb3XJFSzGS0ttPwfEF4+HqlQoCy7pFgF0qjYe5rYPnBpIhqRPo5XM5xnSHAAuc+wxeQOC+z+ClkiPAqNAp5Dh69wiAjQangGRmKrpv7y4oMblEhLOAdqvb4eXzEsZziwAKMnq06Ib3Nf+qs6u+LTu1bDAV4CX1wnPfw+0CEHgTZqOjEyvP+v/SUWZKGbzjBX/3+w8rm0gkEfQt8DUgly550zo4zT8twWfc9/LTLOxjMzOziL9/5NeAzcjAa5UyWZEsg88AfBe64iVcAp/fX4ka+E4AlAH8lhve/wC9phuOb7e8lwAAAABJRU5ErkJggg==)](../../ "µAES") ![C](https://img.shields.io/badge/langauge-C-blue.svg) [![version](https://img.shields.io/badge/version-1.9.3-blue)](../../../../user-attachments/files/18098067/micro_aes-v1.9.3.zip "µAES-v1.9.3.zip") [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
This is a highly flexible, small and portable implementation of most of the AES related algorithms.
@@ -10,17 +10,32 @@ This is a highly flexible, small and portable implementation of most of the AES
* <font size="4">Comprehensive</font> — supports all standard AES key sizes (128, 192 and 256 bits) along with almost every block-cipher mode.
All popular (and some unpopular) block ciphering modes of the AES are implemented in this library, such as [**_ECB_**, **_CBC_**, **_CFB_**, **_OFB_**, **_CTR_**](https://csrc.nist.gov/publications/detail/sp/800-38a/final "Described in NIST SP 800-38A"), [**_GCM_**](https://csrc.nist.gov/publications/detail/sp/800-38d/final "NIST SP 800-38D"), [**_CCM_**](https://csrc.nist.gov/publications/detail/sp/800-38c/final "NIST SP 800-38C"), [**_XTS_**](https://csrc.nist.gov/publications/detail/sp/800-38e/final "NIST SP 800-38E"), [**_KW_**](https://csrc.nist.gov/publications/detail/sp/800-38f/final "NIST SP 800-38F") [(_KWA_)](https://www.rfc-editor.org/rfc/rfc3394 "RFC-3394"), [**_OCB_**](https://www.rfc-editor.org/rfc/rfc7253.html "RFC-7253"), [**_EAX_**](../../files/10318260/eax.pdf "Bellare-Rogaway-Wagner paper. For more info, see wikipedia.") / [**_EAX'_**](../../files/10318265/eax-prime.pdf "It is theoretically broken and shouldn't be used. The ANSI C12.22 has not withdrawn it yet, so here we go."), [**_SIV_**](../../files/10318348/siv.pdf "You may also refer to the RFC-5297"), [**_GCM-SIV_**](https://www.rfc-editor.org/rfc/rfc8452.html "RFC-8452"), [**_FPE_** (**_FF1_** / **_FF3-1_**)](https://csrc.nist.gov/publications/detail/sp/800-38g/final "NIST SP 800-38G"), and furthermore, authentication APIs for [**_CMAC_**](https://csrc.nist.gov/publications/detail/sp/800-38b/final "NIST SP 800-38B") and [**_Poly1305-AES_**](../../files/10319003/poly1305.pdf "From D. J. Bernstein's website: cr.yp.to/mac.html").
All popular (and some unpopular) block ciphering modes of the AES are implemented in this library, such as
[**_ECB_**, **_CBC_**, **_CFB_**, **_OFB_**, **_CTR_**](https://csrc.nist.gov/publications/detail/sp/800-38a/final "Described in NIST SP 800-38A"),
[**_GCM_**](https://csrc.nist.gov/publications/detail/sp/800-38d/final "NIST SP 800-38D"),
[**_CCM_**](https://csrc.nist.gov/publications/detail/sp/800-38c/final "NIST SP 800-38C"),
[**_XTS_**](https://csrc.nist.gov/publications/detail/sp/800-38e/final "NIST SP 800-38E"),
[**_KW_**](https://csrc.nist.gov/publications/detail/sp/800-38f/final "NIST SP 800-38F")
[(_KWA_)](https://www.rfc-editor.org/rfc/rfc3394 "RFC-3394"),
[**_OCB_**](https://www.rfc-editor.org/rfc/rfc7253.html "RFC-7253"),
[**_EAX_**](../../files/10318260/eax.pdf "Bellare-Rogaway-Wagner paper. For more info, see wikipedia.")
/[**_EAX'_**](../../files/10318265/eax-prime.pdf "Theoretically broken, but ANSI C12.22 has not withdrawn it yet. so here we go..."),
[**_SIV_**](../../files/10318348/siv.pdf "Also described in the RFC-5297"),
[**_GCM-SIV_**](https://www.rfc-editor.org/rfc/rfc8452.html "RFC-8452"),
[**_FPE_** (**_FF1_** /**_FF3-1_**)](https://csrc.nist.gov/publications/detail/sp/800-38g/final "NIST SP 800-38G"),
and furthermore, authentication APIs for
[**_CMAC_**](https://csrc.nist.gov/publications/detail/sp/800-38b/final "NIST SP 800-38B") and
[**_Poly1305-AES_**](../../files/10319003/poly1305.pdf "D. J. Bernstein's website: cr.yp.to/mac.html").
* <font size="4">All in one</font> — the whole implementation code is in a single C file with no external dependencies.
* <font size="4">Clear and readable code</font> — written in a layman-friendly way with lots of comments to clarify its purpose. Also the code styling is a bit different, and IMHO more eye-catching, than what you might see in other implementations.
* <font size="4">Flexible</font> — most features are controllable by macros, so that you can just pick up what you need and disable the unnecessary parts. These macros are defined in [the header file](micro_aes.h) and comments are added for each of them to explain what they represent. *Please read those comments carefully before using the code*.
* <font size="4">Flexible</font> — most features are controllable by macros, so that you can just pick up what you need and disable the unnecessary parts. These [macros](micro_aes.h#L546) are defined in the header file and comments are added for each of them to explain what they represent. *Please read [those comments](micro_aes.h#L483) carefully before using the code*.
* <font size="4">Lightweight</font> — the API has very little memory footprint and compiled code size. The amount of RAM used by the functions doesn't exceed a few hundred bytes in most extreme cases. Moreover, the ROM space of µAES is optimized as much as possible.
For example if you disable all other macros and just stick with the GCM, the compiled code size with `gcc -Os` will be less than **3KB** for either _AES-128-GCM_ or _AES-256-GCM_. You can verify this by running:
For example if you disable all other macros and just stick with the GCM, the compiled code size with `gcc -Os` will be less than **2.5KB** for either _AES-128-GCM_ or _AES-256-GCM_. This can be verified by running:
```
$ arm-none-eabi-gcc -Os -c micro_aes.c -o arm.o
$ avr-gcc -mmcu=atmega16 -Os -c micro_aes.c -o avr.o
@@ -28,12 +43,12 @@ This is a highly flexible, small and portable implementation of most of the AES
and checking the results with `size` command. See [this page](https://stackoverflow.com/q/31217181/5358284) for more info.
```
$ size arm.o
text data bss dec hex filename
2092 0 176 2268 8dc arm.o
text data bss dec hex filename
2112 0 176 2288 8f0 arm.o
$ avr-size avr.o
text data bss dec hex filename
2246 0 176 2422 976 avr.o
text data bss dec hex filename
2242 0 176 2418 972 avr.o
```
* <font size="4">Portable</font> — µAES is fully compliant with the ANSI-C or C89 standard which, combined with its small size and independence from external libraries, makes it a competent candidate for embedded systems and mini applications.
@@ -49,18 +64,21 @@ This is a highly flexible, small and portable implementation of most of the AES
For 32-bit CPUs a few tweaks are discussed in [x86 improvements](x86-improvements). It's worth noting that speed is not always a blessing in cryptography and sometimes slower codes turn out to be more secure. One must be wary of those speedups that make the code more susceptible to [timing attacks](https://en.wikipedia.org/wiki/Timing_attack).
## Examples
See the [main C](main.c) file which has some example codes demonstrating how to use the API functions, along with test vectors. Also check out the [/testvectors](testvectors/README.md) directory.
See the [main C](main.c) file which has some example codes demonstrating how to use the API functions, along with test vectors.
Also check out the [/testvectors](testvectors/README.md) directory.
## Remarks
* First, please keep in mind that most security experts strongly warn *against* implementing your own version of AES—or other ciphering algorithms; AND THEY ARE ABSOLUTELY RIGHT!
Everyone who is becoming familiar with cryptography, should first sign [Jeff Moser's](https://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html "A stick figure guide to AES") so-called "Foot Shooting Prevention Agreement". To save you a click and scroll, I have put a copy of it below (but please follow the link and read that article if you haven't).
Everyone who is becoming familiar with cryptography, should first sign [Jeff Moser's](https://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html "A stick figure guide to AES") so-called "Foot Shooting Prevention Agreement". It's a great article if you haven't read it yet. But to save you a click and scroll, I put a copy of the contract below.
With that in mind, I shall say that the main purpose of developing µAES was purely educational. I learned a lot during writing these codes and I hope that somebody, some day, would gain a bit of knowledge from it.
With that in mind, I shall say that the main purpose of developing µAES was purely educational. I learned a lot during writing these codes and hope that somebody, some day, would gain a bit of knowledge from it.
* The code is optimized for small embedded systems and 8-bit microcontrollers with limited amount of memory. So for stronger CPUs it is plausible to speed-up the code [by applying some simple changes](x86-improvements). If you are working with an 8-bit microcontroller, it is recommended to take a look at Nigel Jones' rather old article "[Efficient C Code for 8-bit Microcontrollers](https://barrgroup.com/embedded-systems/how-to/efficient-c-code)". It contains some highly useful tips to better program such systems.
* There are some standard encryption algorithms specifically designed for small embedded systems, that minimize the use of computational resources while maintaining a high level of security. The most prominent one is the ASCON cipher suite which recently got [approved by the NIST](https://csrc.nist.gov/Projects/lightweight-cryptography/finalists). **_I have created [another repository](../../../simple-ASCON "Simple ASCON") to implement those algorithms as well_**.
* For the sake of simplicity, it is often assumed that the input parameters of the functions are well defined, and the user knows what they're doing. As a result, a bunch of error checks are just skipped. Obviously, this is a naive and sometimes dangerous assumption. One must be aware that in a serious application, anything can be fed into the functions and they must take all the necessary precautions for erroneous parameters.
* µAES was originally influenced by [kokke's tiny-AES](https://github.com/kokke/tiny-AES-c) library, but I have made a handful of modifications to make it smaller and more efficient.

138
main.c
View File

@@ -13,33 +13,31 @@
#include <stdio.h>
static const char
*plainText = "c9f775baafa36c25 cd610d3c75a482ea dda97ca4864cdfe0 6eaf70a0ec0d7191"
"d55027cf8f900214 e634412583ff0b47 8EA2B7CA516745BF EA",
*iVec = "8EA2B7CA516745BF EAfc49904b496089",
*cipherKey = "279fb74a7572135e 8f9b8ef6d1eee003 69c4e0d86a7b0430 d8cdb78070b4c55a",
*secretKey = "0001020304050607 08090A0B0C0D0E0F 1011121314151617 18191A1B1C1D1E1F",
*secondKey = "0011223344556677 8899AABBCCDDEEFF 0001020304050607 08090A0B0C0D0E0F",
*cipherKey = "279fb74a7572135e 8f9b8ef6d1eee003 69c4e0d86a7b0430 d8cdb78070b4c55a",
*plainText = "c9f775baafa36c25 cd610d3c75a482ea dda97ca4864cdfe0 6eaf70a0ec0d7191"
"d55027cf8f900214 e634412583ff0b47 8ea2b7ca516745bf ea",
*iVec = "8ea2b7ca516745bf eafc49904b496089",
#if AES___ == 256
#if AES___ == 256 /* ↑↓ see p.34 of RFC-3394: */
*k_wrapped = "28C9F404C4B810F4 CBCCB35CFB87F826 3F5786E2D80ED326 CBC7F0E71A99F43B"
"FB988B9B7A02DD21", /* <---- p. 34 of RFC-3394 */
"FB988B9B7A02DD21", /* ↓ with GCM_NONCE_LEN=12 */
*gcmcipher = "eb0f39c8cc86af34 3545fec3abc4d1fd 26241218546289ec 5ce5208e01873e90"
"e86772931b80d749 22565b38d35fe11a 387b347949dda087 9ca5f20fc9357760"
"4b2f659e3b1d1b0f 33",
*xtscipher = "40bfcc14845b1bb4 15dd13abf1e6f89d 3bfd794cf6655ffd 14c0d7e4177eeaf4"
"5dd95f05663fcfb4 47671154a91b9d00 d1bd7a35c14c7410 9a";
#elif AES___ == 192 /* ↓↓↓↓ if PKCS#7 enabled */
*ecbcipher = "af1893f0fbb09a43 7f6b0fd4f4977890 7bb85cccf1e9d2e3 ebe5bae935107868"
"c6d72cb2ca375c12 ce6b6b1141141fd0 d268d14db351d680 5aabb99427341da9",
*k_wrapped = "031D33264E15D332 68F24EC260743EDC E1C6C7DDEE725A93 6BA814915C6762D2";
#else /* ↓↓↓↓ zero-padded input */
#elif AES___ != 192 /* ↓ AES-128 ↓ KeySize=16 ↓ */
*ecbcipher = "5d00c273f8b2607d a834632dcbb521f4 697dd4ab20bb0645 32a6545e24e33ae9"
"f545176111f93773 dbecd262841cf83b 10d145e71b772cf7 a12889cda84be795",
#if CTS
*cbccipher = "65c48fdf9fbd6261 28f2d8bac3f71251 75e7f4821fda0263 70011632779d7403"
"c119ef461ac4e1bc 8a7e36bf92b3b3d1 7e9e2d298e154bc4 2d",
#else /* ↓↓↓↓ zero-padded input */
*cbccipher = "65c48fdf9fbd6261 28f2d8bac3f71251 75e7f4821fda0263 70011632779d7403"
"7e9e2d298e154bc4 2dc7a9bc419b915d c119ef461ac4e1bc 8a7e36bf92b3b3d1",
#endif
*xtscipher = "10f9301a157bfceb 3eb9e7bd38500b7e 959e21ba3cc1179a d7f7d7d99460e695"
"5e8bcb177571c719 6de58ff28c381913 e7c82d0adfd90c45 ca",
*cbccipher = "65c48fdf9fbd6261 28f2d8bac3f71251 75e7f4821fda0263 70011632779d7403"
#if CTS
"c119ef461ac4e1bc 8a7e36bf92b3b3d1 7E9E2D298E154BC4 2D",
#else /* ↓ zero-padded plaintext */
"7E9E2D298E154BC4 2Dc7a9bc419b915d c119ef461ac4e1bc 8a7e36bf92b3b3d1",
#endif
*cfbcipher = "edab3105e673bc9e b9102539a9f457bc 245c14e1bff81b5b 4a4a147c988cb0a6"
"3f9c56525efbe64a 876ad1d761d3fc93 59fb4f5b2354acd4 90",
*ofbcipher = "edab3105e673bc9e b9102539a9f457bc d28c8e4c92995f5c d9426926be1e775d"
@@ -50,46 +48,50 @@ static const char
#else
*ctrcipher = "6c6bae886c235d8c 7997d45c1bf0bca2 48b4bca9eb396d1b f6945e5b7a4fc10f"
"488cfe76fd5eaeff 2b8fb469f78fa61e 285e4cf9b9aee3d0 a8",
#endif
*ccmcipher = "d2575123438338d7 0b2955537fdfcf41 729870884e85af15 f0a74975a72b337d"
"04d426de87594b9a be3e6dcf07f21c99 db3999f81299d302 ad1e5ba683e9039a"
"5483685f1bd2c3fa 3b", /* <---- with 16 bytes tag */
*gcmcipher = "5ceab5b7c2d6dede 555a23c7e3e63274 4075a51df482730b a31485ec987ddcc8"
"73acdcfc6759a47b a424d838e7c0cb71 b9a4d8f4572e2141 18c8ab284ca845c1"
"4394618703cddf3a fb", /* <---- with 16 bytes tag */
#endif /* ↓ 16 bytes i.v PREPENDED */
*sivcipher = "ff2537a371fba0bb ed11acf2a3631300 97964f088881bdbd f163e261afd158e6"
"09272e759213c76a edc83a451d094c9e 06e2600e50a27cbb c0d9fad10eb6d369"
"4614362e5cd68b90 a9", /* 16 bytes i.v. PREPENDED */
*ocbcipher = "fc254896eb785b05 dd87f240722dd935 61f5a0ef6aff2eb6 5953da0b26257ed0"
"d69cb496e9a0cb1b f646151aa07e629a 28d99f0ffd7ea753 5c39f440df33c988"
"c55cbcc8ac086ffa 23", /* ↑↑↓↓ with 16 bytes tag */
"4614362e5cd68b90 a9", /* ↓ all tag-sizes are 16 ↓ */
*ccmcipher = "d2575123438338d7 0b2955537fdfcf41 729870884e85af15 f0a74975a72b337d"
"04d426de87594b9a be3e6dcf07f21c99 db3999f81299d302 ad1e5ba683e9039a"
"5483685f1bd2c3fa 3b",
*gcmcipher = "5ceab5b7c2d6dede 555a23c7e3e63274 4075a51df482730b a31485ec987ddcc8"
"73acdcfc6759a47b a424d838e7c0cb71 b9a4d8f4572e2141 18c8ab284ca845c1"
"4394618703cddf3a fb",
*gsvcipher = "2f1488496ada3f70 9760420ac72e5acf a977f6add4c55ac6 85f1b9dff8f381e0"
"2a64bbdd64cdd778 525462949bb0b141 db908c5cfa365750 3666f879ac879fcb"
"f25c15d496a1e6f7 f8",
#if EAXP /* ↓↓↓↓ with 4 bytes tag */
*eaxcipher = "f516e9c20069292c c51ba8b6403ddedf 5a34798f62187f58 d723fa33573fd80b"
"f08ffbb09dadbd0b 6fa4812ca4bb5e6d db9a384943b36690 e81738a7a1",
#else /* ↓↓↓↓ with 16 bytes tag */
*ocbcipher = "fc254896eb785b05 dd87f240722dd935 61f5a0ef6aff2eb6 5953da0b26257ed0"
"d69cb496e9a0cb1b f646151aa07e629a 28d99f0ffd7ea753 5c39f440df33c988"
"c55cbcc8ac086ffa 23",
#if !EAXP
*eaxcipher = "4e2fa1bef9ffc23f 6965ee7135981c91 af9bfe97a6b13c01 b8b99e114dda2391"
"50661c618335a005 47cca55a8f22fbd5 ed5ab4b4a17d0aa3 29febd14ef271bae"
"986810a504f01ec6 02",
#endif /* ↓↓ a large Prime Number */
#else /* ↓ with 4 bytes mac added */
*eaxcipher = "f516e9c20069292c c51ba8b6403ddedf 5a34798f62187f58 d723fa33573fd80b"
"f08ffbb09dadbd0b 6fa4812ca4bb5e6d db9a384943b36690 e81738a7a1",
#endif /* ↓ a large Prime Number ↓ */
*fpe_plain = "122333444455555666666777777788888888999999999012345682747",
#if FF_X == 3 /* <-- MAXLEN=56 if RDX=10 */
#if FF_X == 3 /* ↓ if RADIX=10: MAXLEN=56 */
*fpecipher = "0053317760589559020399280014720716878020198371161819152",
#else
*fpecipher = "000260964766881620856103152534002821752468680082944565411",
#endif
*ptextcmac = "b887df1fd8c239c3 e8a64d9822e21128",
*ptxt_cmac = "b887df1fd8c239c3 e8a64d9822e21128",
*poly_1305 = "3175bed9bd01821a 62d4c7bef26722be",
*k_wrapped = "1FA68B0A8112B447 AEF34BD8FB5A7B82 9D3E862371D2CFE5";
#else /* ↓ AES-192: enable PKCS#7 */
*ecbcipher = "af1893f0fbb09a43 7f6b0fd4f4977890 7bb85cccf1e9d2e3 ebe5bae935107868"
"c6d72cb2ca375c12 ce6b6b1141141fd0 d268d14db351d680 5aabb99427341da9",
*k_wrapped = "031D33264E15D332 68F24EC260743EDC E1C6C7DDEE725A93 6BA814915C6762D2";
#endif
enum buffer_sizes
{
PBYTES = HEXSTR_LENGTH / 2,
PADDED = PBYTES + 15 & ~15,
TAGGED = PBYTES + 16
PTSIZE = HEXSTR_LENGTH / 2,
PADDED = PTSIZE + 15 & ~15,
TAGGED = PTSIZE + 16
};
static void hex2bytes(const char* hex, uint8_t* bytes)
@@ -110,16 +112,16 @@ static void check(const char* method, void* result, const void* expected, size_t
memset(result, 0xcc, TAGGED);
}
int main()
int main(void)
{
uint8_t iv[16], key[64], authKey[32], input[PADDED], test[TAGGED], output[TAGGED],
*a = authKey + 1, sa = sizeof authKey - 1, sp = PBYTES;
*a = authKey + 1, sa = sizeof authKey - 1, sp = PTSIZE;
hex2bytes(cipherKey, key);
hex2bytes(secondKey, key + 32);
hex2bytes(secretKey, authKey);
hex2bytes(iVec, iv);
hex2bytes(plainText, input);
#if M_RIJNDAEL
#if MICRO_RJNDL
hex2bytes(iVec, input + 48);
hex2bytes(secondKey, test);
a = AES_KEY_SIZE == 16 ? key : input + (AES___ - 192) / 2;
@@ -134,7 +136,7 @@ int main()
#endif
printf("%s %s Test results\n", __DATE__, __TIME__);
#if ECB && AES_KEY_SIZE + 8 * !AES_PADDING == 24
#if ECB && AES_KEY_SIZE - 8 * AES_PADDING == 16
hex2bytes(ecbcipher, test);
AES_ECB_encrypt(key, input, sp, output);
check("ECB encryption", output, test, sizeof input);
@@ -177,16 +179,16 @@ int main()
check("XTS decryption", output, input, sp);
#endif
#if CMAC && AES_KEY_SIZE == 16
hex2bytes(ptextcmac, test);
hex2bytes(ptxt_cmac, test);
AES_CMAC(key, input, sp, output);
check("plaintext CMAC", output, test, 16);
#endif
#if POLY1305 && AES_KEY_SIZE == 16
hex2bytes(poly_1305, test);
AES_Poly1305(key, iv, input, sp, output);
check("Poly-1305 mac.", output, test, 16);
check("Poly-1305 *mac", output, test, 16);
#endif
#if GCM && AES_KEY_SIZE == 16
#if GCM && AES_KEY_SIZE != 24
hex2bytes(gcmcipher, test);
AES_GCM_encrypt(key, iv, input, sp, a, sa, output, output + sp);
check("GCM encryption", output, test, sp + 16);
@@ -234,7 +236,7 @@ int main()
#endif
check("EAX decryption", output, input, sp);
#endif
#if FPE && AES_KEY_SIZE + CUSTOM_ALPHABET == 16
#if AES_KEY_SIZE + !FPE + CUSTOM_ALPHABET == 16
memcpy(test, fpecipher, FF_X == 3 ? (sp = 55) : sp);
#if FF_X == 3
AES_FPE_encrypt(key, a, fpe_plain, sp, output);
@@ -258,7 +260,7 @@ int main()
#if OCB * EAX * SIV * GCM_SIV * POLY1305 * FPE * (16 / AES_KEY_SIZE)
printf("+-> Let's do some extra tests\n");
sp = sa = 24; /* taken from RFC 7253: */
sp = sa = 24; /* taken from RFC-7253: */
hex2bytes("000102030405060708090A0B0C0D0E0F", key);
hex2bytes("BBAA99887766554433221107", iv);
hex2bytes("000102030405060708090A0B0C0D0E0F1011121314151617", a);
@@ -270,7 +272,7 @@ int main()
*output ^= AES_OCB_decrypt(key, iv, test, sp, a, sa, OCB_TAG_LEN, output);
check("OCB decryption", output, input, sp);
sp = 11; sa = 7; /* taken from RFC 8452: */
sp = 11, sa = 7; /* taken from RFC-8452: */
hex2bytes("ee8e1ed9ff2540ae8f2ba9f50bc2f27c", key);
hex2bytes("752abad3e0afb5f434dc4310", iv);
hex2bytes("6578616d706c65", a);
@@ -280,7 +282,7 @@ int main()
check("GCMSIV encrypt", output, test, sp + 16);
*output ^= GCM_SIV_decrypt(key, iv, test, sp, a, sa, 16, output);
check("GCMSIV decrypt", output, input, sp);
sp = 12; sa = 1; /* taken from RFC 8452: */
sp = 12, sa = 1; /* taken from RFC-8452: */
hex2bytes("01000000000000000000000000000000", key);
hex2bytes("030000000000000000000000", iv);
hex2bytes("01", a);
@@ -292,7 +294,7 @@ int main()
*output ^= GCM_SIV_decrypt(key, iv, test, sp, a, sa, 16, output);
check("GCMSIV decrypt", output, input, sp);
sp = 14; sa = 24; /* taken from RFC 5297: */
sp = 14, sa = 24; /* taken from RFC-5297: */
hex2bytes("fffefdfc fbfaf9f8 f7f6f5f4 f3f2f1f0\
f0f1f2f3 f4f5f6f7 f8f9fafb fcfdfeff", key);
hex2bytes("10111213 14151617 18191a1b 1c1d1e1f\
@@ -304,7 +306,7 @@ int main()
check("SIV encryption", output, test, sp + 16);
*output ^= AES_SIV_decrypt(key, test, test + 16, sp, a, sa, output);
check("SIV decryption", output, input, sp);
sp = 16; sa = 0; /* from miscreant on github: bit.ly/3ycgGB */
sp = 16, sa = 0; /* from miscreant on github: bit.ly/3ycgGB */
hex2bytes("fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", key);
hex2bytes("00112233445566778899aabbccddeeff", input);
hex2bytes("f304f912863e303d5b540e5057c7010c942ffaf45b0e5ca5fb9a56a5263bb065", test);
@@ -313,7 +315,7 @@ int main()
*output ^= AES_SIV_decrypt(key, test, test + 16, sp, a, sa, output);
check("SIV decryption", output, input, sp);
#if EAXP
sp = 0; sa = 50; /* from Annex G of the IEEE Std 1703-2012 */
sp = 0, sa = 50; /* from Annex G of the IEEE Std. 1703-2012 */
hex2bytes("01020304050607080102030405060708", key);
hex2bytes("A20D060B607C86F7540116007BC175A8\
03020100BE0D280B810984A60C060A60\
@@ -324,7 +326,7 @@ int main()
check("EAX encryption", output, test, sp + 4);
sp += AES_EAX_decrypt(key, input, test, sp, sa, output);
check("EAX decryption", output, input, sp);
sp = 28; sa = 65; /* from Moise-Beroset-Phinney-Burns paper: */
sp = 28, sa = 65; /* from Moise-Beroset-Phinney-Burns paper: */
hex2bytes("10 20 30 40 50 60 70 80 90 a0 b0 c0 d0 e0 f0 00", authKey);
hex2bytes("a2 0e 06 0c 60 86 48 01 86 fc 2f 81 1c aa 4e 01\
a8 06 02 04 39 a0 0e bb ac 0f a2 0d a0 0b a1 09\
@@ -339,7 +341,7 @@ int main()
check("EAX encryption", output, key, sp + 4);
AES_EAX_decrypt(authKey, test, key, sp, sa, output);
#else
sp = 12; sa = 8; /* from Bellare-Rogaway-Wagner 2004 paper: */
sp = 12, sa = 8; /* from Bellare-Rogaway-Wagner 2004 paper: */
hex2bytes("BD8E6E11475E60B268784C38C62FEB22", key);
hex2bytes("6EAC5C93072D8E8513F750935E46DA1B", iv);
hex2bytes("D4482D1CA78DCE0F", a);
@@ -351,7 +353,17 @@ int main()
#endif
check("EAX decryption", output, input, sp);
#if FF_X == 3 && !CUSTOM_ALPHABET
#if (FF_X != 3) * CUSTOM_ALPHABET == 3
sp = 19, sa = 11;
hex2bytes("2B 7E 15 16 28 AE D2 A6 AB F7 15 88 09 CF 4F 3C", key);
hex2bytes("37 37 37 37 70 71 72 73 37 37 37", a);
memcpy(input, "0123456789abcdefghi", sp);
memcpy(output, "a9tv40mll9kdu509eum", sp);
AES_FPE_encrypt(key, a, sa, input, sp, test);
check("FF1 encryption", test, output, sp);
AES_FPE_decrypt(key, a, sa, output, sp, test);
check("FF1 decryption", test, input, sp);
#elif FF_X * !CUSTOM_ALPHABET == 3
sp = 29; /* zero tweak works for both FF3 and FF3-1 */
hex2bytes("EF 43 59 D8 D5 80 AA 4F 7F 03 6D 6F 04 FC 6A 94", key);
hex2bytes("00 00 00 00 00 00 00 00", a);
@@ -361,16 +373,6 @@ int main()
check("FF3 encryption", test, output, sp);
AES_FPE_decrypt(key, a, output, sp, test);
check("FF3 decryption", test, input, sp);
#elif FF_X != 3 && CUSTOM_ALPHABET == 3
sp = 19; sa = 11;
hex2bytes("2B 7E 15 16 28 AE D2 A6 AB F7 15 88 09 CF 4F 3C", key);
hex2bytes("37 37 37 37 70 71 72 73 37 37 37", a);
memcpy(input, "0123456789abcdefghi", sp);
memcpy(output, "a9tv40mll9kdu509eum", sp);
AES_FPE_encrypt(key, a, sa, input, sp, test);
check("FF1 encryption", test, output, sp);
AES_FPE_decrypt(key, a, sa, output, sp, test);
check("FF1 decryption", test, input, sp);
#endif
sp = 32; /* ↓ from Daniel J. Bernstein's 2005 paper */
hex2bytes("66 3c ea 19 0f fb 83 d8 95 93 f3 f4 76 b6 bc 24\
@@ -380,7 +382,7 @@ int main()
hex2bytes("ae 21 2a 55 39 97 29 59 5d ea 45 8b c6 21 ff 0e", iv);
hex2bytes("0e e1 c1 6b b7 3f 0f 4f d1 98 81 75 3c 01 cd be", test);
AES_Poly1305(key, iv, input, sp, output);
check("Poly-1305 mac.", output, test, 16);
check("Poly-1305 *mac", output, test, 16);
sp = 63;
hex2bytes("ab 08 12 72 4a 7f 1e 34 27 42 cb ed 37 4d 94 d1\
36 c6 b8 79 5d 45 b3 81 98 30 f2 c0 44 91 fa f0\
@@ -391,7 +393,7 @@ int main()
hex2bytes("9a e8 31 e7 43 97 8d 3a 23 52 7c 71 28 14 9e 3a", iv);
hex2bytes("51 54 ad 0d 2c b2 6e 01 27 4f c5 11 48 49 1f 1b", test);
AES_Poly1305(key, iv, input, sp, output);
check("Poly-1305 mac.", output, test, 16);
check("Poly-1305 *mac", output, test, 16);
#endif
return 0;
}

1560
micro_aes.c
View File

File diff suppressed because it is too large Load Diff

372
micro_aes.h
View File

@@ -2,7 +2,7 @@
==============================================================================
Name : micro_aes.h
Author : polfosol
Version : 9.9.8.4
Version : 10
Copyright : copyright © 2022 - polfosol
Description : μAES ™ is a minimalist all-in-one library for AES encryption
==============================================================================
@@ -65,27 +65,30 @@ AES block-cipher modes of operation. The following modes can be enabled/disabled
#endif
#if EAX
#define EAXP 1 /* EAX-prime, as specified by IEEE Std 1703 */
#define EAXP 0 /* EAX-prime, as specified by IEEE Std 1703 */
#endif
#define WTF ! (BLOCKCIPHERS | AEAD_MODES)
#define M_RIJNDAEL WTF /* none of above; just rijndael API. dude.., why? */
#define MICRO_RJNDL WTF /* none of above; just rijndael API. dude.., why? */
/**----------------------------------------------------------------------------
Refer to the BOTTOM OF THIS DOCUMENT for some explanations about these macros:
Refer to the bottom of this document for more information about these macros:
-----------------------------------------------------------------------------*/
#if ECB || (CBC && !CTS) || (XEX && !XTS)
#define AES_PADDING 0 /* standard values: (1) PKCS#7 (2) ISO/IEC7816-4 */
#endif
#if ECB || CBC || XEX || KWA || M_RIJNDAEL
#if ECB || CBC || XEX || KWA || MICRO_RJNDL
#define DECRYPTION 1 /* rijndael decryption is NOT required otherwise. */
#endif
#if FPE
#define CUSTOM_ALPHABET 0 /* if disabled, use default alphabet (digits 0..9) */
#define FF_X 1 /* algorithm type: (1) for FF1, or (3) for FF3-1 */
#if FF_X == 3
#define FF3_TWEAK_LEN 7 /* if the old version of FF3: (8), else FF3-1: (7) */
#endif
#endif
#if CTR_NA
@@ -115,18 +118,24 @@ Refer to the BOTTOM OF THIS DOCUMENT for some explanations about these macros:
Since <stdint.h> is not a part of ANSI-C, we may need a 'trick' to use uint8_t
-----------------------------------------------------------------------------*/
#include <string.h>
#if __STDC_VERSION__ > 199900L || __cplusplus > 201100L || defined(_MSC_VER)
#include <stdint.h>
#else
#include <limits.h>
#if CHAR_BIT == 8
#ifdef LLONG_MAX /* which means compiler conforms to C99 standard. */
#include <stdint.h>
#elif CHAR_BIT == 8
typedef unsigned char uint8_t;
#endif
#if INT_MAX > 200000L
typedef int int32_t;
#else
typedef long int32_t;
#endif
#else
#error "YOUR SYSTEM/COMPILER NEITHER SUPPORTS <cstdint> NOR 8-BIT CHARACTERS!!"
#endif
#ifdef __SDCC /* compiler is SDCC (small-device C compiler) */
#define SDCC_REENT __reentrant
#else
#define SDCC_REENT
#endif
#ifdef __cplusplus
@@ -136,10 +145,10 @@ extern "C" {
/**----------------------------------------------------------------------------
Encryption/decryption of a single block with Rijndael
-----------------------------------------------------------------------------*/
#if M_RIJNDAEL
#if MICRO_RJNDL
void AES_Cipher( const uint8_t* key, /* encryption/decryption key */
const char mode, /* encrypt: 'E', decrypt: 'D' */
const uint8_t x[16], /* input bytes (or input block) */
const uint8_t x[16], /* input array (or input block) */
uint8_t y[16] ); /* output block */
#endif
@@ -148,14 +157,14 @@ Main functions for ECB-AES block ciphering
-----------------------------------------------------------------------------*/
#if ECB
void AES_ECB_encrypt( const uint8_t* key, /* encryption key */
const uint8_t* pntxt, /* plaintext buffer */
const size_t ptextLen, /* length of input plain text */
uint8_t* crtxt ); /* cipher-text result */
const void* pntxt, /* plaintext input */
const size_t ptextLen, /* length of plaintext */
void* crtxt ); /* ciphertext result */
char AES_ECB_decrypt( const uint8_t* key, /* decryption key */
const uint8_t* crtxt, /* cipher-text buffer */
const size_t crtxtLen, /* length of input cipher text */
uint8_t* pntxt ); /* plaintext result */
const void* crtxt, /* ciphertext input */
const size_t crtxtLen, /* length of ciphertext */
void* pntxt ); /* plaintext result */
#endif /* ECB */
/**----------------------------------------------------------------------------
@@ -164,15 +173,15 @@ Main functions for CBC-AES block ciphering
#if CBC
char AES_CBC_encrypt( const uint8_t* key, /* encryption key */
const uint8_t iVec[16], /* initialization vector */
const uint8_t* pntxt, /* plaintext buffer */
const size_t ptextLen, /* length of input plain text */
uint8_t* crtxt ); /* cipher-text result */
const void* pntxt, /* plaintext input */
const size_t ptextLen, /* length of plaintext */
void* crtxt ); /* ciphertext result */
char AES_CBC_decrypt( const uint8_t* key, /* decryption key */
const uint8_t iVec[16], /* initialization vector */
const uint8_t* crtxt, /* cipher-text buffer */
const size_t crtxtLen, /* length of input cipher text */
uint8_t* pntxt ); /* plaintext result */
const void* crtxt, /* ciphertext input */
const size_t crtxtLen, /* length of ciphertext */
void* pntxt ); /* plaintext result */
#endif /* CBC */
/**----------------------------------------------------------------------------
@@ -181,15 +190,15 @@ Main functions for CFB-AES block ciphering
#if CFB
void AES_CFB_encrypt( const uint8_t* key, /* encryption key */
const uint8_t iVec[16], /* initialization vector */
const uint8_t* pntxt, /* plaintext buffer */
const size_t ptextLen, /* length of input plain text */
uint8_t* crtxt ); /* cipher-text result */
const void* pntxt, /* plaintext input */
const size_t ptextLen, /* length of plaintext */
void* crtxt ); /* ciphertext result */
void AES_CFB_decrypt( const uint8_t* key, /* decryption key */
const uint8_t iVec[16], /* initialization vector */
const uint8_t* crtxt, /* cipher-text buffer */
const size_t crtxtLen, /* length of input cipher text */
uint8_t* pntxt ); /* plaintext result */
const void* crtxt, /* ciphertext input */
const size_t crtxtLen, /* length of ciphertext */
void* pntxt ); /* plaintext result */
#endif /* CFB */
/**----------------------------------------------------------------------------
@@ -198,15 +207,15 @@ Main functions for OFB-AES block ciphering
#if OFB
void AES_OFB_encrypt( const uint8_t* key, /* encryption key */
const uint8_t iVec[16], /* initialization vector */
const uint8_t* pntxt, /* plaintext buffer */
const size_t ptextLen, /* length of input plain text */
uint8_t* crtxt ); /* cipher-text result */
const void* pntxt, /* plaintext input */
const size_t ptextLen, /* length of plaintext */
void* crtxt ); /* ciphertext result */
void AES_OFB_decrypt( const uint8_t* key, /* decryption key */
const uint8_t iVec[16], /* initialization vector */
const uint8_t* crtxt, /* cipher-text buffer */
const size_t crtxtLen, /* length of input cipher text */
uint8_t* pntxt ); /* plaintext result */
const void* crtxt, /* ciphertext input */
const size_t crtxtLen, /* length of ciphertext */
void* pntxt ); /* plaintext result */
#endif /* OFB */
/**----------------------------------------------------------------------------
@@ -215,15 +224,15 @@ Main functions for XTS-AES block ciphering
#if XTS
char AES_XTS_encrypt( const uint8_t* keys, /* encryption key pair */
const uint8_t* tweak, /* tweak value (unit/sector ID) */
const uint8_t* pntxt, /* plaintext buffer */
const size_t ptextLen, /* length of input plain text */
uint8_t* crtxt ); /* cipher-text result */
const void* pntxt, /* plaintext input */
const size_t ptextLen, /* length of plaintext */
void* crtxt ); /* ciphertext result */
char AES_XTS_decrypt( const uint8_t* keys, /* decryption key pair */
const uint8_t* tweak, /* tweak value (unit/sector ID) */
const uint8_t* crtxt, /* cipher-text buffer */
const size_t crtxtLen, /* length of input cipher text */
uint8_t* pntxt ); /* plaintext result */
const void* crtxt, /* ciphertext input */
const size_t crtxtLen, /* length of ciphertext */
void* pntxt ); /* plaintext result */
#endif /* XTS */
/**----------------------------------------------------------------------------
@@ -232,15 +241,15 @@ Main functions for CTR-AES block ciphering
#if CTR_NA
void AES_CTR_encrypt( const uint8_t* key, /* encryption key */
const uint8_t* iv, /* initialization vector/ nonce */
const uint8_t* pntxt, /* plaintext buffer */
const size_t ptextLen, /* length of input plain text */
uint8_t* crtxt ); /* cipher-text result */
const void* pntxt, /* plaintext input */
const size_t ptextLen, /* length of plaintext */
void* crtxt ); /* ciphertext result */
void AES_CTR_decrypt( const uint8_t* key, /* decryption key */
const uint8_t* iv, /* initialization vector/ nonce */
const uint8_t* crtxt, /* cipher-text buffer */
const size_t crtxtLen, /* length of input cipher text */
uint8_t* pntxt ); /* plaintext result */
const void* crtxt, /* ciphertext input */
const size_t crtxtLen, /* length of ciphertext */
void* pntxt ); /* plaintext result */
#endif /* CTR */
/**----------------------------------------------------------------------------
@@ -248,20 +257,20 @@ Main functions for SIV-AES block ciphering
-----------------------------------------------------------------------------*/
#if SIV
void AES_SIV_encrypt( const uint8_t* keys, /* encryption key pair */
const uint8_t* pntxt, /* plain text */
const size_t ptextLen, /* length of input plain text */
const uint8_t* aData, /* added authentication data */
const size_t aDataLen, /* size of authentication data */
const void* pntxt, /* plaintext input */
const size_t ptextLen, /* length of plaintext */
const void* aData, /* added authentication data */
const size_t aDataLen, /* length of AAD (auth. data) */
uint8_t iv[16], /* synthesized initial-vector */
uint8_t* crtxt ); /* cipher-text result */
void* crtxt ); /* ciphertext result */
char AES_SIV_decrypt( const uint8_t* keys, /* decryption key pair */
const uint8_t iv[16], /* provided initial-vector */
const uint8_t* crtxt, /* cipher text */
const size_t crtxtLen, /* length of input cipher-text */
const uint8_t* aData, /* added authentication data */
const size_t aDataLen, /* size of authentication data */
uint8_t* pntxt ); /* plain-text result */
const void* crtxt, /* ciphertext input */
const size_t crtxtLen, /* length of ciphertext */
const void* aData, /* added authentication data */
const size_t aDataLen, /* length of AAD (auth. data) */
void* pntxt ); /* plaintext result */
#endif /* SIV */
/**----------------------------------------------------------------------------
@@ -269,22 +278,22 @@ Main functions for GCM-AES block ciphering
-----------------------------------------------------------------------------*/
#if GCM
void AES_GCM_encrypt( const uint8_t* key, /* encryption key */
const uint8_t* nonce, /* a.k.a initialization vector */
const uint8_t* pntxt, /* plain text */
const size_t ptextLen, /* length of input plain text */
const uint8_t* nonce, /* nonce or IV (init. vector) */
const uint8_t* pntxt, /* plaintext input */
const size_t ptextLen, /* length of plaintext */
const uint8_t* aData, /* added authentication data */
const size_t aDataLen, /* size of authentication data */
uint8_t* crtxt, /* cipher-text result */
const size_t aDataLen, /* length of AAD (auth. data) */
uint8_t* crtxt, /* ciphertext result */
uint8_t auTag[16] ); /* message authentication tag */
char AES_GCM_decrypt( const uint8_t* key, /* decryption key */
const uint8_t* nonce, /* a.k.a initialization vector */
const uint8_t* crtxt, /* cipher text + appended tag */
const size_t crtxtLen, /* length of input cipher-text */
const uint8_t* nonce, /* nonce or IV (init. vector) */
const uint8_t* crtxt, /* ciphertext + appended tag */
const size_t crtxtLen, /* length of ciphertext */
const uint8_t* aData, /* added authentication data */
const size_t aDataLen, /* size of authentication data */
const uint8_t tagLen, /* size of tag (if any) */
uint8_t* pntxt ); /* plain-text result */
const size_t aDataLen, /* length of AAD (auth. data) */
const uint8_t tagLen, /* length of tag (if any) */
uint8_t* pntxt ); /* plaintext result */
#endif /* GCM */
/**----------------------------------------------------------------------------
@@ -292,22 +301,22 @@ Main functions for CCM-AES block ciphering
-----------------------------------------------------------------------------*/
#if CCM
void AES_CCM_encrypt( const uint8_t* key, /* encryption key */
const uint8_t* nonce, /* a.k.a initialization vector */
const uint8_t* pntxt, /* plain text */
const size_t ptextLen, /* length of input plain text */
const uint8_t* nonce, /* nonce or IV (init. vector) */
const uint8_t* pntxt, /* plaintext input */
const size_t ptextLen, /* length of plaintext */
const uint8_t* aData, /* added authentication data */
const size_t aDataLen, /* size of authentication data */
uint8_t* crtxt, /* cipher-text result */
uint8_t auTag[16] ); /* message authentication tag */
const size_t aDataLen, /* length of AAD (auth. data) */
uint8_t* crtxt, /* ciphertext result */
uint8_t* auTag ); /* message authentication tag */
char AES_CCM_decrypt( const uint8_t* key, /* decryption key */
const uint8_t* nonce, /* a.k.a initialization vector */
const uint8_t* crtxt, /* cipher text + appended tag */
const size_t crtxtLen, /* length of input cipher-text */
const uint8_t* nonce, /* nonce or IV (init. vector) */
const uint8_t* crtxt, /* ciphertext + appended tag */
const size_t crtxtLen, /* length of ciphertext */
const uint8_t* aData, /* added authentication data */
const size_t aDataLen, /* size of authentication data */
const uint8_t tagLen, /* size of tag (if any) */
uint8_t* pntxt ); /* plain-text result */
const size_t aDataLen, /* length of AAD (auth. data) */
const uint8_t tagLen, /* length of tag (=CCM_TAG_LEN) */
uint8_t* pntxt ); /* plaintext result */
#endif /* CCM */
/**----------------------------------------------------------------------------
@@ -315,22 +324,22 @@ Main functions for OCB-AES block ciphering
-----------------------------------------------------------------------------*/
#if OCB
void AES_OCB_encrypt( const uint8_t* key, /* encryption key */
const uint8_t* nonce, /* a.k.a initialization vector */
const uint8_t* pntxt, /* plain text */
const size_t ptextLen, /* length of input plain text */
const uint8_t* nonce, /* nonce or IV (init. vector) */
const uint8_t* pntxt, /* plaintext input */
const size_t ptextLen, /* length of plaintext */
const uint8_t* aData, /* added authentication data */
const size_t aDataLen, /* size of authentication data */
uint8_t* crtxt, /* cipher-text result */
uint8_t auTag[16] ); /* message authentication tag */
const size_t aDataLen, /* length of AAD (auth. data) */
uint8_t* crtxt, /* ciphertext result */
uint8_t* auTag ); /* message authentication tag */
char AES_OCB_decrypt( const uint8_t* key, /* decryption key */
const uint8_t* nonce, /* a.k.a initialization vector */
const uint8_t* crtxt, /* cipher text + appended tag */
const size_t crtxtLen, /* length of input cipher-text */
const uint8_t* nonce, /* nonce or IV (init. vector) */
const uint8_t* crtxt, /* ciphertext + appended tag */
const size_t crtxtLen, /* length of ciphertext */
const uint8_t* aData, /* added authentication data */
const size_t aDataLen, /* size of authentication data */
const uint8_t tagLen, /* size of tag (if any) */
uint8_t* pntxt ); /* plain-text result */
const size_t aDataLen, /* length of AAD (auth. data) */
const uint8_t tagLen, /* length of tag (=OCB_TAG_LEN) */
uint8_t* pntxt ); /* plaintext result */
#endif /* OCB */
/**----------------------------------------------------------------------------
@@ -339,30 +348,30 @@ Main functions for EAX-AES mode; more info at the bottom of this document.
#if EAX
void AES_EAX_encrypt( const uint8_t* key, /* encryption key */
const uint8_t* nonce, /* arbitrary-size nonce array */
const uint8_t* pntxt, /* plain text */
const size_t ptextLen, /* length of input plain text */
const uint8_t* pntxt, /* plaintext input */
const size_t ptextLen, /* length of plaintext */
#if EAXP
const size_t nonceLen, /* size of provided nonce */
uint8_t* crtxt ); /* cipher-text result + mac (4) */
const size_t nonceLen, /* length of provided nonce */
uint8_t* crtxt ); /* ciphertext result + mac (4) */
#else
const uint8_t* aData, /* added authentication data */
const size_t aDataLen, /* size of authentication data */
uint8_t* crtxt, /* cipher-text result */
const size_t aDataLen, /* length of AAD (auth. data) */
uint8_t* crtxt, /* ciphertext result */
uint8_t auTag[16] ); /* message authentication tag */
#endif
char AES_EAX_decrypt( const uint8_t* key, /* decryption key */
const uint8_t* nonce, /* arbitrary-size nonce array */
const uint8_t* crtxt, /* cipher text + appended tag */
const size_t crtxtLen, /* length of input cipher-text */
const uint8_t* crtxt, /* ciphertext + appended tag */
const size_t crtxtLen, /* length of ciphertext */
#if EAXP
const size_t nonceLen, /* size of provided nonce */
const size_t nonceLen, /* length of provided nonce */
#else
const uint8_t* aData, /* added authentication data */
const size_t aDataLen, /* size of authentication data */
const uint8_t tagLen, /* size of tag (if any) */
const size_t aDataLen, /* length of AAD (auth. data) */
const uint8_t tagLen, /* length of tag (if any) */
#endif
uint8_t* pntxt ); /* plain-text result */
uint8_t* pntxt ); /* plaintext result */
#endif /* EAX */
/**----------------------------------------------------------------------------
@@ -371,21 +380,21 @@ Main functions for GCM-SIV-AES block ciphering
#if GCM_SIV
void GCM_SIV_encrypt( const uint8_t* key, /* encryption key */
const uint8_t* nonce, /* provided 96-bit nonce */
const uint8_t* pntxt, /* plain text */
const size_t ptextLen, /* length of input plain text */
const uint8_t* pntxt, /* plaintext input */
const size_t ptextLen, /* length of plaintext */
const uint8_t* aData, /* added authentication data */
const size_t aDataLen, /* size of authentication data */
uint8_t* crtxt, /* cipher-text result */
const size_t aDataLen, /* length of AAD (auth. data) */
uint8_t* crtxt, /* ciphertext result */
uint8_t auTag[16] ); /* 16-bytes mandatory tag */
char GCM_SIV_decrypt( const uint8_t* key, /* decryption key */
const uint8_t* nonce, /* provided 96-bit nonce */
const uint8_t* crtxt, /* cipher text + appended tag */
const size_t crtxtLen, /* length of input cipher-text */
const uint8_t* crtxt, /* ciphertext + appended tag */
const size_t crtxtLen, /* length of ciphertext */
const uint8_t* aData, /* added authentication data */
const size_t aDataLen, /* size of authentication data */
const uint8_t tagLen, /* size of tag (must be 16) */
uint8_t* pntxt ); /* plain-text result */
const size_t aDataLen, /* length of AAD (auth. data) */
const uint8_t tagLen, /* length of tag (must be 16) */
uint8_t* pntxt ); /* plaintext result */
#endif /* GCM-SIV */
/**----------------------------------------------------------------------------
@@ -393,14 +402,14 @@ Main functions for AES key-wrapping
-----------------------------------------------------------------------------*/
#if KWA
char AES_KEY_wrap( const uint8_t* kek, /* key encryption key */
const uint8_t* secret, /* input secret to be wrapped */
const size_t secretLen, /* size of input */
const void* secret, /* the secret to be wrapped */
const size_t secretLen, /* length of plaintext secret */
uint8_t* wrapped ); /* key-wrapped output */
char AES_KEY_unwrap( const uint8_t* kek, /* key encryption key */
const uint8_t* wrapped, /* key-wrapped secret */
const size_t wrapLen, /* size of input (secretLen +8) */
uint8_t* secret ); /* buffer for unwrapped key */
const void* wrapped, /* key-wrapped secret */
const size_t wrapLen, /* length of wrapped secret */
uint8_t* secret ); /* the unwrapped key result */
#endif /* KWA */
/**----------------------------------------------------------------------------
@@ -409,23 +418,21 @@ Main functions for FPE-AES; more info at the bottom of this page.
#if FPE
char AES_FPE_encrypt( const uint8_t* key, /* encryption key */
const uint8_t* tweak, /* tweak bytes */
#if FF_X == 3
#define FF3_TWEAK_LEN 7 /* either 8 (FF3), or 7 (FF3-1) */
#else
const size_t tweakLen, /* size of tweak array */
#if FF_X != 3
const size_t tweakLen, /* length of tweak array */
#endif
const void* pntxt, /* input plaintext string */
const size_t ptextLen, /* length of plaintext string */
void* crtxt ); /* cipher-text result */
void* crtxt ); /* ciphertext result */
char AES_FPE_decrypt( const uint8_t* key, /* decryption key */
const uint8_t* tweak, /* tweak bytes */
#if FF_X != 3
const size_t tweakLen, /* size of tweak array */
const size_t tweakLen, /* length of tweak array */
#endif
const void* crtxt, /* input ciphertext string */
const size_t crtxtLen, /* length of ciphertext string */
void* pntxt ); /* plain-text result */
void* pntxt ); /* plaintext result */
#endif /* FPE */
/**----------------------------------------------------------------------------
@@ -435,7 +442,7 @@ Main function for Poly1305-AES message authentication code
void AES_Poly1305( const uint8_t* keys, /* encryption/mixing key pair */
const uint8_t nonce[16], /* the 128-bit nonce */
const void* data, /* input data buffer */
const size_t dataSize, /* size of data in bytes */
const size_t dataSize, /* length of data in bytes */
uint8_t mac[16] ); /* poly1305-AES mac of data */
#endif
@@ -443,10 +450,10 @@ void AES_Poly1305( const uint8_t* keys, /* encryption/mixing key pair */
Main function for AES Cipher-based Message Authentication Code
-----------------------------------------------------------------------------*/
#if CMAC
void AES_CMAC( const uint8_t* key, /* encryption/cipher key */
void AES_CMAC( const uint8_t* key, /* encryption or cipher key */
const void* data, /* input data buffer */
const size_t dataSize, /* size of data in bytes */
uint8_t mac[16] ); /* CMAC result of input data */
const size_t dataSize, /* length of data in bytes */
uint8_t mac[16] ); /* CMAC of input data */
#endif
#ifdef __cplusplus
@@ -456,77 +463,104 @@ void AES_CMAC( const uint8_t* key, /* encryption/cipher key */
/**----------------------------------------------------------------------------
The error codes and key length should be defined here for external references:
-----------------------------------------------------------------------------*/
#define ENCRYPTION_FAILURE 0x1E
#define DECRYPTION_FAILURE 0x1D
#define AUTHENTICATION_FAILURE 0x1A
#define ENDED_IN_SUCCESS 0x00
#if (AES___ != 256) && (AES___ != 192)
#define AES_KEY_SIZE 16
#if AES___ != 256 && AES___ != 192
#define AES_KEY_SIZE 16
#else
#define AES_KEY_SIZE (AES___ / 8)
#define AES_KEY_SIZE (AES___ / 8)
#endif
enum function_result_codes
{
M_ENCRYPTION_ERROR = 0x1E,
M_DECRYPTION_ERROR = 0x1D,
M_AUTHENTICATION_ERROR = 0x1A,
M_RESULT_SUCCESS = 0x00
};
#endif /* header guard */
/******************************************************************************\
¦ Notes and remarks about the above-defined macros ¦
--------------------------------------------------------------------------------
* In EBC/CBC/XEX modes, the size of input must be a multiple of block-size.
Otherwise it needs to be padded. The simplest (default) padding mode is to
fill the rest of block by zeros. Supported standard padding methods are
PKCS#7 and ISO/IEC 7816-4, which can be enabled by the AES_PADDING macro.
* The main difference between the standard AES methods is in their key-expansion
process. So for example, AES-128-GCM and AES-256-GCM are pretty much similar
except for their key size and a minor change in the KeyExpansion function.
* In many texts, you may see that the words 'nonce' and 'initialization vector'
are used interchangeably. But they have a subtle difference. Sometimes nonce
is a part of the I.V, which itself can either be a full block or a partial
one. In CBC/CFB/OFB modes, the provided I.V must be a full block. In pure
CTR mode (CTR_NA) you can either provide a 96-bit I.V and let the count
start at CTR_STARTVALUE, or use a full block IV.
* In EBC/CBC/XEX modes, the size of input must be a multiple of block-size.
Otherwise it needs to be padded. The simplest (default) way of padding is to
fill the rest of block by zeros. Two standard methods for padding are PKCS#7
and ISO/IEC 7816-4, which can be enabled by the AES_PADDING macro.
* The FPE mode has two distinct NIST-approved algorithms, namely FF1 and FF3-1.
Use the FF_X macro to change the encryption method, which is FF1 by default.
The early version of FF3 required 8-byte tweaks. But this turned out to have
vulnerabilities and so it was reduced to 7 bytes in the FF3-1.
The input and output strings of FPE functions must be consisted of a fixed
set of characters called "the alphabet". Here, the default alphabet is the
set of digits {'0'...'9'}. If you want to use a different alphabet, set the
CUSTOM_ALPHABET macro and refer to the <micro_fpe.h> header. This header is
required only when a custom alphabet has to be defined, and contains some
illustrative examples and clear guidelines on how to do so.
* Many reference texts may use the terms "nonce" and "initialization vector"
interchangeably, but technically they are not the same. Sometimes nonce is
a part of the I.V, which itself can either be a full block or a partial one.
In CBC, CFB and OFB modes, the provided IV must be a full block. In pure CTR
(CTR_NA) mode, the IV can either be a full block, or a 96 bit one —which is
also called nonce. In the latter case, counting begins at CTR_STARTVALUE.
* In AEAD modes, the size of nonce and tag might be a parameter of the algorithm
such that changing them affect the results. The GCM and EAX modes support
arbitrary sizes for nonce. In CCM, the nonce length may vary from 8 to 13
bytes. Also the tag size is an EVEN number between 4..16. In OCB, the nonce
size is 1..15 and the tag is 0..16 bytes. Note that the 'calculated' tag-
size is always 16 bytes which can later be truncated to desired values. So
in encryption functions, the provided authTag buffer must be 16 bytes long.
size is 1..15 and the tag is 0..16 bytes. Note that the "calculated" tag-
size is always 16 bytes which is then truncated to the desired values. So in
encryption functions, the provided buffer for tag must be 16 bytes long.
* In most functions, as you may notice, first the entire input data is copied
to the output and then the encryption process is carried out on its buffer.
This is a very useful feature especially when the memory is limited, as you
can perform "in-place encryption" on the input data and there is no need to
allocate a separate buffer for the output. But please note that the `memcpy`
function has undefined behavior if its source and destination are the same.
So in such cases, you can simply delete the memcpy(...); line.
* For the EAX mode of operation, the IEEE-1703 standard defines EAX' which is a
modified version that combines AAD and nonce. Also the tag size is fixed to
modified version that combines AAD and nonce. Also the tag size is fixed on
4 bytes. So EAX-prime functions don't need to take additional authentication
data and tag-size as separate parameters.
data and tag-size as separate parameters. It has been proven that EAX' has
serious vulnerabilities and its usage is not recommended.
* In SIV mode, multiple separate units of authentication headers can be provided
for the nonce synthesis. Here we assume that only one unit of AAD (aData) is
sufficient, which is practically true.
* The FPE mode has two distinct NIST-approved algorithms, namely FF1 and FF3-1.
Use the FF_X macro to change the encryption method, which is FF1 by default.
The input and output strings must be consisted of a fixed set of characters
called 'the alphabet'. The default alphabet is the set of digits {'0'..'9'}.
If you want to use a different alphabet, set the CUSTOM_ALPHABET macro and
refer to the "micro_fpe.h" header. This file is needed only when a custom
alphabet has to be defined. It contains some illustrative examples and clear
guidelines on how to do so.
* The key wrapping mode is also denoted by KW. In this mode, the input secret is
divided into 64bit blocks. Number of blocks is at least 2, and it is assumed
that no padding is required. For padding, the KWP mode must be used which is
easily implementable, but left as an exercise! The key-wrapped output is an
extra block (8 bytes) longer than the secret. In the NIST SP800-38F document
you may find some mentions of TKW which is for 3DES and irrelevant here.
easily implementable but left as an exercise! In the NIST SP800-38F document
you may find mentions of TKW which is based on 3DES and irrelevant here.
* Here is a technical tip for the keen minds who have managed to read this far:
Excessive use of macro definitions in code is generally not a good practice,
especially in large projects. As it may possibly cause some name-conflicts
and errors for macro redefinition. So you can either delete the unnecessary
macros and clean up the code, or undef macros at the end of the source file
(i.e. write: #ifdef MACRO \ #undef MACRO \ #endif). Or replace their names
with some unique ones that surely won't be used elsewhere. For example,
rename the CTR macro above to MICRO_AES_CTR_MODE or something like that.
* Let me explain three extra options that are defined in the source file. If the
length of the input cipher/plain text is 'always' less than 4KB, you can
enable the SMALL_CIPHER macro to save a few bytes in the compiled code. This
assumption is likely to be valid for some embedded systems and small-scale
applications. Furthermore by enabling the DONT_USE_FUNCTIONS macro, you may
witness a positive effect on the speed while increasing the size of compiled
code. Nonetheless, others might get a different result from them.
applications. Furthermore, enabling the DISCARD_SUBROUTINES macro may have a
positive effect on the speed while increasing the size of compiled code.
Nonetheless, it is also possible to get different results sometimes.
The INCREASE_SECURITY macro, as its name suggests, is dealing with security
The INCREASE_SECURITY macro as its name suggests, is dealing with security
considerations. For example, since the RoundKey is declared as static array
it might get exposed to some attacks. By enabling this macro, round-keys are
wiped out at the end of ciphering operations. However, please keep in mind

75
micro_fpe.h
View File

@@ -2,7 +2,7 @@
==============================================================================
Name : micro_fpe.h
Author : polfosol
Version : 2.1.1.2
Version : 2.2.0.0
Copyright : copyright © 2022 - polfosol
Description : demonstrating some sample alphabets for the FPE mode of μAES ™
==============================================================================
@@ -12,28 +12,28 @@
#define MICRO_FPE_H_
/******************************************************************************
* In what follows, a few sample alphabets and their corresponding macros are
* provided. Accordingly, it would be straightforward to define any alphabet.
* If your desired alphabet contains non-ASCII characters, the CUSTOM_ALPHABET
* macro 'must be' set to a double-digit number, e.g 21. In what follows, there
* are some sample alphabets along with their corresponding macro definitions.
* It is straightforward to define another alphabet according to these samples.
* macro 'must be' set to a double-digit number, e.g. 21. The declaration of an
* alphabet needs to be followed by its number of characters (RADIX).
*/
#define NON_ASCII_CHARACTER_SET (CUSTOM_ALPHABET >= 10)
/******************************************************************************
* These strings are commonly used in ASCII-based alphabets. The declaration of
* an alphabet must be followed by its number of characters (RADIX).
* These strings frequently appear in ASCII-based alphabets.
*/
#define DECDIGIT "0123456789"
#define LCLETTER "abcdefghijklmnopqrstuvwxyz"
#define UCLETTER "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
#define HEXDIGIT DECDIGIT "ABCDEFabcdef"
#define DECIMALS "0123456789"
#define LLETTERS "abcdefghijklmnopqrstuvwxyz"
#define ULETTERS "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
#define HEXCHARS DECIMALS "ABCDEFabcdef"
/**
numbers
*/
#if CUSTOM_ALPHABET == 0
#define ALPHABET DECDIGIT
#define ALPHABET DECIMALS
#define RADIX 10
#endif
@@ -49,7 +49,7 @@
lowercase english words
*/
#if CUSTOM_ALPHABET == 2
#define ALPHABET LCLETTER
#define ALPHABET LLETTERS
#define RADIX 26
#endif
@@ -57,7 +57,7 @@
lowercase alphanumeric strings
*/
#if CUSTOM_ALPHABET == 3
#define ALPHABET DECDIGIT LCLETTER
#define ALPHABET DECIMALS LLETTERS
#define RADIX 36
#endif
@@ -65,7 +65,7 @@
the English alphabet
*/
#if CUSTOM_ALPHABET == 4
#define ALPHABET UCLETTER LCLETTER
#define ALPHABET ULETTERS LLETTERS
#define RADIX 52
#endif
@@ -73,7 +73,7 @@
base-64 encoded strings (RFC-4648), with no padding character
*/
#if CUSTOM_ALPHABET == 5
#define ALPHABET UCLETTER LCLETTER DECDIGIT "+/"
#define ALPHABET ULETTERS LLETTERS DECIMALS "+/"
#define RADIX 64
#endif
@@ -81,7 +81,7 @@
base-85 encoded strings (RFC-1924)
*/
#if CUSTOM_ALPHABET == 6
#define ALPHABET DECDIGIT UCLETTER LCLETTER "!#$%&()*+-;<=>?@^_`{|}~"
#define ALPHABET DECIMALS ULETTERS LLETTERS "!#$%&()*+-;<=>?@^_`{|}~"
#define RADIX 85
#endif
@@ -89,7 +89,7 @@
a character set with length 26, used by some test vectors
*/
#if CUSTOM_ALPHABET == 7
#define ALPHABET DECDIGIT "abcdefghijklmnop"
#define ALPHABET DECIMALS "abcdefghijklmnop"
#define RADIX 26
#endif
@@ -97,7 +97,7 @@
base-64 character set with DIFFERENT ORDERING, used by some test vectors
*/
#if CUSTOM_ALPHABET == 8
#define ALPHABET DECDIGIT UCLETTER LCLETTER "+/"
#define ALPHABET DECIMALS ULETTERS LLETTERS "+/"
#define RADIX 64
#endif
@@ -105,7 +105,7 @@
all printable ascii characters
*/
#if CUSTOM_ALPHABET == 9
#define ALPHABET " !\"#$%&\'()*+,-./"DECDIGIT":;<=>?@"UCLETTER"[\\]^_`"LCLETTER"{|}~"
#define ALPHABET " !\"#$%&\'()*+,-./"DECIMALS":;<=>?@"ULETTERS"[\\]^_`"LLETTERS"{|}~"
#define RADIX 95
#endif
@@ -116,8 +116,8 @@
*/
#if NON_ASCII_CHARACTER_SET
#include <locale.h>
#include <wchar.h>
#define string_t wchar_t* /* type of plain/cipher-text */
#else
#define string_t char*
@@ -142,27 +142,28 @@
/******************************************************************************
* It is mandatory to determine these constants for the alphabet. You can either
* pre-calculate the logarithm value (with at least 10 significant digits) and
* set it as a constant, or let it be calculated dynamically like this:
* pre-calculate the logarithm value (with at least 15 significant digits) and
* set it as a constant, or leave its calculation to the standard math library.
* Other constants are directly related to the value of logarithm, and MAXLEN is
* needed only in the FF3 mode.
*
#define MINLEN (RADIX < 8 ? 40 / RADIX + (RADIX / 4) * (RADIX - 4) : \
(RADIX < 1000) + (RADIX < 100) - (RADIX == 10) + 2 + 31 / RADIX)
*
* The above lines illustrate that MINLEN can also be defined independently,
* using pure integer arithmetics.
*/
#include <math.h>
#define LOGRDX (log( RADIX ) / log( 2 )) /* log2( RADIX ) if std=C99 */
#ifdef MATH_ERRNO
#define LOGRDX log2( RADIX )
#else /* this means std-C <= C90 */
#define LOGRDX (log( RADIX ) / log( 2 ))
#endif
#define MINLEN ((int) (19.931568 / LOGRDX + 1))
#if FF_X == 3
#define MAXLEN (2 * (int) (96.000001 / LOGRDX))
#endif
#define MINLEN ((int) (19.931568 / LOGRDX + 1))
/******************************************************************************
* or we can do something like this to set MINLEN:
*
#if RADIX >= 32
#define MINLEN (2 + (RADIX < 1000) + (RADIX < 100))
#elif RADIX > 5
#define MINLEN (5 + (RADIX < 16) + (RADIX < 10) + (RADIX < 8))
#else
#define MINLEN (40 / RADIX + RADIX / 5)
#endif
*/
#endif /* header guard */

22
prj_vc++.vcxproj
View File

@@ -18,14 +18,14 @@
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v120</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v120</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
@@ -66,7 +66,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_LIB;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@@ -75,13 +75,25 @@
<OptimizeReferences>true</OptimizeReferences>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ItemGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile Include="testvectors\aes_testvectors.c" />
</ItemGroup>
<ItemGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile Include="main.c" />
<ClCompile Include="micro_aes.c" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="micro_aes.c" />
<ClInclude Include="micro_aes.h" />
<ClInclude Include="micro_fpe.h" />
<ClInclude Include="testvectors\aes_testvectors.h" />
<ClInclude Include="testvectors\aes_testvectors_CCM.h" />
<ClInclude Include="testvectors\aes_testvectors_CMAC.h" />
<ClInclude Include="testvectors\aes_testvectors_FPE.h" />
<ClInclude Include="testvectors\aes_testvectors_GCM.h" />
<ClInclude Include="testvectors\aes_testvectors_GCMSIV.h" />
<ClInclude Include="testvectors\aes_testvectors_OCB.h" />
<ClInclude Include="testvectors\aes_testvectors_POLY1305.h" />
<ClInclude Include="testvectors\aes_testvectors_XTS.h" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">

147
testvectors/CCMtest.c
View File

@@ -1,147 +0,0 @@
/*
==============================================================================
Name : CCMtest.c
Author : polfosol
Version : 1.6.1.2
Copyright : copyright © 2022 - polfosol
Description : illustrating how to validate NIST's vectors for AES-CCM mode
==============================================================================
*/
#include <stdio.h>
#include "../micro_aes.h"
#define TESTFILEPATH "CCM_VNT128.rsp"
static void str2bytes(const char* hex, uint8_t* bytes)
{
unsigned shl = 0;
for (--bytes; *hex; ++hex)
{
if (*hex < '0' || 'f' < *hex) continue;
if ((shl ^= 4) != 0) *++bytes = 0;
*bytes |= (*hex % 16 + (*hex > '9') * 9) << shl;
}
}
static void bytes2str(const uint8_t* bytes, char* str, const size_t len)
{
const char offset = 0x27; /* offset must be 7 for uppercase */
size_t i = len + len, shr = 0;
for (str[i] = 0; i--; shr ^= 4)
{
str[i] = bytes[i / 2] >> shr & 0xF | '0';
if (str[i] > '9') str[i] += offset;
}
}
static int ciphertest(uint8_t* key, uint8_t* iv, uint8_t* p, uint8_t* a, uint8_t* c,
size_t np, size_t na, char* r)
{
char sk[2*AES_KEY_SIZE + 1], si[33], sp[80], sc[96], sa[80], msg[30];
uint8_t tmp[64], t = 0;
sprintf(msg, "%s", "passed the test");
AES_CCM_encrypt(key, iv, p, np, a, na, tmp, tmp + np);
if (memcmp(c, tmp, np + CCM_TAG_LEN))
{
sprintf(msg, "%s", "encrypt failure");
t = 1;
}
memset(tmp, 0xcc , sizeof tmp);
t |= AES_CCM_decrypt(key, iv, c, np, a, na, CCM_TAG_LEN, tmp) ? 2 : 0;
if (t > 1)
{
sprintf(msg, "%sdecrypt failure", t & 1 ? "encrypt & " : "");
}
bytes2str(key, sk, AES_KEY_SIZE);
bytes2str(iv, si, CCM_NONCE_LEN);
bytes2str(p, sp, np);
bytes2str(a, sa, na);
bytes2str(c, sc, np + CCM_TAG_LEN);
sprintf(r, "%s\nK: %s\ni: %s\nP: %s\nA: %s\nC: %s", msg, sk, si, sp, sa, sc);
return t;
}
int main()
{
const char *linehdr[] = { "Key = ", "Nonce = ", "Adata = ", "Payload = ", "CT = " };
char buffer[0x800], *value = "";
size_t pass = 0, df = 0, ef = 0, sk = 0, sn = 0, sp = 0, sc = 0, sa = 0;
uint8_t i, n = 0, key[AES_KEY_SIZE], iv[16], p[64], c[80], a[64];
FILE *fp, *fs, *ferr;
fp = fopen(TESTFILEPATH, "r");
fs = fopen("passed.log", "w");
ferr = fopen("failed.log", "w");
if (fp == NULL)
{
printf("File not found: %s\n", TESTFILEPATH);
return 1;
}
if (!fs || !ferr) return 1;
while (fgets(buffer, sizeof buffer, fp) != NULL)
{
buffer[strcspn(buffer, "\n")] = 0;
if (strlen(buffer) < 4) continue;
for (i = 0; i < 5; i++)
{
if (strncmp(buffer, linehdr[i], strlen(linehdr[i])) == 0)
{
value = strrchr(buffer, ' ') + 1;
break;
}
}
switch (i)
{
case 0:
sk = strlen(value) / 2;
if (sk == AES_KEY_SIZE) str2bytes(value, key);
break;
case 1:
sn = strlen(value) / 2;
if (sn == CCM_NONCE_LEN) str2bytes(value, iv);
break;
case 2:
sa = strlen(value) / 2;
str2bytes(value, a);
break;
case 3:
sp = strlen(value) / 2;
str2bytes(value, p);
++n;
break;
case 4:
sc = strlen(value) / 2 - CCM_TAG_LEN;
str2bytes(value, c);
++n;
break;
}
if (n == 2)
{
if (sk == AES_KEY_SIZE && sn == CCM_NONCE_LEN && sp == sc)
{
n = ciphertest(key, iv, p, a, c, sp, sa, buffer);
fprintf(n ? ferr : fs, "%s\n", buffer); /* save the log */
if (n == 0) ++pass;
else
{
if (n & 1) ++ef;
if (n & 2) ++df;
}
}
n = 0;
}
}
printf ("test cases: %d\nsuccessful: %d\nfailed encrypt: %d, failed decrypt: %d\n",
pass + (ef > df ? ef : df), pass, ef, df);
fclose(fp); fclose(fs); fclose(ferr);
if (ef + df == 0)
{
remove("passed.log"); remove("failed.log");
}
return 0;
}

1301
testvectors/CMACGenAES192.rsp Normal file
View File

File diff suppressed because it is too large Load Diff

869
testvectors/CMACGenAES256.rsp Normal file
View File

@@ -0,0 +1,869 @@
# CAVS 11.0
# CMACGen information
# Algorithms tested:Alg = AES KeySize = 256 Mode = Generate
# Generated on Tue Mar 15 08:40:35 2011
Count = 0
Klen = 32
Mlen = 0
Tlen = 5
Key = 95d8afb8a4b7245ce79f9f9c5ddd40de61b35905dcb638f2b875404a985b3f7a
Msg = 00
Mac = 68adfc9b59
Count = 1
Klen = 32
Mlen = 0
Tlen = 5
Key = 96a085fe88bc98c763c1064da4c9c8b4aa4ad42abaff407a4626abde6fecd915
Msg = 00
Mac = d8dc6726d8
Count = 2
Klen = 32
Mlen = 0
Tlen = 5
Key = 903e8108f35f8503288cd8c10ebdde1fdcd9355aab295025350d62f9dced7ead
Msg = 00
Mac = 31bf37f719
Count = 3
Klen = 32
Mlen = 0
Tlen = 5
Key = a52345bcb4e95e70dcdf729681ec997a0edd3c6dddb71dbd574b97e45c0c2800
Msg = 00
Mac = d4b4e580aa
Count = 4
Klen = 32
Mlen = 0
Tlen = 5
Key = baf5afafd7d0c8ad42a44e4e0a90fd2cecaf8df1828686d2b79e56597e71a068
Msg = 00
Mac = 9746cbe3ff
Count = 5
Klen = 32
Mlen = 0
Tlen = 5
Key = ad632ff35d6a1399b7be3611e5ac40b7e8054e83e822e82dc8243294fe806660
Msg = 00
Mac = 9c3e317928
Count = 6
Klen = 32
Mlen = 0
Tlen = 5
Key = 52c557d2fa26693640467709122afb2be6423a1b4ea6795ccc9f6e1ee869f51a
Msg = 00
Mac = 883c7b812f
Count = 7
Klen = 32
Mlen = 0
Tlen = 5
Key = f4b9a81167255b58b9fab6f31a7d7eee7ca6599dea24cacb1ba0621547463590
Msg = 00
Mac = 683c3be756
Count = 8
Klen = 32
Mlen = 0
Tlen = 10
Key = f0a3e4c237d86718d84c43185e70f9cef0dc92b378e3e0db046b06716cfb3b61
Msg = 00
Mac = 38ba46602f3411a58b2e
Count = 9
Klen = 32
Mlen = 0
Tlen = 10
Key = 71afe8d00c6f2ea8c8b050d4cd45e3686f84f60361a6ea54257184ddc71440f7
Msg = 00
Mac = 93057873b0630ff6de7e
Count = 10
Klen = 32
Mlen = 0
Tlen = 10
Key = 14cbb770baaadfdefb86af89e5453acac11cba813a17d44ec1f61d042f3bdc5a
Msg = 00
Mac = dde61fa1342b15a74d5d
Count = 11
Klen = 32
Mlen = 0
Tlen = 10
Key = 13835e3d8085bc369a69b8851dcc0e49c15458030e39813f72047c7791973634
Msg = 00
Mac = 0cb93914be23792dc288
Count = 12
Klen = 32
Mlen = 0
Tlen = 10
Key = e6bd0010c98e60b9af7cf905c58e0653bc425e2ccc809bd4f9cd7b1f95c18786
Msg = 00
Mac = b1685b1d2bb24fbcfb33
Count = 13
Klen = 32
Mlen = 0
Tlen = 10
Key = da79b90f78efa89246c79f75868814248991018722b8f0cc5c32556868b32158
Msg = 00
Mac = 83a88e0679bc915386e6
Count = 14
Klen = 32
Mlen = 0
Tlen = 10
Key = 5cfa6e5a2e9a8b49ccbc73e442ca3904d095bb1cee46c9cd8d9789b4a0431987
Msg = 00
Mac = 8e36aaec763c6690bae6
Count = 15
Klen = 32
Mlen = 0
Tlen = 10
Key = 4551c0ae63369ac860a655b09c50791e063c7dfcea513a100a1aa0dcf1caa8c2
Msg = 00
Mac = e8eeeb5415a2ab24f176
Count = 16
Klen = 32
Mlen = 16
Tlen = 5
Key = 916cd8119a4d7e825e01a86f93b0eee4a46d29216115cc9ef67a784c19c1ca1e
Msg = 3310fc5bc910f4c9b9cf4957ac638ae7
Mac = 03f045f886
Count = 17
Klen = 32
Mlen = 16
Tlen = 5
Key = 009f47f180e085776be6644aeac0070be64c289f84a7ba3dece7cdc54f0db354
Msg = 41b98538c752795d9d48702b56f334d9
Mac = b961aeec5d
Count = 18
Klen = 32
Mlen = 16
Tlen = 5
Key = 7ad491ec57187d4243c36603cefe682c0c56675c310448395e71600fbbf92cbb
Msg = 0ba21b260ee894147853a14328cecf1d
Mac = 1dd6cdc6a7
Count = 19
Klen = 32
Mlen = 16
Tlen = 5
Key = 29fcbbc506989671909510f08c723f51de5836aa58a17cb7d098bdc5757fc0ce
Msg = c00f1b8066677c63e898fddfb8a1b482
Mac = 097a7c5ce1
Count = 20
Klen = 32
Mlen = 16
Tlen = 5
Key = 5fb57eb6861dedb1fdc0319e4cd33bfb086669fba8e9fd2b94eece557f313da4
Msg = d4dbe3de674d48c2c16e9be544637f2f
Mac = fa8fde4a5e
Count = 21
Klen = 32
Mlen = 16
Tlen = 5
Key = f76c24a362e1e252db2549c5c4e3e5ad1de8e2d19de2c4f801685909a53beb71
Msg = 972996d5b4b6829913d5acc3dddda2f8
Mac = 46c87e989d
Count = 22
Klen = 32
Mlen = 16
Tlen = 5
Key = 213c55808de5d1e4147bd0e64f41570711cf6ebb4b6625622c81d9798cacb412
Msg = f94df6392add216cb8f9b8264c3a41e8
Mac = ba01dea290
Count = 23
Klen = 32
Mlen = 16
Tlen = 5
Key = 28d44a24d539170f5ff419afcd0032efacc7f2adb1375f6ea019f1506c9ee140
Msg = d9aa092708e53d1ac81b7b0070586e71
Mac = 1ae6edcfcf
Count = 24
Klen = 32
Mlen = 16
Tlen = 10
Key = 3a75a9d2bdb8c804ba4ab4983573a6b253160dd90f8eddfb2fdc2ab17604f5c5
Msg = 42f35d5aa533a7a0a5f74e144f2a5f20
Mac = f1532f8732d9f5903007
Count = 25
Klen = 32
Mlen = 16
Tlen = 10
Key = ceedd503bdedaf238945bb060f6772ce36b67b118b98748d29ccee17dcfeb9d5
Msg = 4064b1cddf29c0c9adb380b2c1525074
Mac = 35b4b77e20cc372f5675
Count = 26
Klen = 32
Mlen = 16
Tlen = 10
Key = 739d3c7e0b5ea38678becd6fcae05a26c9bc79f22d7db6fb0d27140c9a7d5c98
Msg = f3c1888da16bb2de8579915debdde521
Mac = 16342e2b828eaef6969d
Count = 27
Klen = 32
Mlen = 16
Tlen = 10
Key = 4216333f61d3e89d149d274913d51cd2849cb6767d435039c4039134d9ef9030
Msg = ffead34ac26e21158212d07c367c3a7c
Mac = 29a70e4692d6acb92b79
Count = 28
Klen = 32
Mlen = 16
Tlen = 10
Key = 20225e1131dda70ef888ddfcb7f4e7400ccfff34bb63a079ae81a68f3ab7b1a2
Msg = a233fed49f866ba32f1c14a57b8e0542
Mac = 956f17e83094b9d762ca
Count = 29
Klen = 32
Mlen = 16
Tlen = 10
Key = c286bff65def16797bdfa7e70fd10c429e8127b53a09b5d6b44a26280e8dade4
Msg = 218b8756540fec98772183aee7ffa265
Mac = 4956abf4a4e05d59e8a0
Count = 30
Klen = 32
Mlen = 16
Tlen = 10
Key = 13ccb08a580efea53dfba6a59626bbe2a6dc26333eb8ec1a2572af3bbcf87813
Msg = 868058aa92f27a1eec013570a509c602
Mac = 66249fa56ee9b3dd4520
Count = 31
Klen = 32
Mlen = 16
Tlen = 10
Key = 6e0fcede3647b6b739d490e5b68836f0e74454de856c114b8f98f1bc488cf931
Msg = 8c09d421e09dac1d9d966f02a3a52097
Mac = 01e776d3c54f825d9ce1
Count = 32
Klen = 32
Mlen = 48
Tlen = 5
Key = dcba2ce01633937b1cdab12b2e83598a49c51609efae0f4026b62d82c3f280b5
Msg = 9aa3e8ad92777dfeb121a646ce2e918d1e12b30754bc09470d6da4af6cc9642b012f041ff046569d4fd8d0dccfe448e5
Mac = 816282fb33
Count = 33
Klen = 32
Mlen = 48
Tlen = 5
Key = 0b122ac8f34ed1fe082a3625d157561454167ac145a10bbf77c6a70596d574f1
Msg = 498b53fdec87edcbf07097dccde93a084bad7501a224e388df349ce18959fe8485f8ad1537f0d896ea73bedc7214713f
Mac = f62c46329b
Count = 34
Klen = 32
Mlen = 48
Tlen = 5
Key = 7511f3a04e0ea0e7ceda9e06666d1553ab5863840ba76db6b80b37b5e939b377
Msg = 30834308187b8be1be405d4b274d97b5d8ab71905064185fd73b990d769a018447ccc27bef6c598f681e2e96047dbc30
Mac = c04ff71638
Count = 35
Klen = 32
Mlen = 48
Tlen = 5
Key = ae7e255de0c5fd0f59e634ddd8f7953697975a3bc68a428239a3e4135ee743b7
Msg = f8e4c7147fbc3b09f4a1feae73112224afc5107b87efc217dac033589b2d147a28f3c1b9d7d873b9d234b72626b11f97
Mac = 5582966899
Count = 36
Klen = 32
Mlen = 48
Tlen = 5
Key = ea68a20612f3310649e7c63246b26a7efd016030677a083a85ae03c7a3499814
Msg = a0629aaac155fe0363ab8bf0221e621bcece73c86f369c66865f156396530b45e3d58bf77a4fa260710cc33a70a76822
Mac = eac72a8229
Count = 37
Klen = 32
Mlen = 48
Tlen = 5
Key = 9b1e7e52ea1a12444d884866e11dcf367b70b816460936fdaebba36d7d35c4a5
Msg = eb80a43c5986deee6925d7c6d53cbdcbe11194843ea133f72d3590d8e8363efa3d4234097c7fd07b93301cc478864fc9
Mac = ea1a350fc8
Count = 38
Klen = 32
Mlen = 48
Tlen = 5
Key = 50f5ecc3b95a1b5db44ae5706a9bd91d061c9b4a697937a21e5eb4dd90dfed42
Msg = ab23b53c5d8a477721201a77ee927c6a0d92a6b320cce185621cedb130fea2bcc946d835521185451dfb25882a925f1b
Mac = 61778985d9
Count = 39
Klen = 32
Mlen = 48
Tlen = 5
Key = 45c2c86fc0ad37d8abbed5cc9dbc9c76e64af2add11a16c9265ebeb6f37fff47
Msg = e5267407c93e225cebb9503966568f7406c1af33ac653e5cf4814b4d167e6fce0a800f43f03bdb27ae089ab5db372ae8
Mac = 073e125891
Count = 40
Klen = 32
Mlen = 48
Tlen = 10
Key = d1abde73d927eef381f37abc254ed995fed933d499419523871d4484571a5293
Msg = 21ed22abc7bbb62fb2d51d1fb8830ca95b16213f56291af976274934ab0d43805f71d9b906c44973f7d4b59b7a94d35c
Mac = 3ad12df7acebdf36ee1a
Count = 41
Klen = 32
Mlen = 48
Tlen = 10
Key = 615b79304be63ee74cb1b63581f5863862d78a6b48e177c22db3bef7b3f6b31e
Msg = 99aeb57d7f95703abbca5a215a3197534916139c75c1c6a5304b376bd7b03fefb12410301bab7556e2e45c30f12591e0
Mac = f3f16805e1c7326524bd
Count = 42
Klen = 32
Mlen = 48
Tlen = 10
Key = 506e8f2efc8733b454fba43a74c7fa4d428b6626a2ea0a2ee9340ec19542f032
Msg = ac087420feb1e1e8c2546c2a8b8a5af0d03b05f7e5bf74fa29432e33826f50200646de83fb4d57ac02ef8cfa8f20b1a0
Mac = 32c77c481821184a3e72
Count = 43
Klen = 32
Mlen = 48
Tlen = 10
Key = cdb6ef161bd4be6f0381ca5479f048b8f2d2f7edca26a617e353f8e19074646e
Msg = 1341a69f685f376cc53cff3252347bce8d9a42cbe2fd39ca7baa06275972c7d9a4ae039a3f80e049a05b978cdfc526b9
Mac = c663efb93209a0ea1068
Count = 44
Klen = 32
Mlen = 48
Tlen = 10
Key = 7bef8d35616108922aab78936967204980b8a4945b31602f5ef2feec9b144841
Msg = 40affd355416200191ba64edec8d7d27ead235a7b2e01a12662273deb36379b8a748c422c31e046152d6f196f94e852b
Mac = b2d078071e318ec88de9
Count = 45
Klen = 32
Mlen = 48
Tlen = 10
Key = 3237b8b4b19b31a220dfe63882937f8d5ead677608c42a57217f2239614c521d
Msg = cb4239f3d724c00fad64f8bddd638d8b10370e5becfcef5b386fd43841b90d8f7c885ca56c64ff57c641ea54d4505589
Mac = 810dc0f31bfbcc8f5633
Count = 46
Klen = 32
Mlen = 48
Tlen = 10
Key = 0f7b1420258e1d82cd6949ff87e327c4611b668db35f2fb00c4db95d6c381724
Msg = 2feacaa68aa5706f4288e5ee677067fbc50bb8e2c3321f5c8b79afbe6b04cb717b9ceaa28101983a1182be11f9cc225e
Mac = 7c25582e24ce3317a63d
Count = 47
Klen = 32
Mlen = 48
Tlen = 10
Key = 85e3e6391b13c2a32369b23680504cbf1c127b10d2367ff68c0c356ba886990c
Msg = 674a7b4be56996d4fa5a6d8a64b6cc5b6a7947d76c4f7392be0e56cab7831b4a04710a8e42d7b828cd727b63d2832125
Mac = 3df3b0296892b03b24d0
Count = 48
Klen = 32
Mlen = 10
Tlen = 5
Key = 6c0b2c3c5fec961ab84e68f56ca166586e5942fb2594b18a1dfdc4a8fdf07634
Msg = f08f890875e139480489
Mac = b49c2239e7
Count = 49
Klen = 32
Mlen = 10
Tlen = 5
Key = c69f7c5a50f3e72123371bbfd6bdf532b99ef78500508dfe237a949884061cb3
Msg = 047840ea96850ee5c0fc
Mac = e5a8fa8047
Count = 50
Klen = 32
Mlen = 10
Tlen = 5
Key = 7e8ea82d1137c1e233522da12626e90a5f66a988e70664cb014c12790d2ab520
Msg = 19ebfde2d5468ba0a303
Mac = 8f3d3d12bb
Count = 51
Klen = 32
Mlen = 10
Tlen = 5
Key = de8e84440ad97d0ae5001b3590b5182b2f9b5cc09158c2f00fec1fd4b64181cf
Msg = 0cfcd5f96da1c6c66cbd
Mac = 082b5ab895
Count = 52
Klen = 32
Mlen = 10
Tlen = 5
Key = 8de30b07e8352f91ac06aa967c3a62b48d035053b9a63188cf837e3a2e509f83
Msg = d3b27343119c0ac00a98
Mac = 71530400ab
Count = 53
Klen = 32
Mlen = 10
Tlen = 5
Key = 91ab9c7b77abc6bdb043758bfb87802d0da566f48610e57b24ddc92d366d0307
Msg = d40d2736e8669c98ba42
Mac = ad41f7f8d9
Count = 54
Klen = 32
Mlen = 10
Tlen = 5
Key = 6364071a20bf787b16cbcc58397abcd135957d970401f253bf402046b43ae22c
Msg = fa490aeb51b2c516f49a
Mac = 0421c439f7
Count = 55
Klen = 32
Mlen = 10
Tlen = 5
Key = 4ebe07d03c93e849b4bbfe9f2d2294bf6ccab457f76d3f99cb643d3c51c771c3
Msg = a38231af405dc7b70c8d
Mac = 41e5c8068d
Count = 56
Klen = 32
Mlen = 10
Tlen = 10
Key = 712e6cc33d3d1f442776d546f4d5a25b7d23402a5fd65e6ef3333a4281b5729b
Msg = 56c026b8a71974ff7ecd
Mac = df8dc096f5b385faaffa
Count = 57
Klen = 32
Mlen = 10
Tlen = 10
Key = bd05d26ebfcb5f6e102e79976fbd038e02da6a64a6be90bb84bd092be5cb8ae4
Msg = bd637f707f9e8d4f0cb7
Mac = a7cc46fa9fc37800339d
Count = 58
Klen = 32
Mlen = 10
Tlen = 10
Key = afa88f18ae879a38cbfb2138484a22b0afe90aea71947797cd9d42c0f385bdff
Msg = deef247a0573e87a6474
Mac = 03b5a18924f92f3ebc76
Count = 59
Klen = 32
Mlen = 10
Tlen = 10
Key = 273cc5013785baeb5abc79c8bde73af71085d7018e7be92a37512e46609e2fce
Msg = e30f71cca7fd341551b1
Mac = 8291ac51a937856300c0
Count = 60
Klen = 32
Mlen = 10
Tlen = 10
Key = b97e055e3306cf1de468859fb2445c1695012ec84db5ca1250448fad07cb3930
Msg = b204fe3357150f7289f6
Mac = d9e121bb4ee358df64cd
Count = 61
Klen = 32
Mlen = 10
Tlen = 10
Key = f8c3eb48608018d3c7701c956146e68bc19fb7c6499e3326e5d3b966f962f058
Msg = 405056131c3293f9d9f0
Mac = c549b625c6cab8360d2e
Count = 62
Klen = 32
Mlen = 10
Tlen = 10
Key = 7c7c857ade97ace0595fed960efe1939f61991b12502af094f30617d8bed17d5
Msg = 95534b3d85495a7bc8c5
Mac = 8f5c9dddac54694499dc
Count = 63
Klen = 32
Mlen = 10
Tlen = 10
Key = ffb795d9a4f1af7847c82560eb0728545921f1f6b773f8315cc867d4e322ce7f
Msg = fb7ffb9ede5639dc7ea9
Mac = c68f3e63165d07170cad
Count = 64
Klen = 32
Mlen = 15
Tlen = 5
Key = f64e41e62cae5c26fbd3738916f5f39b67a62f3202fef8ac57f56e78ab1015d8
Msg = 449f3e3ce08b72f4f9bcad194acdad
Mac = 4019fda078
Count = 65
Klen = 32
Mlen = 15
Tlen = 5
Key = 7a07d53dfd8390b9c2cd25e4c190def22ebd3c6c4338e0813fd1ab9eaf75253e
Msg = 73cd8c9b7502796e75dd9e1a5ab2cf
Mac = c74145e986
Count = 66
Klen = 32
Mlen = 15
Tlen = 5
Key = cf3b0ebee6b4ac11aa7678b2f5453c1307af5cda7c34672a7baaec252fe08faf
Msg = e4bd45e31e1d3cf9276096c18d2d70
Mac = 326b023904
Count = 67
Klen = 32
Mlen = 15
Tlen = 5
Key = 479720cddaa5e008fa194bb859ec3fce76b2d696c229a0e702122f9df43fd948
Msg = 3a987eb87958080128f08dcdf91e63
Mac = 1ebeca94ae
Count = 68
Klen = 32
Mlen = 15
Tlen = 5
Key = d32ffd217fb41ef4a2b31d3a47a5e8386925fb90fbe980ca2cf6ba34e814a3ec
Msg = af87b347b59e37a424004a00907dcb
Mac = d628508d13
Count = 69
Klen = 32
Mlen = 15
Tlen = 5
Key = 55b59eb434dd1ba3723ee0dc7286731a0afc956e21be759a7d4d23bbd64c472c
Msg = 5e22dffb5ff90aabfc5d6a24013c46
Mac = 7a5e2b2481
Count = 70
Klen = 32
Mlen = 15
Tlen = 5
Key = 94897ce2de8d0aa884f9ecd4c61ff580abfa0c89e7792d89021bb005b7bccee8
Msg = 4a5810b121c91bb4eb31cd1a8059e0
Mac = cb940e9579
Count = 71
Klen = 32
Mlen = 15
Tlen = 5
Key = f95d64a513a9f3e6c95c9ed27b22fafd7dd10da52636029523142149116aff53
Msg = fd940ba0ea21a9341cfc088df2171e
Mac = b099d3f2b4
Count = 72
Klen = 32
Mlen = 15
Tlen = 10
Key = 2f4a6501d8fe7b65f607757ddff6ed87ae0681b98b53331d2d46109f9c541065
Msg = 4fa9ac1b544afcd85ac32ac0909c74
Mac = c02e8b66f9fc263b8fb0
Count = 73
Klen = 32
Mlen = 15
Tlen = 10
Key = 012b4cfce8a1acd89de5f6f78794e2813bbcdb89959dafec08ac8a7c32de255e
Msg = 7cabdc7eacd764001509c925edef0d
Mac = 0da78ac83b1c0141968c
Count = 74
Klen = 32
Mlen = 15
Tlen = 10
Key = bb3087d1b5b0f6f14a532c3604c82874fb15e97a4b3883dfc50e71ffe5752d40
Msg = 90a10e977c80cd885ff45487e90365
Mac = 6fdc6c626e9a8be6c34c
Count = 75
Klen = 32
Mlen = 15
Tlen = 10
Key = 569d50d2ea793302102714e517416e1bee942fe59f8d623a1aee0b1834c55219
Msg = c2c5846614fba01347ed69221daab9
Mac = 6b475d0667255b5a49ab
Count = 76
Klen = 32
Mlen = 15
Tlen = 10
Key = 698bf4fc0b9c2196162d9405b5ce7460ef7e8dd884094fa617951a429277b9d6
Msg = 03c0dff0253a0dcc9afd9fc6dbeef4
Mac = f00b02485fc68158f84f
Count = 77
Klen = 32
Mlen = 15
Tlen = 10
Key = 7b352c47a4718938f842f6924684edb8f6512f33f9245cfa003ec1f0ec4971af
Msg = e48dfaa53b6807ea6f01d8dca67960
Mac = 1b5818e13a629caf728b
Count = 78
Klen = 32
Mlen = 15
Tlen = 10
Key = b331553cfe0308f1be6b162d11a12ff9ab144f6b1da42b785711ce0a6cb38452
Msg = 240ac67c0bfb4254d8cc6183ecf213
Mac = f5a1d5715ceaaefe1734
Count = 79
Klen = 32
Mlen = 15
Tlen = 10
Key = 397e826e6f0e7eb141087b3c5eb6aa47b399950827526bc289c398fec6719918
Msg = 72142aa104b778564edf32daebcb64
Mac = 834a790b5c40f4cf7692
Count = 80
Klen = 32
Mlen = 48
Tlen = 5
Key = 166cc49ca548d5bd871751ce05c604bc6a4b97dace2e07822d4856ffbccb80aa
Msg = 065ff9e8d511c61da3a554d598aebd51419a8592ee8723c95858bd0f87083456f33f609fea239d6e3171867beecc00ab
Mac = 150d928f7e
Count = 81
Klen = 32
Mlen = 48
Tlen = 5
Key = 80441013c0cce59292a799e58a2fee5b0758daa15741d0ef2209417f05e46343
Msg = 6fd89e3eb7b048eaf66beeb2ae543ede159b3ab66855319f81c5ee88acda2f84b7f859b848fc6978737a2ead8c48b67a
Mac = 0e7679e2db
Count = 82
Klen = 32
Mlen = 48
Tlen = 5
Key = e0e54be32dca732c5780f9e68816fdc17de4cde68c79078be5d5fec518d95f9e
Msg = f706a3e09df95d3e21d2e0c886dc5dbd9eeb6a2fc53f5108cfacae4a3ef8399bb885e000b92f19e98678766e62e379d8
Mac = d913ea746b
Count = 83
Klen = 32
Mlen = 48
Tlen = 5
Key = 4767cfb06f010a20fdfa790dc91acb391fccd9ebb8363636e9aa087d1b3d1737
Msg = cf38216a33db0f5b6c4c9f413ba29f8001ffb5f4bfb7f63340b5b313951b966dc229ee20b760485882e73f10c22d95d5
Mac = 84056758cc
Count = 84
Klen = 32
Mlen = 48
Tlen = 5
Key = b8244a86f99f5b0d7533c599b1205a0627c9816e99b82c4ca4e10ae1982bfdd7
Msg = f12ee9d37946cfd88516cbe4a046f08c9bbba76a3973ff1e2cb14493405bd384d7a02c3e95dd49a75cc22f7f7bb1c2e6
Mac = d70c237f94
Count = 85
Klen = 32
Mlen = 48
Tlen = 5
Key = 9523f53f92b6e4ba86e56e11e0fa09f2672b6269c411fcf8415c19e9d0c4dde3
Msg = f0b3522e21a33992e9af29c48d58b3e33d5da15b4726d2678b6245d52ff0730a94fbe245886af728bd770c74799dc214
Mac = 4bed0d0a2b
Count = 86
Klen = 32
Mlen = 48
Tlen = 5
Key = 9caa7d82a499d92ab491bb6c7bd66256617e9d4fbdd5989f48fff532d2df1e98
Msg = effcea4e4dbc57410426b39fcf51c9daecd9d310888590d77827973a29c4ebffdaf5cf2c088ddcc92a7c50e69ff4a9e0
Mac = 3cada30439
Count = 87
Klen = 32
Mlen = 48
Tlen = 5
Key = 68c2249c8a338f6358963638bd016c71c027a600a1202f5225681d772e298382
Msg = e6ffb8b4bc6127e2fe74a8773628b517466ad733a9560eddfda873dabe741cf9551840a4516e9bb5f446148bf1139e5c
Mac = d9f205e453
Count = 88
Klen = 32
Mlen = 48
Tlen = 10
Key = a4b91d7d6b655945d711c203f7e2f99da891e3380a12b7ff3073551f1c06da16
Msg = ad17e9724a19959a92425cbb099193ec38fca8edb0614eba4dbfda60b8a6ed102fec547289a22c3b74464a02023ada50
Mac = 34f439ba9d90c8555b21
Count = 89
Klen = 32
Mlen = 48
Tlen = 10
Key = 97b9814d6cb36376c4730dfde6349c19741b743095c784035229cb2741961ab4
Msg = 635f20accf83befe972cfdcbcdf79e2549256aff43e3699021cf55fd8db94e32cba6cf10491be1ce78988f99db62997e
Mac = e0e61b45ff5ac43b504d
Count = 90
Klen = 32
Mlen = 48
Tlen = 10
Key = 8a981033d7b4eb4cc9648ba26ad9679c1550dcf32df17fb80ef6b299440f7560
Msg = ad7883c7bec55f31ccf6f62bda15fc2fcb890ef6c8e738e8e10bbad6f7680cebd99c1fe0ad47e670921e150c833b29cf
Mac = 2665bb30e4fd690d485c
Count = 91
Klen = 32
Mlen = 48
Tlen = 10
Key = 1bbf5a21762dd5a9371ea48fc6e919f494cdc3325d27dbb8aae8de1599477c52
Msg = 5c98dae543dd618cd6c9ed391864335f01d9869321859d40874e959ce13639dae52f82a2ef325abeeb8ba516757782de
Mac = 02ce2699e19f7d1da2b2
Count = 92
Klen = 32
Mlen = 48
Tlen = 10
Key = f81ea615e48c0a25410ff15c1566b10a83fb9d839b667dc577333b5b83e5df81
Msg = 17fabce1237e7a0cb5cbc6d1ab5dfcace0ab85f698ff555c1e86b890aba34f3e8a8955427a09271854a80494edf511d3
Mac = 5202993b20642a8f3cfc
Count = 93
Klen = 32
Mlen = 48
Tlen = 10
Key = 23e5422e8d7560a9e65642b5e723a47536c16791f3a0cf918d3dee8adbec60fd
Msg = b9ee1400186c0c0774401a815bcde30d3be1d4f87f42646cfb8a99e48a35cee3f5f9b3e6175695973f6de043d615e28e
Mac = 1775847019ca9b88683e
Count = 94
Klen = 32
Mlen = 48
Tlen = 10
Key = 7cfc086d10659d7cb9247208358dd82c03b8dbd8233223231df218e2448f4a79
Msg = a3af8f99703a601086c2a1ffe55fde4c2c4153dbff8d6601ab68743c0d50d021b0b3099535ba6c40f866ca3ff0df7c19
Mac = 9d713a1944b8eb649584
Count = 95
Klen = 32
Mlen = 48
Tlen = 10
Key = d0f46fb37d516cc957aaefd3be2a8bede885330a8edb96f3e5e0ab8cd03a8c59
Msg = 60c5ec2170e9bf2b0d24174a7bbbf41056e778a3772cefb71ce60cb94225754d56ba83fb0d9242259143c03ddde58435
Mac = 03f592d81ce503133129

122
testvectors/CMACtest.c
View File

@@ -1,122 +0,0 @@
/*
==============================================================================
Name : CMACtest.c
Author : polfosol
Version : 1.5.1.1
Copyright : copyright © 2022 - polfosol
Description : illustrating how to validate NIST's vectors for AES-CMAC
==============================================================================
*/
#include <stdio.h>
#include "../micro_aes.h"
#define TESTFILEPATH "CMACGenAES128.rsp"
static void str2bytes(const char* hex, uint8_t* bytes)
{
unsigned shl = 0;
for (--bytes; *hex; ++hex)
{
if (*hex < '0' || 'f' < *hex) continue;
if ((shl ^= 4) != 0) *++bytes = 0;
*bytes |= (*hex % 16 + (*hex > '9') * 9) << shl;
}
}
static void bytes2str(const uint8_t* bytes, char* str, const size_t len)
{
const char offset = 0x27; /* offset must be 7 for uppercase */
size_t i = len + len, shr = 0;
for (str[i] = 0; i--; shr ^= 4)
{
str[i] = bytes[i / 2] >> shr & 0xF | '0';
if (str[i] > '9') str[i] += offset;
}
}
static int ciphertest(uint8_t* key, uint8_t* d, uint8_t* m, size_t ds, size_t ms, char* r)
{
char sk[2*AES_KEY_SIZE + 1], smac[33], msg[30];
uint8_t tmp[32], t = 0;
sprintf(msg, "%s", "passed the test");
AES_CMAC(key, d, ds, tmp);
t = memcmp(m, tmp, ms);
if (t) sprintf(msg, "%s", "failed");
bytes2str(key, sk, AES_KEY_SIZE);
bytes2str(m, smac, ms);
sprintf(r, "%s\nK: %s\nmac: %s\n", msg, sk, smac);
return t;
}
int main()
{
const char *linehdr[] = { "Key = ", "Msg = ", "Mac = " };
char buffer[0x20100], *value = "";
size_t pass = 0, nf = 0, sk = 0, sd = 0, sm = 0;
uint8_t i, n = 0, key[32], d[0x10100], m[32];
FILE *fp, *fs, *ferr;
fp = fopen(TESTFILEPATH, "r");
fs = fopen("passed.log", "w");
ferr = fopen("failed.log", "w");
if (fp == NULL)
{
printf("File not found: %s\n", TESTFILEPATH);
return 1;
}
if (!fs || !ferr) return 1;
while (fgets(buffer, sizeof buffer, fp) != NULL)
{
buffer[strcspn(buffer, "\n")] = 0;
if (strlen(buffer) < 4) continue;
for (i = 0; i < 3; i++)
{
if (strncmp(buffer, linehdr[i], strlen(linehdr[i])) == 0)
{
value = strrchr(buffer, ' ') + 1;
break;
}
}
switch (i)
{
case 0:
sk = strlen(value) / 2;
if (sk == AES_KEY_SIZE) str2bytes(value, key);
break;
case 1:
sd = strlen(value) / 2;
str2bytes(value, d);
sd -= (sd == 1 && d[0] == 0);
++n;
break;
case 2:
sm = strlen(value) / 2;
str2bytes(value, m);
++n;
break;
}
if (n == 2)
{
if (sk == AES_KEY_SIZE)
{
n = ciphertest(key, d, m, sd, sm, buffer);
fprintf(n ? ferr : fs, "%s\n", buffer); /* save the log */
i = n == 0 ? ++pass : ++nf;
}
n = 0;
}
}
printf ("CMAC test cases: %d\nsuccessful: %d\nfailed: %d\n", pass + nf, pass, nf);
fclose(fp); fclose(fs); fclose(ferr);
if (nf == 0)
{
remove("passed.log"); remove("failed.log");
}
return 0;
}

46
testvectors/CMACtest.cbp
View File

@@ -1,46 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<CodeBlocks_project_file>
<FileVersion major="1" minor="6" />
<Project>
<Option title="CMACtest" />
<Option pch_mode="2" />
<Option compiler="gcc" />
<Build>
<Target title="Debug">
<Option output="bin/Debug/testvecs" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/Debug/" />
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-pedantic" />
<Add option="-g" />
<Add option="-ansi" />
</Compiler>
</Target>
<Target title="Release">
<Option output="bin/Release/testvecs" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/Release/" />
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-O2" />
<Add option="-pedantic" />
<Add option="-ansi" />
</Compiler>
<Linker>
<Add option="-s" />
</Linker>
</Target>
</Build>
<Unit filename="../micro_aes.c">
<Option compilerVar="CC" />
</Unit>
<Unit filename="../micro_aes.h" />
<Unit filename="CMACtest.c">
<Option compilerVar="CC" />
</Unit>
<Extensions>
<lib_finder disable_auto="1" />
</Extensions>
</Project>
</CodeBlocks_project_file>

167
testvectors/FPEtest.c
View File

@@ -1,167 +0,0 @@
/*
==============================================================================
Name : FPEtest.c
Author : polfosol
Version : 1.4.1.0
Copyright : copyright © 2022 - polfosol
Description : illustrating how to validate NIST's vectors for AES-FPE mode
==============================================================================
*/
#include <stdio.h>
#include "../micro_aes.h"
#define TESTFILEPATH "FPE_FF1&FF3&FF3-1.tv"
static void str2bytes(const char* hex, uint8_t* bytes)
{
unsigned shl = 0;
for (--bytes; *hex; ++hex)
{
if (*hex < '0' || 'f' < *hex) continue;
if ((shl ^= 4) != 0) *++bytes = 0;
*bytes |= (*hex % 16 + (*hex > '9') * 9) << shl;
}
}
static void bytes2str(const uint8_t* bytes, char* str, const size_t len)
{
const char offset = 0x27; /* offset must be 7 for uppercase */
size_t i = len + len, shr = 0;
for (str[i] = 0; i--; shr ^= 4)
{
str[i] = bytes[i / 2] >> shr & 0xF | '0';
if (str[i] > '9') str[i] += offset;
}
}
static int ciphertest(uint8_t* key, uint8_t* tk, char* a, char* p, char* c,
size_t n, size_t nt, char* r)
{
char sk[2*AES_KEY_SIZE + 1], st[65], msg[30], tmp[0x800], t = 0;
sprintf(msg, "%s", "passed the test");
#if FF_X == 3
AES_FPE_encrypt(key, tk, p, n, tmp);
#else
AES_FPE_encrypt(key, tk, nt, p, n, tmp);
#endif
if (memcmp(c, tmp, n))
{
sprintf(msg, "%s", "encrypt failure");
t = 1;
}
memset(tmp, 0xcc , sizeof tmp);
#if FF_X == 3
AES_FPE_decrypt(key, tk, c, n, tmp);
#else
AES_FPE_decrypt(key, tk, nt, c, n, tmp);
#endif
if (memcmp(p, tmp, n))
{
sprintf(msg, "%sdecrypt failure", t ? "encrypt & " : "");
t |= 2;
}
bytes2str(key, sk, AES_KEY_SIZE);
bytes2str(tk, st, nt);
sprintf(r, "%s\nA: %s\nK: %s\nT: %s\nP: %s\nC: %s", msg, a, sk, st, p, c);
return t;
}
int main()
{
const char *linehdr[] =
{
"Method = ", "Alphabet = ", "Key = ", "Tweak = ", "PT = ", "CT = "
}, *alphabets[] =
{
"0123456789", "01", "abcdefghijklmnopqrstuvwxyz",
"0123456789abcdefghijklmnopqrstuvwxyz", "*", "*", "*", "0123456789abcdefghijklmnop",
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/"
};
char buffer[0x1000], alpha[90], p[0x800], c[0x800], m[6], a = 0, *value = "";
size_t pass = 0, df = 0, ef = 0, sp = 0, st = 0;
uint8_t i, key[2*AES_KEY_SIZE], twk[32], sk = 0, n = 0;
FILE *fp, *fs, *ferr;
fp = fopen(TESTFILEPATH, "r");
fs = fopen("passed.log", "w");
ferr = fopen("failed.log", "w");
if (fp == NULL)
{
printf("File not found: %s\n", TESTFILEPATH);
return 1;
}
if (!fs || !ferr) return 1;
while (fgets(buffer, sizeof buffer, fp) != NULL)
{
buffer[strcspn(buffer, "\n")] = 0;
if (strlen(buffer) < 4) continue;
for (i = 0; i < 6; i++)
{
if (strncmp(buffer, linehdr[i], strlen(linehdr[i])) == 0)
{
value = strrchr(buffer, ' ') + 1;
break;
}
}
switch (i)
{
case 0:
strcpy(m, value);
break;
case 1:
for (i = 0; i < 9; i++)
{
if ((a = strlen(alphabets[i])) != strlen(value)) continue;
if (strncmp(value, alphabets[i], a) == 0) break;
}
strcpy(alpha, value); a = i;
break;
case 2:
sk = strlen(value) / 2;
str2bytes(value, key);
break;
case 3:
st = strlen(value) / 2; ++n;
str2bytes(value, twk);
break;
case 4:
sp = strlen(value);
strcpy(p, value);
break;
case 5:
++n;
strcpy(c, value);
break;
}
if (n == 2)
{
n = (FF_X == 3) ^ (m[2] != '3');
#if FF3_TWEAK_LEN == 8
n &= (st == 8); /* old FF3 with 8-byte tweak */
#else
n &= FF_X != 3 || !(st == 8 && twk[7]); /* FF3-1 */
#endif
if (n && a == CUSTOM_ALPHABET && sk == AES_KEY_SIZE)
{
n = ciphertest(key, twk, alpha, p, c, sp, st, buffer);
fprintf(n ? ferr : fs, "%s\n\n", buffer); /* save the log */
if (n == 0) ++pass;
if (n & 1) ++ef;
if (n & 2) ++df;
}
n = 0;
}
}
printf ("test cases: %d\nsuccessful: %d\nfailed encrypt: %d, failed decrypt: %d\n",
pass + (ef > df ? ef : df), pass, ef, df);
fclose(fp); fclose(fs); fclose(ferr);
if (ef + df == 0)
{
remove("passed.log"); remove("failed.log");
}
return 0;
}

46
testvectors/FPEtest.cbp
View File

@@ -1,46 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<CodeBlocks_project_file>
<FileVersion major="1" minor="6" />
<Project>
<Option title="FPEtest" />
<Option pch_mode="2" />
<Option compiler="gcc" />
<Build>
<Target title="Debug">
<Option output="bin/Debug/testvecs" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/Debug/" />
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-pedantic" />
<Add option="-ansi" />
<Add option="-g" />
</Compiler>
</Target>
<Target title="Release">
<Option output="bin/Release/testvecs" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/Release/" />
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-O2" />
<Add option="-pedantic" />
<Add option="-ansi" />
</Compiler>
<Linker>
<Add option="-s" />
</Linker>
</Target>
</Build>
<Unit filename="../micro_aes.c">
<Option compilerVar="CC" />
</Unit>
<Unit filename="../micro_aes.h" />
<Unit filename="FPEtest.c">
<Option compilerVar="CC" />
</Unit>
<Extensions>
<lib_finder disable_auto="1" />
</Extensions>
</Project>
</CodeBlocks_project_file>

46
testvectors/GCMTest.cbp
View File

@@ -1,46 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<CodeBlocks_project_file>
<FileVersion major="1" minor="6" />
<Project>
<Option title="GCMTest" />
<Option pch_mode="2" />
<Option compiler="gcc" />
<Build>
<Target title="Debug">
<Option output="bin/Debug/testvecs" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/Debug/" />
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-pedantic" />
<Add option="-g" />
<Add option="-ansi" />
</Compiler>
</Target>
<Target title="Release">
<Option output="bin/Release/testvecs" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/Release/" />
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-O2" />
<Add option="-pedantic" />
<Add option="-ansi" />
</Compiler>
<Linker>
<Add option="-s" />
</Linker>
</Target>
</Build>
<Unit filename="../micro_aes.c">
<Option compilerVar="CC" />
</Unit>
<Unit filename="../micro_aes.h" />
<Unit filename="GCMtest.c">
<Option compilerVar="CC" />
</Unit>
<Extensions>
<lib_finder disable_auto="1" />
</Extensions>
</Project>
</CodeBlocks_project_file>

154
testvectors/GCMtest.c
View File

@@ -1,154 +0,0 @@
/*
==============================================================================
Name : GCMtest.c
Author : polfosol
Version : 2.0.1.1
Copyright : copyright © 2022 - polfosol
Description : illustrating how to validate NIST's vectors for AES-GCM mode
==============================================================================
*/
#include <stdio.h>
#include "../micro_aes.h"
#define TESTFILEPATH "GCM_EncryptExtIV128.rsp"
static void str2bytes(const char* hex, uint8_t* bytes)
{
unsigned shl = 0;
for (--bytes; *hex; ++hex)
{
if (*hex < '0' || 'f' < *hex) continue;
if ((shl ^= 4) != 0) *++bytes = 0;
*bytes |= (*hex % 16 + (*hex > '9') * 9) << shl;
}
}
static void bytes2str(const uint8_t* bytes, char* str, const size_t len)
{
const char offset = 0x27; /* offset must be 7 for uppercase */
size_t i = len + len, shr = 0;
for (str[i] = 0; i--; shr ^= 4)
{
str[i] = bytes[i / 2] >> shr & 0xF | '0';
if (str[i] > '9') str[i] += offset;
}
}
static int ciphertest(uint8_t* key, uint8_t* iv, uint8_t* p, uint8_t* a, uint8_t* c,
size_t np, size_t na, uint8_t nt, char* r)
{
char sk[65], si[2*GCM_NONCE_LEN + 1], sp[0x100], sc[0x100], sa[0x100], msg[30];
uint8_t tmp[0x80], t = 0;
sprintf(msg, "%s", "passed the test");
AES_GCM_encrypt(key, iv, p, np, a, na, tmp, tmp + np);
if (memcmp(c, tmp, np + nt))
{
sprintf(msg, "%s", "encrypt failure");
t = 1;
}
memset(tmp, 0xcc , sizeof tmp);
t |= AES_GCM_decrypt(key, iv, c, np, a, na, nt, tmp) ? 2 : 0;
if (t > 1)
{
sprintf(msg, "%sdecrypt failure", t & 1 ? "encrypt & " : "");
}
bytes2str(key, sk, AES_KEY_SIZE);
bytes2str(iv, si, GCM_NONCE_LEN);
bytes2str(p, sp, np);
bytes2str(a, sa, na);
bytes2str(c, sc, np + nt);
sprintf(r, "%s\nK: %s\ni: %s\nP: %s\nA: %s\nC: %s", msg, sk, si, sp, sa, sc);
return t;
}
int main()
{
const char *linehdr[] = { "Key = ", "IV = ", "AAD = ", "PT = ", "CT = ", "Tag = " };
char buffer[0x800], *value = "", *line = "";
size_t pass = 0, df = 0, ef = 0, sk = 0, sn = 0, sp = 0, sa = 0, st = 0;
uint8_t key[AES_KEY_SIZE], tmp[AES_KEY_SIZE], iv[GCM_NONCE_LEN];
uint8_t i, p[96], c[112], a[96], t[16], rc = 1;
FILE *fp, *fs, *ferr;
fp = fopen(TESTFILEPATH, "r");
fs = fopen("passed.log", "w");
ferr = fopen("failed.log", "w");
if (fp == NULL)
{
printf("File not found: %s\n", TESTFILEPATH);
return 1;
}
if (!fs || !ferr) return 1;
do
{
if ((line = fgets(buffer, sizeof buffer, fp)) != NULL)
{
buffer[strcspn(buffer, "\n")] = 0;
if (strlen(buffer) < 4) continue;
}
for (i = 0; i < 6; i++)
{
if (strncmp(buffer, linehdr[i], strlen(linehdr[i])) == 0)
{
value = strrchr(buffer, ' ') + 1;
break;
}
}
switch (i)
{
case 0:
sk = strlen(value) / 2;
if (sk == AES_KEY_SIZE) str2bytes(value, tmp);
break;
case 1:
sn = strlen(value) / 2;
if (sn == GCM_NONCE_LEN) str2bytes(value, iv);
break;
case 2:
sa = strlen(value) / 2;
str2bytes(value, a);
break;
case 3:
sp = strlen(value) / 2;
str2bytes(value, p);
break;
case 4:
str2bytes(value, c);
break;
case 5:
st = strlen(value) / 2;
str2bytes(value, t);
break;
}
if (i == 0 || line == NULL)
{
if (!rc && sn == GCM_NONCE_LEN && sk == AES_KEY_SIZE)
{
memcpy(c + sp, t, st); /* put tag at the end */
rc = ciphertest(key, iv, p, a, c, sp, sa, st, buffer);
fprintf(rc ? ferr : fs, "%s\n", buffer); /* save the log */
if (rc == 0) ++pass;
else
{
if (rc & 1) ++ef;
if (rc & 2) ++df;
}
}
memcpy(key, tmp, sizeof key);
rc = 0;
}
} while (line != NULL);
printf ("test cases: %d\nsuccessful: %d\nfailed encrypt: %d, failed decrypt: %d\n",
pass + (ef > df ? ef : df), pass, ef, df);
fclose(fp); fclose(fs); fclose(ferr);
if (ef + df == 0)
{
remove("passed.log"); remove("failed.log");
}
return 0;
}

156
testvectors/OCBtest.c
View File

@@ -1,156 +0,0 @@
/*
==============================================================================
Name : OCBtest.c
Author : polfosol
Version : 1.1.1.1
Copyright : copyright © 2022 - polfosol
Description : illustrating how to validate OpenSSL's vectors for AES-OCB mode
==============================================================================
*/
#include <stdio.h>
#include "../micro_aes.h"
#define TESTFILEPATH "OCB_AES128.tv"
static void str2bytes(const char* hex, uint8_t* bytes)
{
unsigned shl = 0;
for (--bytes; *hex; ++hex)
{
if (*hex < '0' || 'f' < *hex) continue;
if ((shl ^= 4) != 0) *++bytes = 0;
*bytes |= (*hex % 16 + (*hex > '9') * 9) << shl;
}
}
static void bytes2str(const uint8_t* bytes, char* str, const size_t len)
{
const char offset = 0x27; /* offset must be 7 for uppercase */
size_t i = len + len, shr = 0;
for (str[i] = 0; i--; shr ^= 4)
{
str[i] = bytes[i / 2] >> shr & 0xF | '0';
if (str[i] > '9') str[i] += offset;
}
}
static int ciphertest(uint8_t* key, uint8_t* iv, uint8_t* p, uint8_t* a, uint8_t* c,
size_t np, size_t na, uint8_t err, char* r)
{
char sk[2*AES_KEY_SIZE + 1], si[31], sp[0x100], sc[0x100], sa[0x100], msg[30];
uint8_t tmp[0x90], t = 0;
sprintf(msg, "%s", "passed the test");
AES_OCB_encrypt(key, iv, p, np, a, na, tmp, tmp + np);
if (memcmp(c, tmp, np + OCB_TAG_LEN) && !err)
{
sprintf(msg, "%s", "encrypt failure");
t = 1;
}
memset(tmp, 0xcc , sizeof tmp);
t |= 2 * (AES_OCB_decrypt(key, iv, c, np, a, na, OCB_TAG_LEN, tmp) && !err);
if (t > 1)
{
sprintf(msg, "%sdecrypt failure", t & 1 ? "encrypt & " : "");
}
bytes2str(key, sk, AES_KEY_SIZE);
bytes2str(iv, si, OCB_NONCE_LEN);
bytes2str(p, sp, np);
bytes2str(a, sa, na);
bytes2str(c, sc, np + OCB_TAG_LEN);
sprintf(r, "%s\nK: %s\ni: %s\nP: %s\nA: %s\nC: %s", msg, sk, si, sp, sa, sc);
return t;
}
int main()
{
const char *linehdr[] =
{ "Key = ", "IV = ", "AAD = ", "Plaintext = ", "Ciphertext = ", "Tag = ", "Result = " };
char buffer[0x800], *value = "";
size_t pass = 0, df = 0, ef = 0, sk = 0, sn = 0, sp = 0, sa = 0, st = 0;
uint8_t key[AES_KEY_SIZE], tmp[AES_KEY_SIZE], iv[OCB_NONCE_LEN];
uint8_t i, p[0x80], c[0x90], a[0x80], t[16], rc = 1;
FILE *fp, *fs, *ferr;
fp = fopen(TESTFILEPATH, "r");
fs = fopen("passed.log", "w");
ferr = fopen("failed.log", "w");
if (fp == NULL)
{
printf("File not found: %s\n", TESTFILEPATH);
return 1;
}
if (!fs || !ferr) return 1;
while (fgets(buffer, sizeof buffer, fp) != NULL)
{
buffer[strcspn(buffer, "\n")] = 0;
if (strlen(buffer) < 4) continue;
for (i = 0; i < 7; i++)
{
if (strncmp(buffer, linehdr[i], strlen(linehdr[i])) == 0)
{
value = strrchr(buffer, ' ') + 1;
break;
}
}
switch (i)
{
case 0:
sk = strlen(value) / 2;
if (sk == AES_KEY_SIZE) str2bytes(value, tmp);
break;
case 1:
sn = strlen(value) / 2;
if (sn == OCB_NONCE_LEN) str2bytes(value, iv);
break;
case 2:
sa = strlen(value) / 2;
str2bytes(value, a);
break;
case 3:
sp = strlen(value) / 2;
str2bytes(value, p);
break;
case 4:
str2bytes(value, c);
break;
case 5:
st = strlen(value) / 2;
str2bytes(value, t);
break;
case 6:
i = strstr(value, "ERROR") - value;
i = 7 + (i > 0 && i < 0x100);
break;
}
if (i == 0 || i > 7)
{
if (!rc && sk == AES_KEY_SIZE && sn == OCB_NONCE_LEN && st == OCB_TAG_LEN)
{
memcpy(c + sp, t, st); /* put tag at the end */
rc = ciphertest(key, iv, p, a, c, sp, sa, i, buffer);
fprintf(rc ? ferr : fs, "%s\n", buffer); /* save the log */
if (rc == 0) ++pass;
else
{
if (rc & 1) ++ef;
if (rc & 2) ++df;
}
}
memcpy(key, tmp, sizeof key);
rc = 0;
}
}
printf ("test cases: %d\nsuccessful: %d\nfailed encrypt: %d, failed decrypt: %d\n",
pass + (ef > df ? ef : df), pass, ef, df);
fclose(fp); fclose(fs); fclose(ferr);
if (ef + df == 0)
{
remove("passed.log"); remove("failed.log");
}
return 0;
}

46
testvectors/OCBtest.cbp
View File

@@ -1,46 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<CodeBlocks_project_file>
<FileVersion major="1" minor="6" />
<Project>
<Option title="OCBtest" />
<Option pch_mode="2" />
<Option compiler="gcc" />
<Build>
<Target title="Debug">
<Option output="bin/Debug/testvecs" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/Debug/" />
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-pedantic" />
<Add option="-g" />
<Add option="-ansi" />
</Compiler>
</Target>
<Target title="Release">
<Option output="bin/Release/testvecs" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/Release/" />
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-O2" />
<Add option="-pedantic" />
<Add option="-ansi" />
</Compiler>
<Linker>
<Add option="-s" />
</Linker>
</Target>
</Build>
<Unit filename="../micro_aes.c">
<Option compilerVar="CC" />
</Unit>
<Unit filename="../micro_aes.h" />
<Unit filename="OCBtest.c">
<Option compilerVar="CC" />
</Unit>
<Extensions>
<lib_finder disable_auto="1" />
</Extensions>
</Project>
</CodeBlocks_project_file>

123
testvectors/Poly1305test.c
View File

@@ -1,123 +0,0 @@
/*
==============================================================================
Name : Poly1305test.c
Author : polfosol
Version : 1.1.1.1
Copyright : copyright © 2022 - polfosol
Description : illustrating how the test vectors of Poly1305-AES are processed
==============================================================================
*/
#include <stdio.h>
#include "../micro_aes.h"
#define TESTFILEPATH "Poly1305AES128.tv"
static void str2bytes(const char* hex, uint8_t* bytes)
{
unsigned shl = 0;
for (--bytes; *hex; ++hex)
{
if (*hex < '0' || 'f' < *hex) continue;
if ((shl ^= 4) != 0) *++bytes = 0;
*bytes |= (*hex % 16 + (*hex > '9') * 9) << shl;
}
}
static void bytes2str(const uint8_t* bytes, char* str, const size_t len)
{
const char offset = 0x27; /* offset must be 7 for uppercase */
size_t i = len + len, shr = 0;
for (str[i] = 0; i--; shr ^= 4)
{
str[i] = bytes[i / 2] >> shr & 0xF | '0';
if (str[i] > '9') str[i] += offset;
}
}
static int ciphertest(uint8_t* key, uint8_t* nnc, uint8_t* d, uint8_t* m, size_t ds, char* r)
{
char sk[2*AES_KEY_SIZE + 33], smac[33], msg[30];
uint8_t tmp[32], t = 0;
sprintf(msg, "%s", "passed the test");
AES_Poly1305(key, nnc, d, ds, tmp);
t = memcmp(m, tmp, 16);
if (t) sprintf(msg, "%s", "failed");
bytes2str(key, sk, AES_KEY_SIZE + 16);
bytes2str(m, smac, 16);
sprintf(r, "%s\nK: %s\npoly: %s\n", msg, sk, smac);
return t;
}
int main()
{
const char *linehdr[] = { "Keys = ", "Nonce = ", "Msg = ", "PolyMac = " };
char buffer[0x20100], *value = "";
size_t pass = 0, nf = 0, sk = 0, sd = 0;
uint8_t i, n = 0, key[AES_KEY_SIZE + 16], nc[16], d[0x10100], m[16];
FILE *fp, *fs, *ferr;
fp = fopen(TESTFILEPATH, "r");
fs = fopen("passed.log", "w");
ferr = fopen("failed.log", "w");
if (fp == NULL)
{
printf("File not found: %s\n", TESTFILEPATH);
return 1;
}
if (!fs || !ferr) return 1;
while (fgets(buffer, sizeof buffer, fp) != NULL)
{
buffer[strcspn(buffer, "\n")] = 0;
if (strlen(buffer) < 4) continue;
for (i = 0; i < 4; i++)
{
if (strncmp(buffer, linehdr[i], strlen(linehdr[i])) == 0)
{
value = strrchr(buffer, ' ') + 1;
break;
}
}
switch (i)
{
case 0:
sk = strlen(value) / 2;
if (sk == AES_KEY_SIZE + 16) str2bytes(value, key);
break;
case 1:
str2bytes(value, nc);
break;
case 2:
sd = strlen(value) / 2;
str2bytes(value, d);
++n;
break;
case 3:
str2bytes(value, m);
++n;
break;
}
if (n == 2)
{
if (sk == AES_KEY_SIZE + 16)
{
n = ciphertest(key, nc, d, m, sd, buffer);
fprintf(n ? ferr : fs, "%s\n", buffer); /* save the log */
i = n == 0 ? ++pass : ++nf;
}
n = 0;
}
}
printf ("Poly1305 test cases: %d\nsuccessful: %d\nfailed: %d\n", pass + nf, pass, nf);
fclose(fp); fclose(fs); fclose(ferr);
if (nf == 0)
{
remove("passed.log"); remove("failed.log");
}
return 0;
}

46
testvectors/Poly1305test.cbp
View File

@@ -1,46 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<CodeBlocks_project_file>
<FileVersion major="1" minor="6" />
<Project>
<Option title="Poly1305test" />
<Option pch_mode="2" />
<Option compiler="gcc" />
<Build>
<Target title="Debug">
<Option output="bin/Debug/testvecs" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/Debug/" />
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-pedantic" />
<Add option="-g" />
<Add option="-ansi" />
</Compiler>
</Target>
<Target title="Release">
<Option output="bin/Release/testvecs" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/Release/" />
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-O2" />
<Add option="-pedantic" />
<Add option="-ansi" />
</Compiler>
<Linker>
<Add option="-s" />
</Linker>
</Target>
</Build>
<Unit filename="../micro_aes.c">
<Option compilerVar="CC" />
</Unit>
<Unit filename="../micro_aes.h" />
<Unit filename="Poly1305test.c">
<Option compilerVar="CC" />
</Unit>
<Extensions>
<lib_finder disable_auto="1" />
</Extensions>
</Project>
</CodeBlocks_project_file>

8
testvectors/README.md
View File

@@ -1,9 +1,7 @@
### Testing µAES
---
This folder contains some of the NIST's official [CAVP](https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/cavp-testing-block-cipher-modes) test vectors. The `*.rsp` files are courtesy of the NIST. Some sample codes are provided alongside them to demonstrate how they are used. As of late 2022, they have set up an [official repository](https://github.com/usnistgov/ACVP-Server) for cryptographic algorithm validation.
This folder contains some of the NIST's official [CAVP](https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/cavp-testing-block-cipher-modes) test vectors. The `*.rsp` files are courtesy of the NIST. As of late 2022, they have set up an [official repository](https://github.com/usnistgov/ACVP-Server) for cryptographic algorithm validation. Also a few additional FPE test vectors are taken from [[1](https://github.com/ubiqsecurity/ubiq-fpe-c/tree/master/src/test), [2](https://github.com/mysto/python-fpe/tree/main/ff3), [3](https://github.com/0NG/Format-Preserving-Encryption)], and the OCB vectors are borrowed from [OpenSSL](https://github.com/openssl/openssl/blob/5a7bc0be97dee9ac715897fe8180a08e211bc6ea/test/evpciph.txt).
To do some extra tests, a bunch of additional FPE test vectors are taken from [[1](https://github.com/ubiqsecurity/ubiq-fpe-c/tree/master/src/test), [2](https://github.com/mysto/python-fpe/tree/main/ff3), [3](https://github.com/0NG/Format-Preserving-Encryption)], and the OCB test vectors are borrowed from [OpenSSL](https://github.com/openssl/openssl/blob/5a7bc0be97dee9ac715897fe8180a08e211bc6ea/test/evpciph.txt).
Some sample codes are provided alongside these files to demonstrate how their content can be verified. Furthermore, the [`main.c`](../main.c) file contains a bunch of test vectors which are either generated by the [Crypto++®](https://github.com/weidai11/cryptopp) library or taken from various online documents. Please let me know if you faced any issues in verifying them.
Also in the `main.c` file of parent directory, you will find some other test vectors that are either generated by the [Crypto++®](https://www.cryptopp.com) library or taken from various online documents. Please let me know if you faced any issues in verifying them.
Needless to say, the µAES library has been successfully tested against all [CAVP's vectors](https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/cavp-testing-block-cipher-modes).
The Visual C++® [prject file](../prj_vc++.vcxproj) in parent directory is configured to compile and run `main.c` in 'Debug' mode, but in Release mode it runs [`aes_testvectors.c`](aes_testvectors.c) for test-vector verification. One can also use Code::Blocks [project files](aes_tests.cbp) if a different compiler is being used. Needless to say, µAES has been successfully tested against all [CAVP's vectors](https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/cavp-testing-block-cipher-modes).

143
testvectors/SIV_GCMtest.c
View File

@@ -1,143 +0,0 @@
/*
==============================================================================
Name : SIV_GCMtest.c
Author : polfosol
Version : 1.0.1.1
Copyright : copyright © 2023 - polfosol
Description : demonstrating how to validate ACVP vectors for AES-GCM-SIV mode
==============================================================================
*/
#include <stdio.h>
#include "../micro_aes.h"
#define TESTFILEPATH "SIV_GCM_ACVP.tv"
static void str2bytes(const char* hex, uint8_t* bytes)
{
unsigned shl = 0;
for (--bytes; *hex; ++hex)
{
if (*hex < '0' || 'f' < *hex) continue;
if ((shl ^= 4) != 0) *++bytes = 0;
*bytes |= (*hex % 16 + (*hex > '9') * 9) << shl;
}
}
static void bytes2str(const uint8_t* bytes, char* str, const size_t len)
{
const char offset = 0x27; /* offset must be 7 for uppercase */
size_t i = len + len, shr = 0;
for (str[i] = 0; i--; shr ^= 4)
{
str[i] = bytes[i / 2] >> shr & 0xF | '0';
if (str[i] > '9') str[i] += offset;
}
}
static int ciphertest(uint8_t* key, uint8_t* iv, uint8_t* p, uint8_t* a, uint8_t* c,
size_t np, size_t na, char* r)
{
char sk[2*AES_KEY_SIZE + 1], si[25], sp[0x100], sc[0x100], sa[0x100], msg[30];
uint8_t tmp[0x90], t = 0;
sprintf(msg, "%s", "passed the test");
GCM_SIV_encrypt(key, iv, p, np, a, na, tmp, tmp + np);
if (memcmp(c, tmp, np + 16))
{
sprintf(msg, "%s", "encrypt failure");
t = 1;
}
memset(tmp, 0xcc , sizeof tmp);
t |= 2 * GCM_SIV_decrypt(key, iv, c, np, a, na, 16, tmp);
if (t > 1)
{
sprintf(msg, "%sdecrypt failure", t & 1 ? "encrypt & " : "");
}
bytes2str(key, sk, AES_KEY_SIZE);
bytes2str(iv, si, 12);
bytes2str(p, sp, np);
bytes2str(a, sa, na);
bytes2str(c, sc, np + 16);
sprintf(r, "%s\nK: %s\ni: %s\nP: %s\nA: %s\nC: %s", msg, sk, si, sp, sa, sc);
return t;
}
int main()
{
const char *linehdr[] = { "key = ", "iv = ", "aad = ", "pt = ", "ct = " };
char buffer[0x400], *value = "";
size_t pass = 0, df = 0, ef = 0, sk = 0, sp = 0, sa = 0, n = 0;
uint8_t key[AES_KEY_SIZE], iv[12], p[80], c[96], a[80], i, j = 0;
FILE *fp, *fs, *ferr;
fp = fopen(TESTFILEPATH, "r");
fs = fopen("passed.log", "w");
ferr = fopen("failed.log", "w");
if (fp == NULL)
{
printf("File not found: %s\n", TESTFILEPATH);
return 1;
}
if (!fs || !ferr) return 1;
while (fgets(buffer, sizeof buffer, fp) != NULL)
{
buffer[strcspn(buffer, "\n")] = 0;
if (strlen(buffer) < 4) continue;
for (i = 0; i < 5; i++)
{
if (strncmp(buffer, linehdr[i], strlen(linehdr[i])) == 0)
{
value = strrchr(buffer, ' ') + 1;
break;
}
}
switch (i)
{
case 0:
sk = strlen(value) / 2;
if (sk == AES_KEY_SIZE) str2bytes(value, key);
break;
case 1:
if (strlen(value) == 24) str2bytes(value, iv);
break;
case 2:
sa = strlen(value) / 2;
str2bytes(value, a);
break;
case 3:
sp = strlen(value) / 2;
str2bytes(value, p); ++n;
break;
case 4:
str2bytes(value, c); ++n;
break;
}
if (n == 2)
{
if (sk == AES_KEY_SIZE)
{
n = ciphertest(key, iv, p, a, c, sp, sa, buffer);
fprintf(n ? ferr : fs, "%s\n", buffer); /* save the log */
if (n == 0) ++pass;
else
{
if (n & 1) ++ef;
if (n & 2) ++df;
}
}
n = 0;
}
}
printf ("test cases: %d\nsuccessful: %d\nfailed encrypt: %d, failed decrypt: %d\n",
pass + (ef > df ? ef : df), pass, ef, df);
fclose(fp); fclose(fs); fclose(ferr);
if (ef + df == 0)
{
remove("passed.log"); remove("failed.log");
}
return 0;
}

46
testvectors/SIV_GCMtest.cbp
View File

@@ -1,46 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<CodeBlocks_project_file>
<FileVersion major="1" minor="6" />
<Project>
<Option title="GCM_SIV_test" />
<Option pch_mode="2" />
<Option compiler="gcc" />
<Build>
<Target title="Debug">
<Option output="bin/Debug/testvecs" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/Debug/" />
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-pedantic" />
<Add option="-g" />
<Add option="-ansi" />
</Compiler>
</Target>
<Target title="Release">
<Option output="bin/Release/testvecs" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/Release/" />
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-O2" />
<Add option="-pedantic" />
<Add option="-ansi" />
</Compiler>
<Linker>
<Add option="-s" />
</Linker>
</Target>
</Build>
<Unit filename="../micro_aes.c">
<Option compilerVar="CC" />
</Unit>
<Unit filename="../micro_aes.h" />
<Unit filename="SIV_GCMtest.c">
<Option compilerVar="CC" />
</Unit>
<Extensions>
<lib_finder disable_auto="1" />
</Extensions>
</Project>
</CodeBlocks_project_file>

8013
testvectors/XTSGenAES256.rsp Normal file
View File

File diff suppressed because it is too large Load Diff

142
testvectors/XTStest.c
View File

@@ -1,142 +0,0 @@
/*
==============================================================================
Name : XTStest.c
Author : polfosol
Version : 2.3.1.0
Copyright : copyright © 2022 - polfosol
Description : illustrating how to validate NIST's vectors for AES-XTS mode
==============================================================================
*/
#include <stdio.h>
#include "../micro_aes.h"
#define TESTFILEPATH "XTSGenAES128.rsp"
static void str2bytes(const char* str, uint8_t* bytes)
#define char2num(c) (c > '9' ? (c & 7) + 9 : c & 0xF)
{
size_t i, j;
for (i = 0, j = ~0; str[i]; ++i)
{
if (str[i] < '0' || str[i] > 'f') continue;
if (j++ & 1) bytes[j / 2] = char2num(str[i]) << 4;
else bytes[j / 2] |= char2num(str[i]);
}
}
static void bytes2str(const uint8_t* bytes, char* str, size_t len)
#define num2char(x) ((x) > 9 ? 'a' - 10 + (x) : '0' + (x))
{
size_t i, j;
for (i = 0, j = 0; i < len; ++i)
{
str[j++] = num2char(bytes[i] >> 4);
str[j++] = num2char(bytes[i] & 15);
}
str[j] = 0;
}
static int ciphertest(uint8_t* key, uint8_t* iv, uint8_t* p, uint8_t* c, size_t n, char* r)
{
char sk[4*AES_KEY_SIZE + 1], si[33], sp[0x80], sc[0x80], msg[30];
uint8_t tmp[0x80], t = 0;
sprintf(msg, "%s", "passed the test");
AES_XTS_encrypt(key, iv, p, n, tmp);
if (memcmp(c, tmp, n))
{
sprintf(msg, "%s", "encrypt failure");
t = 1;
}
memset(tmp, 0xcc , sizeof tmp);
AES_XTS_decrypt(key, iv, c, n, tmp);
if (memcmp(p, tmp, n))
{
sprintf(msg, "%sdecrypt failure", t ? "encrypt & " : "");
t |= 2;
}
bytes2str(key, sk, 2*AES_KEY_SIZE);
bytes2str(iv, si, 16);
bytes2str(p, sp, n);
bytes2str(c, sc, n);
sprintf(r, "%s\nK: %s\ni: %s\nP: %s\nC: %s", msg, sk, si, sp, sc);
return t;
}
int main()
{
const char *linehdr[] = { "Key = ", "i = ", "PT = ", "CT = ", "DataUnitLen = " };
char buffer[0x800], *value = "";
size_t i, n = 0, pass = 0, df = 0, ef = 0, s = 0, sk = 0;
uint8_t key[2*AES_KEY_SIZE], iv[16], p[0x80], c[0x80], ul[2];
FILE *fp, *fs, *ferr;
fp = fopen(TESTFILEPATH, "r");
fs = fopen("passed.log", "w");
ferr = fopen("failed.log", "w");
if (fp == NULL)
{
printf("File not found: %s\n", TESTFILEPATH);
return 1;
}
if (!fs || !ferr) return 1;
while (fgets(buffer, sizeof buffer, fp) != NULL)
{
buffer[strcspn(buffer, "\n")] = 0;
if (strlen(buffer) < 4) continue;
for (i = 0; i < 5; i++)
{
if (strncmp(buffer, linehdr[i], strlen(linehdr[i])) == 0)
{
value = strrchr(buffer, ' ') + 1;
break;
}
}
switch (i)
{
case 0:
sk = strlen(value) / 2;
if (sk == 2 * AES_KEY_SIZE) str2bytes(value, key);
break;
case 1:
str2bytes(value, iv);
break;
case 2:
str2bytes(value, p);
++n;
break;
case 3:
str2bytes(value, c);
++n;
break;
case 4:
str2bytes(value, ul);
break;
}
if (n == 2)
{
s = (ul[0] >> 4) *100 + (ul[0] & 15) *10 + (ul[1] >> 4);
if (sk == 2 * AES_KEY_SIZE && s % 8 == 0)
{
n = ciphertest(key, iv, p, c, s / 8, buffer);
fprintf(n ? ferr : fs, "%s\n", buffer); /* save the log */
if (n == 0) ++pass;
if (n & 1) ++ef;
if (n & 2) ++df;
}
n = 0;
}
}
printf ("test cases: %d\nsuccessful: %d\nfailed encrypt: %d, failed decrypt: %d\n",
pass + (ef > df ? ef : df), pass, ef, df);
fclose(fp); fclose(fs); fclose(ferr);
if (ef + df == 0)
{
remove("passed.log"); remove("failed.log");
}
return 0;
}

46
testvectors/XTStest.cbp
View File

@@ -1,46 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<CodeBlocks_project_file>
<FileVersion major="1" minor="6" />
<Project>
<Option title="XTStest" />
<Option pch_mode="2" />
<Option compiler="gcc" />
<Build>
<Target title="Debug">
<Option output="bin/Debug/testvecs" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/Debug/" />
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-pedantic" />
<Add option="-ansi" />
<Add option="-g" />
</Compiler>
</Target>
<Target title="Release">
<Option output="bin/Release/testvecs" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/Release/" />
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-O2" />
<Add option="-pedantic" />
<Add option="-ansi" />
</Compiler>
<Linker>
<Add option="-s" />
</Linker>
</Target>
</Build>
<Unit filename="../micro_aes.c">
<Option compilerVar="CC" />
</Unit>
<Unit filename="../micro_aes.h" />
<Unit filename="XTStest.c">
<Option compilerVar="CC" />
</Unit>
<Extensions>
<lib_finder disable_auto="1" />
</Extensions>
</Project>
</CodeBlocks_project_file>

23
testvectors/CCMTest.cbp → testvectors/aes_tests.cbp
View File

@@ -2,7 +2,7 @@
<CodeBlocks_project_file>
<FileVersion major="1" minor="6" />
<Project>
<Option title="CCMTest" />
<Option title="testvectors" />
<Option pch_mode="2" />
<Option compiler="gcc" />
<Build>
@@ -12,9 +12,9 @@
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-std=c90" />
<Add option="-pedantic" />
<Add option="-g" />
<Add option="-ansi" />
</Compiler>
</Target>
<Target title="Release">
@@ -23,22 +23,31 @@
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-O2" />
<Add option="-std=c90" />
<Add option="-pedantic" />
<Add option="-ansi" />
<Add option="-O3" />
</Compiler>
<Linker>
<Add option="-s" />
</Linker>
</Target>
</Build>
<Unit filename="aes_testvectors.c">
<Option compilerVar="CC" />
</Unit>
<Unit filename="../micro_aes.c">
<Option compilerVar="CC" />
</Unit>
<Unit filename="../micro_aes.h" />
<Unit filename="CCMtest.c">
<Option compilerVar="CC" />
</Unit>
<Unit filename="aes_testvectors.h" />
<Unit filename="aes_testvectors_CCM.h" />
<Unit filename="aes_testvectors_CMAC.h" />
<Unit filename="aes_testvectors_FPE.h" />
<Unit filename="aes_testvectors_GCM.h" />
<Unit filename="aes_testvectors_GCMSIV.h" />
<Unit filename="aes_testvectors_OCB.h" />
<Unit filename="aes_testvectors_POLY1305.h" />
<Unit filename="aes_testvectors_XTS.h" />
<Extensions>
<lib_finder disable_auto="1" />
</Extensions>

54
testvectors/aes_testvectors.c Normal file
View File

@@ -0,0 +1,54 @@
/*
==============================================================================
Name : aes_testvectors.c
Author : polfosol
Version : 1.1.0.0
Copyright : copyright © 2024 - polfosol
Description : check the test-vectors for enabled modes of µAES ™
==============================================================================
*/
#include "aes_testvectors_GCM.h"
#include "aes_testvectors_CCM.h"
#include "aes_testvectors_XTS.h"
#include "aes_testvectors_FPE.h"
#include "aes_testvectors_OCB.h"
#include "aes_testvectors_GCMSIV.h"
#include "aes_testvectors_CMAC.h"
#include "aes_testvectors_POLY1305.h"
int main(void)
{
#ifdef CMAC_TEST_FILE
check_testvectors("CMAC", CMAC_TEST_FILE, &aes_cmac_test);
#endif
#ifdef POLY_TEST_FILE
check_testvectors("POLY1305", POLY_TEST_FILE, &aes_poly1305_test);
#endif
#ifdef GCM_TEST_FILE
check_testvectors("GCM", GCM_TEST_FILE, &aes_gcm_test);
#endif
#ifdef CCM_TEST_FILE
check_testvectors("CCM", CCM_TEST_FILE, &aes_ccm_test);
#endif
#ifdef OCB_TEST_FILE
check_testvectors("OCB", OCB_TEST_FILE, &aes_ocb_test);
#endif
#ifdef GCMSIV_TEST_FILE
check_testvectors("GCM-SIV", GCMSIV_TEST_FILE, &aes_gcmsiv_test);
#endif
#ifdef XTS_TEST_FILE
check_testvectors("XTS", XTS_TEST_FILE, &aes_xts_test);
#endif
#ifdef FPE_TEST_FILE
check_testvectors("FPE", FPE_TEST_FILE, &aes_fpe_test);
#endif
return 0;
}

191
testvectors/aes_testvectors.h Normal file
View File

@@ -0,0 +1,191 @@
/*
==============================================================================
Name : aes_testvectors.h
Author : polfosol
Version : 1.1.0.0
Copyright : copyright © 2024 - polfosol
Description : methods and definitions for the test-functions of AES modes
==============================================================================
*/
#ifndef _TEST_AES_MODES_H_
#define _TEST_AES_MODES_H_
#include <stdio.h>
#include "../micro_aes.h"
#ifdef _CRT_SECURE_NO_WARNINGS
#define _LOOKUP_ "testvectors/"
#else
#define _LOOKUP_
#endif
#if CMAC
#if AES___ == 256
#define CMAC_TEST_FILE _LOOKUP_ "CMACGenAES256.rsp"
#elif AES___ == 192
#define CMAC_TEST_FILE _LOOKUP_ "CMACGenAES192.rsp"
#else
#define CMAC_TEST_FILE _LOOKUP_ "CMACGenAES128.rsp"
#endif
#define CMAC_HEADLINES { "Key = ", "Msg = ", "Mac = " }
#endif
#if CCM
#if AES___ == 256
#define CCM_TEST_FILE _LOOKUP_ "ccmVNT256.rsp"
#elif AES___ == 192
#define CCM_TEST_FILE _LOOKUP_ "ccmVNT192.rsp"
#else
#define CCM_TEST_FILE _LOOKUP_ "ccmVNT128.rsp"
#endif
#define CCM_HEADLINES { "Key = ", "Nonce = ", "Adata = ", "Payload = ", "CT = " }
#endif
#if GCM
#if AES___ == 256
#define GCM_TEST_FILE _LOOKUP_ "gcmEncryptExtIV256.rsp"
#elif AES___ == 192
#define GCM_TEST_FILE _LOOKUP_ "gcmEncryptExtIV192.rsp"
#else
#define GCM_TEST_FILE _LOOKUP_ "gcmEncryptExtIV128.rsp"
#endif
#define GCM_HEADLINES { "Key = ", "IV = ", "AAD = ", "PT = ", "CT = ", "Tag = " }
#endif
#if XTS
#if AES___ == 256
#define XTS_TEST_FILE _LOOKUP_ "XTSGenAES256.rsp"
#else
#define XTS_TEST_FILE _LOOKUP_ "XTSGenAES128.rsp"
#endif
#define XTS_HEADLINES { "Key = ", "i = ", "PT = ", "CT = ", "DataUnitLen = " }
#endif
#if FPE
#define FPE_TEST_FILE _LOOKUP_ "FPE_FF1&FF3&FF3-1.tv"
#define FPE_HEADLINES { "Method = ", "Alphabet = ", "Key = ", "Tweak = ", \
"PT = ", "CT = " }
#define FPE_ALPHABETS { "0123456789", "01", "abcdefghijklmnopqrstuvwxyz", \
"0123456789abcdefghijklmnopqrstuvwxyz", "******", \
"*******", "*****", "0123456789abcdefghijklmnop", \
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/" }
#endif
#if OCB
#define OCB_TEST_FILE _LOOKUP_ "OCB_AES128.tv"
#define OCB_HEADLINES { "Key = ", "IV = ", "AAD = ", "Plaintext = ", \
"Ciphertext = ", "Tag = ", "Result = " }
#endif
#if GCM_SIV
#define GCMSIV_TEST_FILE _LOOKUP_ "SIV_GCM_ACVP.tv"
#define GCMSIV_HEADLINES { "key = ", "iv = ", "aad = ", "pt = ", "ct = " }
#endif
#if POLY1305
#define POLY_TEST_FILE _LOOKUP_ "Poly1305AES128.tv"
#define POLY_HEADLINES { "Keys = ", "Nonce = ", "Msg = ", "PolyMac = " }
#endif
/** convert hex-string to byte array; e.g. "7142075A340d" results in qB\aZ4\r */
static void str2bytes(const char* hex, uint8_t* bytes)
{
unsigned shl = 0;
for (--bytes; *hex; ++hex)
{
if (*hex < '0' || 'f' < *hex) continue;
if ((shl ^= 4) != 0) *++bytes = 0;
*bytes |= (*hex % 16 + (*hex > '9') * 9) << shl;
}
}
/** convert byte array to hex-string; e.g. +\n50\tK results in "2b0a3530094b" */
static void bytes2str(const uint8_t* bytes, char* str, const size_t len)
{
const char offset = 0x27; /* offset must be 7 for UPPERCASE */
size_t i = len + len, shr = 0;
for (str[i] = 0; i--; shr ^= 4)
{
str[i] = bytes[i / 2] >> shr & 0xF | '0';
if (str[i] > '9') str[i] += offset;
}
}
/** function pointer as a template for all the test functions. its arguments are
* an array of pre-determined files and the number of test cases/failed ones. */
typedef void (*ftest_t)(FILE**, unsigned*);
static int check_testvectors(const char* mode, const char* path, ftest_t test)
{
int error = 0, i;
char p_log[20], e_log[20];
FILE* files[3]; /* test vectors file, errors log, success log */
unsigned count[3]; /* total tests, encrypt fails, decrypt fails. */
printf("\nVerifying vectors: AES%d-%s\n", AES_KEY_SIZE * 8, mode);
strcpy(p_log, mode);
strcpy(e_log, mode);
files[0] = fopen(path, "r");
files[1] = fopen(strcat(p_log, "passed.log"), "w");
files[2] = fopen(strcat(e_log, "failed.log"), "w");
if (!files[0])
{
printf("Error: file not found: %s\n", path);
error |= 1;
}
if (!files[1] || !files[2])
{
printf("Error: cannot save log files...\n");
error |= 1;
}
if (error)
{
for (i = 0; i < 3; ++i)
{
if (files[i])
{
fclose(files[i]);
if (i) remove(i == 1 ? p_log : e_log);
}
}
printf("Test has failed.\n");
return error;
}
memset(count, 0, sizeof count);
test(files, count);
for (i = 0; i < 3; i++)
{
fclose(files[i]);
}
error = count[1] + (~count[2] ? count[2] : 0);
if (error)
{
printf("Nmber of tests: %d, there were some errors:\n", count[0]);
if (count[2] == ~0U) /* MAC test, no encryption/decryption */
{
printf("Failed cases: %d, see the log files.\n", count[1]);
}
else
{
printf("Encryption failures: %d, decryption failures: %d\n"
"See the log files for more info.\n", count[1], count[2]);
}
return error;
}
else
{
if (count[0] == 0) printf("There was no test cases.\n");
else
{
printf("Nmber of tests: %4d, All Passed!\n", count[0]);
}
remove(p_log);
remove(e_log);
}
return 0;
}
#endif /* header guard */

102
testvectors/aes_testvectors_CCM.h Normal file
View File

@@ -0,0 +1,102 @@
/*
==============================================================================
Name : aes_testvectors_CCM.h
Author : polfosol
Version : 1.1.0.0
Copyright : copyright © 2024 - polfosol
Description : checking the test vectors for AES-CCM
==============================================================================
*/
#ifndef _TESTING_CCM_H_
#define _TESTING_CCM_H_
#include "aes_testvectors.h"
#ifdef CCM_TEST_FILE
static int verifyccm(uint8_t* key, uint8_t* i, uint8_t* p, uint8_t* a, uint8_t* c,
size_t np, size_t na, char* r)
{
char sk[2 * AES_KEY_SIZE + 1], si[33], sp[80], sc[96], sa[80], msg[30];
uint8_t tmp[64], v = 0;
strcpy(msg, "passed the test");
AES_CCM_encrypt(key, i, p, np, a, na, tmp, tmp + np);
if (memcmp(c, tmp, np + CCM_TAG_LEN))
{
strcpy(msg, "encrypt failure");
v = 1;
}
memset(tmp, 0xcc, sizeof tmp);
*sk = AES_CCM_decrypt(key, i, c, np, a, na, CCM_TAG_LEN, tmp);
if (*sk || memcmp(p, tmp, np))
{
sprintf(msg, "%sdecrypt failure", v ? "encrypt & " : "");
v |= 2;
}
bytes2str(key, sk, AES_KEY_SIZE);
bytes2str(i, si, CCM_NONCE_LEN);
bytes2str(p, sp, np);
bytes2str(a, sa, na);
bytes2str(c, sc, np + CCM_TAG_LEN);
sprintf(r, "%s\nK: %s\ni: %s\nP: %s\nA: %s\nC: %s", msg, sk, si, sp, sa, sc);
return v;
}
static void aes_ccm_test(FILE** files, unsigned* count)
{
const char *linehdr[] = CCM_HEADLINES;
char buffer[0x800], *value = NULL;
size_t s[5] = { 0 };
uint8_t j, n = 0, key[AES_KEY_SIZE], iv[16], p[64], c[80], a[64];
while (fgets(buffer, sizeof buffer, *files) != NULL)
{
buffer[strcspn(buffer, "\n")] = 0;
if (strlen(buffer) < 4) continue;
for (j = 0; j < 5; j++)
{
if (strncmp(buffer, linehdr[j], strlen(linehdr[j])) == 0)
{
value = strrchr(buffer, ' ') + 1;
s[j] = strlen(value) / 2;
n += j > 2;
break;
}
}
switch (j)
{
case 0:
if (s[0] == AES_KEY_SIZE) str2bytes(value, key);
break;
case 1:
if (s[1] == CCM_NONCE_LEN) str2bytes(value, iv);
break;
case 2:
str2bytes(value, a);
break;
case 3:
str2bytes(value, p);
break;
case 4:
s[4] -= CCM_TAG_LEN;
str2bytes(value, c);
break;
}
if (n == 2)
{
if (s[0] == AES_KEY_SIZE && s[1] == CCM_NONCE_LEN && s[3] == s[4])
{
n = verifyccm(key, iv, p, a, c, s[3], s[2], buffer);
fprintf(files[2 - !n], "%s\n", buffer); /* save the log */
++count[0];
if (n & 1) ++count[1];
if (n & 2) ++count[2];
}
n = 0;
}
}
}
#endif
#endif /* header guard */

84
testvectors/aes_testvectors_CMAC.h Normal file
View File

@@ -0,0 +1,84 @@
/*
==============================================================================
Name : aes_testvectors_CMAC.h
Author : polfosol
Version : 1.1.0.0
Copyright : copyright © 2024 - polfosol
Description : checking the test vectors for AES-CMAC
==============================================================================
*/
#ifndef _TESTING_CMAC_H_
#define _TESTING_CMAC_H_
#include "aes_testvectors.h"
#ifdef CMAC_TEST_FILE
static int verifycmac(uint8_t* key, uint8_t* d, uint8_t* m,
size_t nd, size_t nm, char* r)
{
char sk[2 * AES_KEY_SIZE + 1], smac[33], msg[30];
uint8_t tmp[16], v = 0;
strcpy(msg, "passed the test");
AES_CMAC(key, d, nd, tmp);
if ((v = memcmp(m, tmp, nm)) != 0) strcpy(msg, "failed");
bytes2str(key, sk, AES_KEY_SIZE);
bytes2str(m, smac, nm);
sprintf(r, "%s\nK: %s\nmac: %s\n", msg, sk, smac);
return v;
}
static void aes_cmac_test(FILE** files, unsigned* count)
{
const char *linehdr[] = CMAC_HEADLINES;
char buffer[0x20100], *value = NULL;
size_t s[3] = { 0 };
uint8_t j, n = 0, key[AES_KEY_SIZE], d[0x10100], m[16];
count[2] = ~0U;
while (fgets(buffer, sizeof buffer, *files) != NULL)
{
buffer[strcspn(buffer, "\n")] = 0;
if (strlen(buffer) < 4) continue;
for (j = 0; j < 3; j++)
{
if (strncmp(buffer, linehdr[j], strlen(linehdr[j])) == 0)
{
value = strrchr(buffer, ' ') + 1;
s[j] = strlen(value) / 2;
n += j > 0;
break;
}
}
switch (j)
{
case 0:
if (s[0] == AES_KEY_SIZE) str2bytes(value, key);
break;
case 1:
str2bytes(value, d);
s[1] -= (s[1] == 1 && d[0] == 0); /* null message */
break;
case 2:
str2bytes(value, m);
break;
}
if (n == 2)
{
if (s[0] == AES_KEY_SIZE)
{
n = verifycmac(key, d, m, s[1], s[2], buffer);
fprintf(files[2 - !n], "%s\n", buffer); /* save the log */
++count[0];
if (n) ++count[1];
}
n = 0;
}
}
}
#endif
#endif /* header guard */

120
testvectors/aes_testvectors_FPE.h Normal file
View File

@@ -0,0 +1,120 @@
/*
==============================================================================
Name : aes_testvectors_FPE.h
Author : polfosol
Version : 1.1.0.0
Copyright : copyright © 2024 - polfosol
Description : checking the test vectors for AES-FPE
==============================================================================
*/
#ifndef _TESTING_FPE_H_
#define _TESTING_FPE_H_
#include "aes_testvectors.h"
#ifdef FPE_TEST_FILE
static int verifyfpe(uint8_t* key, uint8_t* twk, char* a, char* p, char* c,
size_t np, size_t nt, char* r)
{
char sk[2 * AES_KEY_SIZE + 1], st[65], msg[30], tmp[0x800], v = 0;
strcpy(msg, "passed the test");
#if FF_X == 3
AES_FPE_encrypt(key, twk, p, np, tmp);
#else
AES_FPE_encrypt(key, twk, nt, p, np, tmp);
#endif
if (memcmp(c, tmp, np))
{
strcpy(msg, "encrypt failure");
v = 1;
}
memset(tmp, 0xcc, sizeof tmp);
#if FF_X == 3
*sk = AES_FPE_decrypt(key, twk, c, np, tmp);
#else
*sk = AES_FPE_decrypt(key, twk, nt, c, np, tmp);
#endif
if (*sk || memcmp(p, tmp, np))
{
sprintf(msg, "%sdecrypt failure", v ? "encrypt & " : "");
v |= 2;
}
bytes2str(key, sk, AES_KEY_SIZE);
bytes2str(twk, st, nt);
sprintf(r, "%s\nA: %s\nK: %s\nT: %s\nP: %s\nC: %s", msg, a, sk, st, p, c);
return v;
}
static void aes_fpe_test(FILE** files, unsigned* count)
{
const char *linehdr[] = FPE_HEADLINES, *alphabets[] = FPE_ALPHABETS;
char buffer[0x1000], alpha[90], p[0x800], c[0x800], m[6], a = 0, *value = NULL;
size_t s[3] = { 0 };
uint8_t j, key[2 * AES_KEY_SIZE], twk[32], n = 0;
while (fgets(buffer, sizeof buffer, *files) != NULL)
{
buffer[strcspn(buffer, "\n")] = 0;
if (strlen(buffer) < 4) continue;
for (j = 0; j < 6; j++)
{
if (strncmp(buffer, linehdr[j], strlen(linehdr[j])) == 0)
{
value = strrchr(buffer, ' ') + 1;
n += j > 2;
break;
}
}
switch (j)
{
case 0:
strcpy(m, value);
break;
case 1:
for (j = 0; j < 9; j++)
{
if ((a = strlen(alphabets[j])) != strlen(value)) continue;
if (strncmp(value, alphabets[j], a) == 0) break;
}
strcpy(alpha, value), a = j;
break;
case 2:
s[0] = strlen(value) / 2;
str2bytes(value, key);
break;
case 3:
s[1] = strlen(value) / 2;
str2bytes(value, twk);
break;
case 4:
s[2] = strlen(value);
strcpy(p, value);
break;
case 5:
strcpy(c, value);
break;
}
if (n == 3)
{
n = (FF_X == 3) ^ (m[2] != '3');
#if FF3_TWEAK_LEN == 8
n &= s[1] == 8; /* old FF3 with 8-byte tweak */
#else
n &= FF_X != 3 || s[1] != 8 || !twk[7]; /* FF3-1 */
#endif
if (n && a == CUSTOM_ALPHABET && s[0] == AES_KEY_SIZE)
{
n = verifyfpe(key, twk, alpha, p, c, s[2], s[1], buffer);
fprintf(files[2 - !n], "%s\n\n", buffer); /* save the log */
++count[0];
if (n & 1) ++count[1];
if (n & 2) ++count[2];
}
n = 0;
}
}
}
#endif
#endif /* header guard */

109
testvectors/aes_testvectors_GCM.h Normal file
View File

@@ -0,0 +1,109 @@
/*
==============================================================================
Name : aes_testvectors_GCM.h
Author : polfosol
Version : 1.1.0.0
Copyright : copyright © 2024 - polfosol
Description : checking the test vectors for AES-GCM
==============================================================================
*/
#ifndef _TESTING_GCM_H_
#define _TESTING_GCM_H_
#include "aes_testvectors.h"
#ifdef GCM_TEST_FILE
static int verifygcm(uint8_t* key, uint8_t* i, uint8_t* p, uint8_t* a, uint8_t* c,
size_t np, size_t na, uint8_t nt, char* r)
{
char sk[65], si[2 * GCM_NONCE_LEN + 1], sp[0x100], sc[0x100], sa[0x100], msg[30];
uint8_t tmp[0x80], v = 0;
strcpy(msg, "passed the test");
AES_GCM_encrypt(key, i, p, np, a, na, tmp, tmp + np);
if (memcmp(c, tmp, np + nt))
{
strcpy(msg, "encrypt failure");
v = 1;
}
memset(tmp, 0xcc, sizeof tmp);
*sk = AES_GCM_decrypt(key, i, c, np, a, na, nt, tmp);
if (*sk || memcmp(p, tmp, np))
{
sprintf(msg, "%sdecrypt failure", v ? "encrypt & " : "");
v |= 2;
}
bytes2str(key, sk, AES_KEY_SIZE);
bytes2str(i, si, GCM_NONCE_LEN);
bytes2str(p, sp, np);
bytes2str(a, sa, na);
bytes2str(c, sc, np + nt);
sprintf(r, "%s\nK: %s\ni: %s\nP: %s\nA: %s\nC: %s", msg, sk, si, sp, sa, sc);
return v;
}
static void aes_gcm_test(FILE** files, unsigned* count)
{
const char *linehdr[] = GCM_HEADLINES;
char buffer[0x800], *value = NULL, *line = NULL;
size_t s[6] = { 0 };
uint8_t key[AES_KEY_SIZE], tmp[AES_KEY_SIZE], iv[GCM_NONCE_LEN];
uint8_t j, p[96], c[112], a[96], t[16], r = 1;
do
{
if ((line = fgets(buffer, sizeof buffer, *files)) != NULL)
{
buffer[strcspn(buffer, "\n")] = 0;
if (strlen(buffer) < 4) continue;
}
for (j = 0; j < 6; j++)
{
if (strncmp(buffer, linehdr[j], strlen(linehdr[j])) == 0)
{
value = strrchr(buffer, ' ') + 1;
s[j] = strlen(value) / 2;
break;
}
}
switch (j)
{
case 0:
if (s[0] == AES_KEY_SIZE) str2bytes(value, tmp);
break;
case 1:
if (s[1] == GCM_NONCE_LEN) str2bytes(value, iv);
break;
case 2:
str2bytes(value, a);
break;
case 3:
str2bytes(value, p);
break;
case 4:
str2bytes(value, c);
break;
case 5:
str2bytes(value, t);
break;
}
if (j == 0 || line == NULL)
{
if (!r && s[1] == GCM_NONCE_LEN && s[0] == AES_KEY_SIZE)
{
memcpy(c + s[3], t, s[5]); /* put the tag at the end */
r = verifygcm(key, iv, p, a, c, s[3], s[2], s[5], buffer);
fprintf(files[2 - !r], "%s\n", buffer); /* save the log */
++count[0];
if (r & 1) ++count[1];
if (r & 2) ++count[2];
}
memcpy(key, tmp, sizeof key);
r = 0;
}
} while (line != NULL);
}
#endif
#endif /* header guard */

101
testvectors/aes_testvectors_GCMSIV.h Normal file
View File

@@ -0,0 +1,101 @@
/*
==============================================================================
Name : aes_testvectors_GCMSIV.h
Author : polfosol
Version : 1.1.0.0
Copyright : copyright © 2024 - polfosol
Description : checking the test vectors for AES-GCM-SIV
==============================================================================
*/
#ifndef _TESTING_GCMSIV_H_
#define _TESTING_GCMSIV_H_
#include "aes_testvectors.h"
#ifdef GCMSIV_TEST_FILE
static int verifygcmsiv(uint8_t* key, uint8_t* i, uint8_t* p, uint8_t* a, uint8_t* c,
size_t np, size_t na, char* r)
{
char sk[2 * AES_KEY_SIZE + 1], si[25], sp[0x100], sc[0x100], sa[0x100], msg[30];
uint8_t tmp[0x90], v = 0;
strcpy(msg, "passed the test");
GCM_SIV_encrypt(key, i, p, np, a, na, tmp, tmp + np);
if (memcmp(c, tmp, np + 16))
{
strcpy(msg, "encrypt failure");
v = 1;
}
memset(tmp, 0xcc, sizeof tmp);
*sk = GCM_SIV_decrypt(key, i, c, np, a, na, 16, tmp);
if (*sk || memcmp(p, tmp, np))
{
sprintf(msg, "%sdecrypt failure", v ? "encrypt & " : "");
v |= 2;
}
bytes2str(key, sk, AES_KEY_SIZE);
bytes2str(i, si, 12);
bytes2str(p, sp, np);
bytes2str(a, sa, na);
bytes2str(c, sc, np + 16);
sprintf(r, "%s\nK: %s\ni: %s\nP: %s\nA: %s\nC: %s", msg, sk, si, sp, sa, sc);
return v;
}
static void aes_gcmsiv_test(FILE** files, unsigned* count)
{
const char *linehdr[] = GCMSIV_HEADLINES;
char buffer[0x400], *value = NULL;
size_t s[5] = { 0 };
uint8_t key[AES_KEY_SIZE], iv[12], p[80], c[96], a[80], j, n = 0;
while (fgets(buffer, sizeof buffer, *files) != NULL)
{
buffer[strcspn(buffer, "\n")] = 0;
if (strlen(buffer) < 4) continue;
for (j = 0; j < 5; j++)
{
if (strncmp(buffer, linehdr[j], strlen(linehdr[j])) == 0)
{
value = strrchr(buffer, ' ') + 1;
s[j] = strlen(value) / 2;
n += j > 2;
break;
}
}
switch (j)
{
case 0:
if (s[0] == AES_KEY_SIZE) str2bytes(value, key);
break;
case 1:
if (s[1] == 12) str2bytes(value, iv);
break;
case 2:
str2bytes(value, a);
break;
case 3:
str2bytes(value, p);
break;
case 4:
str2bytes(value, c);
break;
}
if (n == 2)
{
if (s[0] == AES_KEY_SIZE)
{
n = verifygcmsiv(key, iv, p, a, c, s[3], s[2], buffer);
fprintf(files[2 - !n], "%s\n", buffer); /* save the log */
++count[0];
if (n & 1) ++count[1];
if (n & 2) ++count[2];
}
n = 0;
}
}
}
#endif
#endif /* header guard */

111
testvectors/aes_testvectors_OCB.h Normal file
View File

@@ -0,0 +1,111 @@
/*
==============================================================================
Name : aes_testvectors_OCB.h
Author : polfosol
Version : 1.1.0.0
Copyright : copyright © 2024 - polfosol
Description : checking the test vectors for AES-OCB
==============================================================================
*/
#ifndef _TESTING_OCB_H_
#define _TESTING_OCB_H_
#include "aes_testvectors.h"
#ifdef OCB_TEST_FILE
static int verifyocb(uint8_t* key, uint8_t* i, uint8_t* p, uint8_t* a, uint8_t* c,
size_t np, size_t na, uint8_t err, char* r)
{
char sk[2 * AES_KEY_SIZE + 1], si[31], sp[0x100], sc[0x100], sa[0x100], msg[30];
uint8_t tmp[0x90], v = 0;
strcpy(msg, "passed the test");
AES_OCB_encrypt(key, i, p, np, a, na, tmp, tmp + np);
if (memcmp(c, tmp, np + OCB_TAG_LEN) && !err)
{
strcpy(msg, "encrypt failure");
v = 1;
}
memset(tmp, 0xcc, sizeof tmp);
*sk = AES_OCB_decrypt(key, i, c, np, a, na, OCB_TAG_LEN, tmp) && !err;
if (*sk || memcmp(p, tmp, np))
{
sprintf(msg, "%sdecrypt failure", v ? "encrypt & " : "");
v |= 2;
}
bytes2str(key, sk, AES_KEY_SIZE);
bytes2str(i, si, OCB_NONCE_LEN);
bytes2str(p, sp, np);
bytes2str(a, sa, na);
bytes2str(c, sc, np + OCB_TAG_LEN);
sprintf(r, "%s\nK: %s\ni: %s\nP: %s\nA: %s\nC: %s", msg, sk, si, sp, sa, sc);
return v;
}
static void aes_ocb_test(FILE** files, unsigned* count)
{
const char *linehdr[] = OCB_HEADLINES;
char buffer[0x800], *value = NULL;
size_t s[7] = { 0 };
uint8_t key[AES_KEY_SIZE], tmp[AES_KEY_SIZE], iv[OCB_NONCE_LEN];
uint8_t j, p[0x80], c[0x90], a[0x80], t[16], r = 1;
while (fgets(buffer, sizeof buffer, *files) != NULL)
{
buffer[strcspn(buffer, "\n")] = 0;
if (strlen(buffer) < 4) continue;
for (j = 0; j < 7; j++)
{
if (strncmp(buffer, linehdr[j], strlen(linehdr[j])) == 0)
{
value = strrchr(buffer, ' ') + 1;
s[j] = strlen(value) / 2;
break;
}
}
switch (j)
{
case 0:
if (s[0] == AES_KEY_SIZE) str2bytes(value, tmp);
break;
case 1:
if (s[1] == OCB_NONCE_LEN) str2bytes(value, iv);
break;
case 2:
str2bytes(value, a);
break;
case 3:
str2bytes(value, p);
break;
case 4:
str2bytes(value, c);
break;
case 5:
s[5] -= OCB_TAG_LEN;
str2bytes(value, t);
break;
case 6:
j = strstr(value, "ERROR") - value;
j = 7 + (j > 0 && j < 0x100);
break;
}
if (j == 0 || j > 7)
{
if (s[0] == AES_KEY_SIZE && s[1] == OCB_NONCE_LEN && !s[5] && !r)
{
memcpy(c + s[3], t, OCB_TAG_LEN); /* put tag at the end */
r = verifyocb(key, iv, p, a, c, s[3], s[2], j, buffer);
fprintf(files[2 - !r], "%s\n", buffer); /* save the log */
++count[0];
if (r & 1) ++count[1];
if (r & 2) ++count[2];
}
memcpy(key, tmp, sizeof key);
r = 0;
}
}
}
#endif
#endif /* header guard */

86
testvectors/aes_testvectors_POLY1305.h Normal file
View File

@@ -0,0 +1,86 @@
/*
==============================================================================
Name : aes_testvectors_POLY1305.h
Author : polfosol
Version : 1.1.0.0
Copyright : copyright © 2024 - polfosol
Description : checking the test vectors for AES-POLY1305
==============================================================================
*/
#ifndef _TESTING_POLY1305_H_
#define _TESTING_POLY1305_H_
#include "aes_testvectors.h"
#ifdef POLY_TEST_FILE
static int verifypoly(uint8_t* key, uint8_t* non, uint8_t* d, uint8_t* m,
size_t nd, char* r)
{
char sk[2 * AES_KEY_SIZE + 33], smac[33], msg[30];
uint8_t tmp[16], v = 0;
strcpy(msg, "passed the test");
AES_Poly1305(key, non, d, nd, tmp);
if ((v = memcmp(m, tmp, 16)) != 0) strcpy(msg, "failed");
bytes2str(key, sk, AES_KEY_SIZE + 16);
bytes2str(m, smac, 16);
sprintf(r, "%s\nK: %s\npoly: %s\n", msg, sk, smac);
return v;
}
static void aes_poly1305_test(FILE** files, unsigned* count)
{
const char *linehdr[] = POLY_HEADLINES;
char buffer[0x20100], *value = NULL;
size_t s[4] = { 0 };
uint8_t j, n = 0, key[AES_KEY_SIZE + 16], nc[16], d[0x10100], m[16];
count[2] = ~0U;
while (fgets(buffer, sizeof buffer, *files) != NULL)
{
buffer[strcspn(buffer, "\n")] = 0;
if (strlen(buffer) < 4) continue;
for (j = 0; j < 4; j++)
{
if (strncmp(buffer, linehdr[j], strlen(linehdr[j])) == 0)
{
value = strrchr(buffer, ' ') + 1;
s[j] = strlen(value) / 2;
n += j > 1;
break;
}
}
switch (j)
{
case 0:
if (s[0] == AES_KEY_SIZE + 16) str2bytes(value, key);
break;
case 1:
str2bytes(value, nc);
break;
case 2:
str2bytes(value, d);
break;
case 3:
str2bytes(value, m);
break;
}
if (n == 2)
{
if (s[0] == AES_KEY_SIZE + 16)
{
n = verifypoly(key, nc, d, m, s[2], buffer);
fprintf(files[2 - !n], "%s\n", buffer); /* save the log */
++count[0];
if (n) ++count[1];
}
n = 0;
}
}
}
#endif
#endif /* header guard */

101
testvectors/aes_testvectors_XTS.h Normal file
View File

@@ -0,0 +1,101 @@
/*
==============================================================================
Name : aes_testvectors_XTS.h
Author : polfosol
Version : 1.1.0.0
Copyright : copyright © 2024 - polfosol
Description : checking the test vectors for AES-XTS
==============================================================================
*/
#ifndef _TESTING_XTS_H_
#define _TESTING_XTS_H_
#include "aes_testvectors.h"
#ifdef XTS_TEST_FILE
static int verifyxts(uint8_t* key, uint8_t* i, uint8_t* p, uint8_t* c,
size_t np, char* r)
{
char sk[4 * AES_KEY_SIZE + 1], si[33], sp[0x80], sc[0x80], msg[30];
uint8_t tmp[0x80], v = 0;
strcpy(msg, "passed the test");
AES_XTS_encrypt(key, i, p, np, tmp);
if (memcmp(c, tmp, np))
{
strcpy(msg, "encrypt failure");
v = 1;
}
memset(tmp, 0xcc, sizeof tmp);
AES_XTS_decrypt(key, i, c, np, tmp);
if (memcmp(p, tmp, np))
{
sprintf(msg, "%sdecrypt failure", v ? "encrypt & " : "");
v |= 2;
}
bytes2str(key, sk, 2 * AES_KEY_SIZE);
bytes2str(i, si, 16);
bytes2str(p, sp, np);
bytes2str(c, sc, np);
sprintf(r, "%s\nK: %s\ni: %s\nP: %s\nC: %s", msg, sk, si, sp, sc);
return v;
}
static void aes_xts_test(FILE** files, unsigned* count)
{
const char *linehdr[] = XTS_HEADLINES;
char buffer[0x800], *value = NULL;
size_t s = 0, sk = 0;
uint8_t j, n = 0, key[2 * AES_KEY_SIZE], iv[16], p[0x80], c[0x80], ul[2];
while (fgets(buffer, sizeof buffer, *files) != NULL)
{
buffer[strcspn(buffer, "\n")] = 0;
if (strlen(buffer) < 4) continue;
for (j = 0; j < 5; j++)
{
if (strncmp(buffer, linehdr[j], strlen(linehdr[j])) == 0)
{
value = strrchr(buffer, ' ') + 1;
n += (j == 2 || j == 3);
break;
}
}
switch (j)
{
case 0:
sk = strlen(value) / 4;
if (sk == AES_KEY_SIZE) str2bytes(value, key);
break;
case 1:
str2bytes(value, iv);
break;
case 2:
str2bytes(value, p);
break;
case 3:
str2bytes(value, c);
break;
case 4:
str2bytes(value, ul);
s = (ul[0] >> 4) *100 + (ul[0] & 15) *10 + (ul[1] >> 4);
break;
}
if (n == 2)
{
if (sk == AES_KEY_SIZE && s % 8 == 0)
{
n = verifyxts(key, iv, p, c, s / 8, buffer);
fprintf(files[2 - !n], "%s\n", buffer); /* save the log */
++count[0];
if (n & 1) ++count[1];
if (n & 2) ++count[2];
}
n = 0;
}
}
}
#endif
#endif /* header guard */

0
testvectors/CCM_VNT128.rsp → testvectors/ccmVNT128.rsp
View File

456
testvectors/ccmVNT192.rsp Normal file
View File

@@ -0,0 +1,456 @@
# CAVS 11.0
# "CCM-VNT" information
# AES Keylen: 192
# Generated on Tue Mar 15 08:09:25 2011
Alen = 32
Plen = 24
Tlen = 16
[Nlen = 7]
Key = ceb009aea4454451feadf0e6b36f45555dd04723baa448e8
Count = 0
Nonce = 764043c49460b7
Adata = 6e80dd7f1badf3a1c9ab25c75f10bde78c23fa0eb8f9aaa53adefbf4cbf78fe4
Payload = c8d275f919e17d7fe69c2a1f58939dfe4d403791b5df1310
CT = 8a0f3d8229e48e7487fd95a28ad392c80b3681d4fbc7bbfd2dd6ef1c45d4ccb723dc074414db506d
Count = 1
Nonce = 026a0b8b17be95
Adata = 44caa8ecfaf38e5e773cb0366e1b04aa0b9fac5c34a362310f471960c4a1e1c9
Payload = 0e52a384cedcdf7f179348de6e7336aa86f8855fbd903cfa
CT = 3417044bad5fddd9455579123dda4fd342c273a57ff6333dfedf191496d88cbe17c6271b65096e66
Count = 2
Nonce = ea09fbe5da0fa4
Adata = 1d9799f2bb0f7ab57fe3de27949ff64066131c81bfee172b308f9bb0b3171067
Payload = 469ff9698cfc96b581d7115c822e4363d7355ec5daed2eae
CT = 1dae7cc16f1b469290902cfad47b959784b4d6f48a79e690d47e30b635d10d1663477d61d7ffb55d
Count = 3
Nonce = 8d27bcbf9ebfd3
Adata = a7070b85b7add9193c9dcd2e6c03f6e7ecc52ffe9e099866baf7472f20c03aab
Payload = 225651d072dc9d93762dd79691ac2b6ddba00ec1252d69eb
CT = 5da819adefbf794612eb458519debcd524c283763eb3d7252eca8766bdf0db6bb2dcc793e1749c21
Count = 4
Nonce = 13f560187b6077
Adata = c4ab4244db75f8256e55c5b613a07b11c963c3cc24f66128aad4ba8b7ca99331
Payload = a38231af405dc7b70c8dbc8cb84e6be8a0dc2e95fddc2ce8
CT = 3aedcf8347aa23fd3325ce08b6b00462536baed69968a753feab6761c55431bb5668e1f5b7505e89
Count = 5
Nonce = 61e0e28bf344a9
Adata = 5f998952de70449ad46428f2ff8a01c5af43c0107a1bcc6930f19d4112598666
Payload = db21b37e875d7709a02239ce6ea529cf37255d5b617c153d
CT = b8f5fed39c723d7643d6dcf2efd3bbd1ba0da1ec901305fd64b2302ace4f66216ca8b4d776197692
Count = 6
Nonce = f6be4aad63d33a
Adata = 18339be863fb8a887d04ae9ff3b4a7db095075cd5d113a9ec87b41fe85ea405e
Payload = e53101e6eabcda32c13d7b1dd1d88e7c2ca3ddc2064f64c6
CT = b758858ab60e1630a0883d4d330119a593729a3015c42525effb985b9c2dd9ec954bd25d9c464c67
Count = 7
Nonce = 2c1c59aa0d8eff
Adata = d44af86b89fda8448a9b2fcae20ea156dd8738c8251699c02b785811c830bf72
Payload = 1fd7188a43dee7b059420e8634d71d2c0658f6d0d308dc73
CT = d046f845a67800a5a58f461e5a8641e8fc9b4c53b32e61d172adafffbacb297d67f6b5c02b982e04
Count = 8
Nonce = 48e4598edd191e
Adata = 61588bdc980ea2310e87dec4c651e9a55c27e3858b6505cbf3bf85e51931badc
Payload = c25868f390af5e59c035cb5830e018c62c5b96bd35b764f1
CT = 0ece161bd77b7f969b3b20c818769a98c178d84524544664500ff4cfe66ade1832babc019778acc3
Count = 9
Nonce = 6d576ce3c5fcb5
Adata = 92c598cb5ca2926c11f67c3b3cf25493d77606fa60d7290430e0e975091644a6
Payload = bcd97479db934357a163a9e5f5a85999ca987f8243d8017b
CT = bee185e11b3d42bac846b9d92c70a078aebfa630ab763840391031b3a22b2adeb9791ee35765c8cc
[Nlen = 8]
Key = 1dd56442fa09a42890b1b4274b950770ea8beea2e048193d
Count = 10
Nonce = ad749d596d88a4b4
Adata = c67219909828adef64422286008e1e306867a1c0b3da95444507a68b45c953e4
Payload = bd92d6744cde446fc8621625658fc4bc00dcb97f06195ad7
CT = 076cffd0ca978fe2bad411ced45a090abafb22a99896f6a75a1969276aa2b0cdb37ccaf2845dbf6e
Count = 11
Nonce = b1dc81d116d94f5e
Adata = aa4b71906b6642f10f66c2391ec157c7cde97eb322db10045af4c5248807f691
Payload = 9aa6dbe1cd3eb98d330c937d31ef93bee8938b6c5cfd38de
CT = 720f6876ac91665f20147483f0655fdbe21963a01e36f1daa67e36d7cc8d54cfec0762514475127b
Count = 12
Nonce = e758738df5c89af3
Adata = 5715fa238f432c926e62dd93708d0e3145428e0ed45e1efa8148d2c4ab6cba50
Payload = ce80b99039a16e69018d1e3c239dd1bf06e94a78b0b1df37
CT = acdf7ba3edca1563727ed85cabf085c2f0c8f27556c3c064ef50d85bc3ade6a773d956b2660ac367
Count = 13
Nonce = d586c4c67d535476
Adata = 1e8dc63c6c54a540b6b02067ba7c719221cf289fa3897299722c9a2bd6eed05b
Payload = 2f88305117f9a5d807d54b7e95ecfeb7327e52d9acac352f
CT = e42b86e619be1a38973c934babeb4688243a9012c85d643d81e024aaf0a62b353f9bed36681288d2
Count = 14
Nonce = 77e83758f68d272b
Adata = 25c80edef3d5bd8b049fa731215b80ca2ee9ee6fb051326e8c6d0b9e11e3d7ef
Payload = 92e47b82b728d639777d5d5843de2a5c364956cb4b21cabd
CT = 1b9177f5b76403cb8c690b39c3dd22b55da35cebccb9b64e05fe32f796f0b4a75a459fce6c7d740c
Count = 15
Nonce = 311dc245549206cd
Adata = 87767f13bb4904d0df0d64eb22c9ddb65e81b5739baad86ad5e2c239ffde9f6c
Payload = 8691c0301a216a5f3ed9123886d100309bd85630d6b845f5
CT = f39fe3620a03b37a4bf457909e0770447b498ad2a2f0f9d7b75f9e4239e43bbf93066897e60f6fbe
Count = 16
Nonce = 2a17b70f10e120c0
Adata = 981fc31e64fbad244ba1ef0303ba1e4beef5bacca74f60ffdb9142a25a1ad5a3
Payload = b9bec3e2adc83620772048d6cbfb6f78e4fad74d754ffbbb
CT = 92187955ee1ae702ef01a385537119b2bd4545402e8b2384a0c069a2439a2d8843302c6a9999e658
Count = 17
Nonce = e0b10e78e9fb41ee
Adata = 9d072b8a3f1a496b2be6728a38b94a4f44c9be40c8793b69afd81d01696a6b4a
Payload = cea28e7cd0eff0c5eafeec908d4aa8ba303e72ada33db087
CT = c605e48f2e66e8e0a92471e466981ae5e31db3e4ad80b09f5005b06d15f63f2f015cfe447828da09
Count = 18
Nonce = 02d72dde23f9772c
Adata = 2dc44c39940e2d9c94d2dbe40bbf5cca5efb4d4b250a31aa24f208b87e9c2453
Payload = 809343e986f6ff47f54d4cac22ed39babd12271d4c7edb58
CT = 0bb59581f22f6b15de76c0066645495a5c19e44381c349263ed92ebb789c314a89c83542b15ed694
Count = 19
Nonce = 28c4d6de3e2ce51b
Adata = 913a8eda924589d3206ce0a951fef93668c6c0c454824b217997bff6b3026d54
Payload = a19f65ffdafd6ad5ee43570f7e168f94a8b4a7b7402ac80b
CT = f0c91a29f1222b906550ef5c7c0944c5c4236cb6c31122cfada8e796f2ce7f9449f42de504873868
[Nlen = 9]
Key = 8cc622645065c72d0d2aca75802cf1bbbd81096721627c08
Count = 20
Nonce = cd84acbe9abb6a990a
Adata = 447b6f36acdad2d1cfd6e9a92f4055ad90142e61f4a19927caea9dbe634d3208
Payload = 597b3614ff9cd567afd1aad4e5f52cc3fa4ca32b9b213c55
CT = 2d7fb83e6621eed9073e0386d032c6941bef37b2cf36a4c6c5e36222d17c6fb0631c3f560a3ce4a4
Count = 21
Nonce = 1fc7a43ed124745d04
Adata = c892b095173076a40e24522297be27fd3a765c8d417f24c71a9f03b3fe3d8e20
Payload = 415cd8312dd20a1c26f4b90d98104cdfbe06739466fc0aa5
CT = 7bebd6f55f15ae57ab73f92f7be6ff37ddd99740e988f01a7a2a13c22df4a156e6d6063235452c85
Count = 22
Nonce = 19ff5e7c1f2c594abc
Adata = effcea4e4dbc57410426b39fcf51c9daecd9d310888590d77827973a29c4ebff
Payload = 97fd2c259a4e672e9555a9a5b98f4c0ec8c4c49c7ade26a4
CT = a460674c2f358762e97dfc958d90973e1e419dbc6a832e987579b2c4a6bcf0356f48cf8959cfa54a
Count = 23
Nonce = 64d9bd368ac2357cf2
Adata = 62c5a16f946b4312517f67c80afe2614c822e3a01b87dc81538c00bbf3fc0108
Payload = b6ada12f7a28211e9d2c07cbb3d39fa77aadc077b34c46f9
CT = 8fb5e0954388b9b58519482962487e9b0768f0cee08afe9a92be2b06a0ecd2d00877abded7d9634c
Count = 24
Nonce = b4aaf2cd93efc0ce93
Adata = 79d8841ab83279724ce35e1a8abd4e158168dcf388ab4c3d1ae70413e4e43d14
Payload = dd42449da4c95e858b796085b6b5b3b5eef484dbf3c2bc8b
CT = 893f86e29972928c1f3c3e25c73947c8d677814bca7fff2cf8d301ceace678f9bf91fc361dff5812
Count = 25
Nonce = 132f3e19e12f462a74
Adata = 176cc5a280f6171d00e247edacc81f05c1b9faa87fc831163ac9d76aae59a6c3
Payload = 8ea05a5033ab8b009664fa2800c24e217488ce6888cad147
CT = 4771d210ea678dbfab96e320e9c44b68f47cb05b01826ccf42ca4f4ccf986eb6a6b85b99db2fcd93
Count = 26
Nonce = de709ba64cb75704c0
Adata = 0cf8e9ab95766b6fa85e88d86e4f349a17c0d90509939e343eede988e7462255
Payload = 51dd9fda9549f25dd868245a6a54b8d59346d2f336adf9af
CT = fccc3e44afa6bd2fbcfc5c834db63dc9d152c04c0dc0b43d393162252ae91ca46fb8e8338cbeb75d
Count = 27
Nonce = b11b4c1b7a26387265
Adata = 14ed867cc909c0619f366918a7d5ae25279fb137e1dee7fd98ddbe3bd19d841d
Payload = e35ea4a16e274fcab457fd4dc7886c3d81fc668c19e0f374
CT = dcca8aa2eab8ac3f5db9cd9560ae0758d7df40d7d868d1f71f498ea6ec8251a6d149c7ca38b25fe4
Count = 28
Nonce = 20d03227a7fcaef1ce
Adata = c5c15245e641687d0ca9e913406acd2de3f21fbaf2dc5e4e8963222da61d02a6
Payload = 6775e5faffd0b13e78da70a789042245d5ef31eab5245380
CT = 4bb8ed2207f36f40f62d3a2c90f8e3bd8f589059b69037118ce3ab864545ea81943ef0ea9489d223
Count = 29
Nonce = 267f76b9ec0f5e7c6f
Adata = 2b421be47d07dcb12a0706f7490d05024fce8f433079e18ec78f4c8678f5f155
Payload = 9330bb23428ab45f573923e977db74882282cbe1371da68e
CT = c6ae24f82ac5cf9c18a2d98e610027eb2566a1ccfcf99945655e14c7bc8be97ea47388cb7b18bcf0
[Nlen = 10]
Key = ab72eef2aba30205c986e2052d6e2c67881d24ae5fceaa8f
Count = 30
Nonce = d7a46e726ed43f1580eb
Adata = baa86f14271b2be7dbb37ddc7c95ce4857e57aa94624d594d7bd6ceeaada8d5f
Payload = 2a794b84fc9e4a7e6d70a82b5141fd132177a86b4e8fc13a
CT = 2d7f76464417613bb61d3657481346b74fc9d6abc6a3babd39365dce86859cd82395d11bfc8cf188
Count = 31
Nonce = d0afcbc1b2524a4a4553
Adata = 7c267223047af946b06f6a45ffde4a5ec49c28b81ca22da4a36bf523e89e9da8
Payload = bfc5ce1316ccdbcd8ac62484e7656c87947ff98cbba8e1e9
CT = 4772c121367d0e8d3edade883342395f3ea065fe7dd7be8c8355b915ca2633fd557ca7ed41e00926
Count = 32
Nonce = 6eecffd227e8d5349523
Adata = df7736560b1a13aa8e536500ea6cdb9a6757309aadf25a6a9189055a309c3f8b
Payload = 19eef017100dc82f26ed0815c55c122e0b1587302894c391
CT = e2864c6e12ac089daaa1e94af4b2ed04060d7ef65d2f72f0e7d017514d498f1f3c07d650afde8293
Count = 33
Nonce = a67c0675753f725a8fd4
Adata = 7dd546397a9a0129861fb6815d419a307f90d259d55f3503961754126cd1b776
Payload = 80f1f1ea46c92d28f2d60eab39ce056a4aefe63fa688538e
CT = 882c687c03eaaad9d7f591649e736f0c1c78f95e40d40cd77499a8544bc2a8fe95f55fefc7316f8d
Count = 34
Nonce = eb83928f0d5f7aa3a74f
Adata = 060cd3e4aecdb03837dfa9f544318c0a16cdc37fa2a3135be7888ac67e7eb26b
Payload = 81e9174e9472777b6b184707108c01d6ea6b5d108ec3c6c8
CT = 243cfa0a0a36a4c20333968910e6f52acc04c6f74e704180623f3a13fc13db958cbac49f7421d6af
Count = 35
Nonce = 5757abe01f7a1183fdcf
Adata = 744629263041f0eccfce4a1ebcc18c4c984010f9241d35966263a8b2f72ee26b
Payload = 991049f26b529af8b0bee0cc83989cf817d248254182f332
CT = b20469b5f33f0996e8de869ad10ce09924a0bdd7b67a89a09c447a3132fbe5213133650000d50b06
Count = 36
Nonce = d9adfc5b44ad7aa94b05
Adata = aa6a5448c6ec87be75eca35725ad2e902dbccf840d25b2bdf7e62e4a8fa4a511
Payload = 14682301a99bf680805d1ffe62e1506d48cee8c51ef1d255
CT = 9b44efa185b0c10325bb4c3c0815e6a6e46eea366b9a416b5ae554cb440eadd875657fd5cecc214a
Count = 37
Nonce = dc3ca30782c9c0a7fe89
Adata = e788c98ae85b11b3ae884eed6f3b8f5bcf5ab1b7b20ad3f44f760b2287cc5793
Payload = f9cb86f24536931a1b095b426a07e4621c000cf09b472bf8
CT = 463f9124d1cc387a0f8b971d1e2da448f0efffc3956ebb2af8312986315522081f0989838ef0429b
Count = 38
Nonce = 9523f53f92b6e4ba86e5
Adata = c3b123ccc916d26a2e6a8b5e30041ad69a944217e9b402b7acc0170c31e8c2e4
Payload = b9bdcac80f64175836ab51bb1a1bee5ffe3a6b9b71afe3ef
CT = c356b5a78cebd123808fb740754dc47a8ec7c9448bfacf39768e94f062e86129cc9210dfcd3e6128
Count = 39
Nonce = 16bdf18c09d60f3a2a32
Adata = eedd0796f23612749e9fd282c864f3118d0683409d3bef1fda352e1422273c7e
Payload = cc96133e473d197be1bafdfc1a21d58e57d0d89b2ba1c3ff
CT = f9d78e9e3a41b3bcbfe756385a3715776eb84bb7d8d15432978757883f07802b25e9a5b15c43b451
[Nlen = 11]
Key = af84c6f302c59aeee6d5728ed5da2e3c64a5a781c52c4d1b
Count = 40
Nonce = df990c42a268950677c433
Adata = a6ab5d78427f297a4b7e21f1091ff3a5b20caa3fe1cbcb09459d9df596a6c8e1
Payload = 6db41aeb5f7c24df8929dbc30483b3c7934b3bd1cdce5bb9
CT = 8c9328258bf71970d33e23a3ff81cc1c9cbe196a1294264bfd6a7255e4801963bb30a63de3fc5b82
Count = 41
Nonce = b7ea72641bbe2dca6d85e7
Adata = 4e0f2ddf183281ec131693bdcea3fc9743733c07a486a42d5737735b3f6e3fdf
Payload = 726844e41b1e4d883024b32fee0dcea38c889cb328885b7c
CT = 9a133e4582c2ebc445862a9c6f2f4e39223c84081e322c8f262de30da6ef505fe640c53d765f672c
Count = 42
Nonce = 446fee1e75e79c0dfc9ddc
Adata = 42b598eaee271e06d9e98dd94152b28ef10f506d65bd660b2fb8b1be9a2d7254
Payload = 0cdcf348ecc9c3588001802c2106fb64be9c301adcc66e73
CT = 0c2657b0482b6ca92e1b1c8fdf75eae3b0cd3af205e9bca396ecb1e46beb16000d585e1d9559ee22
Count = 43
Nonce = 2e6e34070caf1b8820ed39
Adata = 8bd1ef3a1831fcc8919d736fb23111ca3ef4cccaf20264fab8eb3b071e56667f
Payload = ca0860cc1e96506c2beb25b53d2947fbab634f0372afc8ba
CT = 19e4774030e43e6853ab5bf176ba9c4b59f29f285977e3c15198cbe3e34c884c3f56a732974aa1d6
Count = 44
Nonce = 428542ecfb94a745980aa6
Adata = 8efe01716b9018084e2ea7616f85b7333d945c0c970f8cdd400130b98db67cda
Payload = bc6b59120ba2845b0e41f65a55e2ef1c45a81485c926c14c
CT = cb48b0af6fad251d409d14ce0fbfae9cd9c40bf4a0c1e2b7e7cec415030997e1ac5db974b617b5a7
Count = 45
Nonce = eff703e6d72ddd23ff52d9
Adata = d7fc74035e66709d2590b7bb3276245dd43824c9896fbd801ec1d07018b39b6b
Payload = 1a5432e8085511ddac1be91be3e2945f85f0cdcc3a1c9f8d
CT = c0a00cbaec65b7ca525fb26e80ee0cd18c7ef47c39c704833e59bfecf263bfdb24686627fd95e120
Count = 46
Nonce = 6a652ce21334a40a259dcf
Adata = 5d24d80f22afe713c4076c200c1bab36917907fde7b6d34e141066f543526db6
Payload = eb8f1988cb405041bf48d138ad41da7ef364d4ac59a9e324
CT = d4f23166c09a15466c7e0e2b30627ee5a84f22d7e6135b4a0652b67d559a84b4a915ca6a420fd300
Count = 47
Nonce = 9382e12d447c0ca23cc9c3
Adata = 239129eb760f8a770410c160e4e13a6b9497077c3e463b65397393fcd3cb5c70
Payload = b40e80564263c7f450c53ef84df67247d72e8a04dbb284bc
CT = 6de2ba26caa80874814816154784912c55e3d6da83488e7250f5a52f82211542b4e2661cf870c80c
Count = 48
Nonce = 2c3a4148cbb02504a2483f
Adata = 33c3bdbf185b580353de79e51e675b03b31e195f19ba1f063d44def0441dc528
Payload = 60a31736d99c3dcf25b349f6110e1c152b93506e85a01e67
CT = 4d5e705d08f3ed1ca6f1caa74b46e4b1eee18a0783686f207de16aaa41d06bc071657dacf14da754
Count = 49
Nonce = 691cdf6fe9ecc2154d0101
Adata = dc096596644c4e09c44078b86e5e0887c45094042eb0d74a6a13aa2524463076
Payload = 77e6441ee017a93dd876ff2c7980540c77ee15edb0f23933
CT = 24cecc81c8ac7ca9906372dc5263f2220b4dd162f1e08283f07f23e65475a20fd96e45c6c695cd83
[Nlen = 12]
Key = d49b255aed8be1c02eb6d8ae2bac6dcd7901f1f61df3bbf5
Count = 50
Nonce = 1af29e721c98e81fb6286370
Adata = 64f8a0eee5487a4958a489ed35f1327e2096542c1bdb2134fb942ca91804c274
Payload = 062eafb0cd09d26e65108c0f56fcc7a305f31c34e0f3a24c
CT = 721344e2fd05d2ee50713531052d75e4071103ab0436f65f0af2a663da51bac626c9f4128ba5ec0b
Count = 51
Nonce = ca650ed993c4010c1b0bd1f2
Adata = 4efbd225553b541c3f53cabe8a1ac03845b0e846c8616b3ea2cc7d50d344340c
Payload = fc375d984fa13af4a5a7516f3434365cd9473cd316e8964c
CT = 5b300c718d5a64f537f6cbb4d212d0f903b547ab4b21af56ef7662525021c5777c2d74ea239a4c44
Count = 52
Nonce = 318adeb8d8df47878ca59117
Adata = feccf08d8c3a9be9a2c0f93f888e486b0076e2e9e2fd068c04b2db735cbeb23a
Payload = 610a52216f47a544ec562117e0741e5f8b2e02bc9bc9122e
CT = 83f14f6ba09a6e6b50f0d94d7d79376561f891f9a6162d0f8925c37cc35c1c8530b0be4817814a8e
Count = 53
Nonce = b4cadb5f9cb66415c3a3b714
Adata = c4384069e09a3d4de2c94e7e6055d8a00394e268398d6ea32914097aec37a1f4
Payload = 22bade59214fa4b933cb5e3dc5f096e239af4c2f44f582b0
CT = 2296e3f8a2245224d274f1b90ed1287cbeeb464c70a89ee475ecb546efb8872a3f8b0281b3901752
Count = 54
Nonce = 72e6cebdaf88205c4e744286
Adata = feaf010f462ad40a38eefb788b648e1cc292cd4bb08ebeff3c39182862296042
Payload = 30655a6b5a5965db992e7248d24141055e988d726abb8e72
CT = 69b27f2bbaa61c4f24e1c25e0779147fef79ec1582486b4651cffa571570618e2ada3376bd9f3e5f
Count = 55
Nonce = d8030fb31eca2c43f3f5eb88
Adata = 66704365ddd0145febeb33f68b228a3f09e1e5a4b68149e6e06d886301841295
Payload = 9d014a02507a6f266bd1ace21b55ab8b73983ff503bb9adb
CT = 233a883650538ab8c0da30b90527f880fcad5b16bd435e762beeeea7a638c717e63764b3a5118a0c
Count = 56
Nonce = 58038cc35ad3dcd75195e125
Adata = 3da7a757e942409a3b39ccdc0669ce6401f7e133c07c4c42e366d70a8e9bdd49
Payload = eccfd817fa5e3a0146967fae13fc2471ee3944cee37969f4
CT = 415a36872a04f5b4b5372f63394ab9fb353e0eb9b430450133a87fa29e5fbfa9bc0430b0cac00b7e
Count = 57
Nonce = acd82ae31bfcabd90af5af45
Adata = ce22126f01bde16249c47102b4da68ad3edebcd4a16c24a16ea7ccdd5d364d10
Payload = 9d2126d34963d3ba12cd841bd321036cb82cfb78f2a6535f
CT = 88a5b889e6fd74fc15336e23374b430988416c7e6b6e7248b336cbbeb64fbebf2e7076a98ecf5bbe
Count = 58
Nonce = d24457d567fd0a65fdabf219
Adata = 0091d39f3478d2c59bf874b96db9ce0f7e8b85a9b805e07dc96b219819d51663
Payload = 6da3ac85505e93c4f391ea367a9e15fa9b388ef7ae2693c1
CT = 7039a8a49cfa6402b4ba3b840e69200c13ac4a3eb1c709a30ea909047af4998c660afbaf346ed65b
Count = 59
Nonce = 50c59ca54eb64575b82b13c6
Adata = 5e4e42cbf172853c351d597c7d6d38b1a9cbb7ac92c00863a80ac4a2d9f0e7fd
Payload = 25b2ba0a937b71f3ee68e7172cf2c4524b662efcd08ce2b3
CT = e95fc44287ce39c5ad6b91c88582563fa68a9e304094deb8b193dd767f17783f0b51ac0fb7323301
[Nlen = 13]
Key = 36ad1e3fb630d1b1fbccfd685f44edd8984427b78deae7a9
Count = 60
Nonce = 3af625df8be9d7685a842f260e
Adata = 308443033ecd4a814475672b814b7c6d813d0ec2a0caeecbcaba18a2840cdb6c
Payload = 8b9db1c8f9b4892a5654c85467bcffa2e15e28392c938952
CT = 6bc6890fee299c712fb8d9df9c141f24ee1572b8f15112c2f8c99ccf2d82788cf613a61d60dae458
Count = 61
Nonce = 24eaeaa437649e61b706942b8d
Adata = fff75462f96157d9554bddb6aac156fefd88fd4a90a8536dfc28cc577f19c83a
Payload = 49ff4ff85f7407ca383cfa4fd7177adb4dab26e642c8186d
CT = 3647fae50c588d792442f43a20125e77ab5db3c469391d24d0a421bbbc002eb9ac9ad01f625f824b
Count = 62
Nonce = 7325932d6694aaf61a8204c172
Adata = be20ceb8ca14e9bef7158b280a26bcac763da79cd0eba9b1833ea808c5e7a66a
Payload = 2861494eb40b9d964d339797c1b6aac63c6674187768957c
CT = 286dc74001e2a6000a23db164f4b2912de4afcf1df8c3aa5ee32a7ffd4e7bc303d3482fbac431828
Count = 63
Nonce = 61c9949df5853e42599e5ee0c7
Adata = 243d09ceb16755cb58d62065df84890b840ad9b7eec1132c6427cd7c3d843fcc
Payload = 943a49073db6ae94a88844ed895f8fd99ed25c3f42a2f78c
CT = d3c56bd265a2cb0811dd218f248800ceade4f02b5403b9635eb30cbec49cbb51c41cd5032b7fd759
Count = 64
Nonce = 07b6c18dd3b0fd9e8ff026a436
Adata = e85f141c3d1af7727fcdb00f8e2c34e42a436d04ac5b8ca9f321a178a2056806
Payload = a18b0a4618063c0519818d113b8e5435aaf153f664058f1b
CT = 69f933a2a5e774e8d013cbf78c6ab0b73e6ca323d0c52691acb5cf2631987d3d963349b035324aac
Count = 65
Nonce = 0c075df70630dec2fe81834945
Adata = f3f5c5ffbfe8247bc0c33c793652f749fe91b6dd141cf0db56e71cef8a2fd266
Payload = ddc4bac4115e8cb06d29d22e400674dbc615a667f933603d
CT = 26bdd25c9f204fc7520d26c161464c28fb35e395b295b3db4e239d33283d18415b54c2aad4bde354
Count = 66
Nonce = 0c2d20375057fcd4241d290f6a
Adata = 70ff1b9ff8ec08fdb18b0e7dbe01127ed0cfe0b0a449ca2ace4992b7b6248b71
Payload = dacbdf1979e000d52b573e74800761b30acc26681f372acd
CT = 6a642c389433a3464fc64783ae6a14a9a45f0998b56a5b9162d7e0320dc930df3640a786d7ea9ae4
Count = 67
Nonce = ea0801cb3dab853750a922dd25
Adata = d83360d0896e022bf014bd33710ab212ddedda6d95a54996f33db304e5f12f01
Payload = 46cc5653bbd8300dfb0df6d0af3fb7c7639a830bdc9f68c7
CT = f1b0728920351d9edfdbe7df360b21f6cc5b628dcf43a3f10d06b4a545609a2128a95d4d73471559
Count = 68
Nonce = 97e6de379c90fccf3fa8f27013
Adata = 539f8eb802bfecaa4fb5b19debbf3d4847db9c4e0473a308ab3f3c859e68fecf
Payload = 8b013f52a828905013f250fb9c006a173f6c66a64b5ba317
CT = 556a439bc979dac1cfea8c5b64aa78547f52a62896c19893f3512baf72cd79ba9301194be204bcc0
Count = 69
Nonce = e832b6330d3e5e190598cb9c61
Adata = 093be516277e8b197ba5e9c85a831529befff0f3971510ab611dfe0dfb50a2ad
Payload = 635d2d7894bb816f154210946a369df37ea492993ba23af9
CT = d8e19c67e5aa7f14a16ecaaac414a2b15a15bb5f966932e6b0bfe9a5857fd36df94aeadda7f83a79

456
testvectors/ccmVNT256.rsp Normal file
View File

@@ -0,0 +1,456 @@
# CAVS 11.0
# "CCM-VNT" information
# AES Keylen: 256
# Generated on Tue Mar 15 08:09:25 2011
Alen = 32
Plen = 24
Tlen = 16
[Nlen = 7]
Key = 553521a765ab0c3fd203654e9916330e189bdf951feee9b44b10da208fee7acf
Count = 0
Nonce = aaa23f101647d8
Adata = a355d4c611812e5f9258d7188b3df8851477094ffc2af2cf0c8670db903fbbe0
Payload = 644eb34b9a126e437b5e015eea141ca1a88020f2d5d6cc2c
CT = 27ed90668174ebf8241a3c74b35e1246b6617e4123578f153bdb67062a13ef4e986f5bb3d0bb4307
Count = 1
Nonce = 195c0b84baacc8
Adata = c7d9557b2ed415652ce6faa8cff5217ac803530ec902890b31eaaf3eeb0aa98b
Payload = fe012718481b2c4e1d7f9a7685e3daac43ccf22cad0df900
CT = 893af0f130f1317de9f217234274b0c04fcc202cea9a0df882c00b5b463654adbf82888099a7d258
Count = 2
Nonce = 363e0e921c6f11
Adata = 805678936d4e94746ab4818dc5f50c41e32cf32e7a8aafb300fb91af6406108c
Payload = 7e7e33e1a07d4e8fde2f33304f21cb564d146860ccfeb49f
CT = 645cdd11a1c232815ce1e07ca3ea83f372eba46cedafddd980adf2762a1617adfd4d8356bb48aa8a
Count = 3
Nonce = e323cc866af462
Adata = 163c747f3ba4ffd68af87f2475f48f2714659a2ec43b9ed115e02fe0e3c8be99
Payload = 2bfc76f3b108ba3118b07433c4d3d5f41564d22547c12822
CT = 0db04c6b068e73e3c4d71059bdeee3d27622f99dfd07d868fb9c02753c57fec7e1a5fa8f3860501b
Count = 4
Nonce = 03ae777078b95d
Adata = f1dacf9062dff9a6a3d0498f9d058782f891475684196bf2d8e7e905393acff7
Payload = 38c4275a5f605fd1d99517e13deebf0c9794ef586070fa9a
CT = df8f524872b5f06f3f219ba76524990b466409894930d7e0d104990e598eabd88cc8342ac16424b5
Count = 5
Nonce = 1c6c351d4fe9be
Adata = 14285e97cc3cae452e1a52e2fa0bbe24df96abf2faf6b9779acc59764612eadd
Payload = 9e2220f3c17532e1ce0d6f562b049fcef35bcaf9a7e196be
CT = c274b28228a6b13b670c325080f88d188d40d78d385481eae004894b1861db5d2d8ae98ed8926c1e
Count = 6
Nonce = a121dc27479397
Adata = 359421e9f78cc4a31f4f019977d7fd29780524e20288798c50002a682a6368b9
Payload = d42b16b32e77637724144eaddb21ca8d7db4e7f73acbf707
CT = 56e3e3e59e978161355e7d8573dc0657db400ca0b083dae8ed2ac2cb63e1b9d7dc598634198fe4fc
Count = 7
Nonce = b1f0e26b60bf1d
Adata = 2ab4239fffd13762fb5391f5a4760d12d96ea12666a793b4d651e9f4891c22c1
Payload = 9a2851083ad4e7b915bb0526bb4054e4c0b4adf8626edc90
CT = 5b2e0215523ff37f0df46e84f996fc9fc779986c766fa51595b8a23ee377d5c2850f4ed95a385253
Count = 8
Nonce = 50412c6444bcf9
Adata = 09cdcaa87ddf8bbe6db8411d14bb9064e4a121286cc8a6e97fce1844935f436b
Payload = b28a5bc814e7f71ae94586b58281ff05a71191c92e45db74
CT = 05cbc32a6ca797684636dedd16ce65a1eed69bcab1b1bdbd514ef5cbf9991a919fb4974d55506ce1
Count = 9
Nonce = 225557b0faca3d
Adata = 21611da060fa90cf7fd68b721caf303307a56e56453326495b628c7dc93cd175
Payload = e831b739e8eb9f787f63c0bb071ddcc9f44cab8d5b447d23
CT = a97e0879407eb3b7f93118ca73f17eb34e9f4baf43b07be2e8a3f7b848054cb235e1b58d6a12c5cb
[Nlen = 8]
Key = 472bf7946bce1d3c6f168f4475e5bb3a67d5df2fa01e64bce8bb6e43a6c8b177
Count = 10
Nonce = 790134a8db83f2da
Adata = a7a86a4407b7ecebc89434baa65ef173e88bd2dad9899b717ca578867c2d916f
Payload = 59eb45bbbeb054b0b97334d53580ce03f699ac2a7e490143
CT = db4961070f528ccd1a5a0681ee4d0ce3515fb890bccedc2dbc00b1d8b2bc393a8d09e87af7811f55
Count = 11
Nonce = fb2441d1594a488a
Adata = 0875020959ed969cfb38636d1d5aabce9658b00171a7614ea9e5395331c7659c
Payload = 451101250ec6f26652249d59dc974b7361d571a8101cdfd3
CT = 1bca7b0d35a68c0ffc568ffc8221cca738b67b95e3ab26efee21c5738d1f7fddf3030d004a702704
Count = 12
Nonce = 0855263860043207
Adata = c7fc24863c33f7e8cf97b337918495d52d864ac570c99cbb09d151758d6b504e
Payload = 61fcd7ef9bf151b9d8a81dc1ba4f82c45e9c2e4784627acd
CT = 9b939b6b188e1d0fe016f366fb01eb79a99ef7b1b57c6f7ab223454c57c714d96681cd4d55615afd
Count = 13
Nonce = 415cd251a5e36943
Adata = 1a393c7e85fb286709f4eb50f09640e1d65ec1135cb4443820136b3cec69772a
Payload = 66ae08d494dc9df9b7f8f53199fa37d0c88885458b168c57
CT = 1731e260ae31b8068ad1099313b167d9e6cbe49f471da61a9af96d3ce4ea94213b60cb69d92050e6
Count = 14
Nonce = d95bd65242bb2265
Adata = d0e20e1358be5cc1c45c1cf02c82d0a6d0824cfcb65774cf95f047b9f2cc1d3f
Payload = 312c3791c64d79205a11eebfc14b2d7a6b00391793c9559b
CT = c3fbe558ff9ea83ed86b7d66503ee38eee94e4a41fd53f0f627a352d056712e0d44404c61712e2ab
Count = 15
Nonce = 3f0bf0141dd3ace0
Adata = 9dd4ed18209dd6cdf19cc76fee443827e7331aaf020960c15d7bbed0f6a3b1f7
Payload = 08354480047eee3beeb5ab165da17d23f2f1a4ad98720611
CT = 2db9d2c54134d37ebefcecb9e2076034b975677fde58ef6032645a322fa9bc8aace600f942a84db4
Count = 16
Nonce = 3fd8b3a3ff563a42
Adata = e58327efebad3276a7cd1b1ccb56db0caddd02a303cd9fc7ea5c607a2ebefaae
Payload = d1abd89351384e1a3c3366f77c3175f6390801554d7cd783
CT = be284dcb357ae99ada7cc891730320ebb32ca627eb8c80623957a2a5b6164218fc83e12c42d5c532
Count = 17
Nonce = 14db1ffc1c87117f
Adata = 6c2b091433833a0ed915354dcb70d982095b614dc51a95a22cec417184d8e786
Payload = 0594307491f157821e63f50c94034f9284f095d5b897153c
CT = a114c84a10071e359bba2b2ba4ea67f893e27e6ea880aa4b2cf16ce68a93f8839245baebb2278300
Count = 18
Nonce = 40b0f74ff27a3fc8
Adata = 3b9e1f4e9b57a6dfb5e0ca7ef601fc6af30a1f8650228e51e0dc61180d0bec6b
Payload = fc8b7dbceef6b0ffcbade789e09303044042cd671607e819
CT = d00ef56074a8213740af8b8f974f778db560ac365d6ce916b8d191130e864bcfcd1dec94a1aaeaef
Count = 19
Nonce = 96cbe9cd19351359
Adata = cf498fd042f9a07503e490cec4873d4df91162cfde60bd2cbb2b710c6681a9fd
Payload = 315e81c9ce556dcf97a5b68503fd2228a7a6a174a15cd618
CT = 7383c2de08bce3f0b7e504dc03d062f44396bcedd2180fd954e6ec9f6ae1e0976ecf04dbee6463c2
[Nlen = 9]
Key = 58ae7965a508e8dd2eda69b5d888a28a1cb3783bad55d59d5b0da87137b72e93
Count = 20
Nonce = caa3d928d2bf2b7f2c
Adata = 304678b3ffd3200e33a8912bcb556b3cfec53ca17f70ecba00d359f9f51d3e3b
Payload = e61bad17640ecff926d0b0238271ee4c9f8e801dd7243e9e
CT = 7bb1137c14cb4d324a4a8f1115c619ebf74927f0bed60a8d5a9140ff50dc4da375c7d2de80de097f
Count = 21
Nonce = cf09ca67659a583bb1
Adata = 5507c4c3107cb446d19975f91207dbf3e2a51d1dcfd7da2f082159dbc3f41547
Payload = 1887bb0c02500093a30a44b99e137483704b06615d308c6b
CT = 834d3b2e5f0915c2348c706b4d2ff2717983ab4490edcc63971f02b7122d1e4f78de9c3376520f5a
Count = 22
Nonce = 97f940d7c1230bd8d2
Adata = 56be2c9e09b555373d58f6fe2a0ca9b4ddba899addddf12b0fda860ad791773a
Payload = 5ac67c9bec9b95c54e187a4a6812f5d701c4ac8f847c005b
CT = 9f372ba1c87a115847cd708aaf5b8a143b6981ffc2c61cefd30ece13481609809b218de04c4e5ed0
Count = 23
Nonce = 147c7ebb6c92245054
Adata = f95d64a513a9f3e6c95c9ed27b22fafd7dd10da52636029523142149116aff53
Payload = 08f199a8d7e3ea821dd3106e8947cd2e9d485342b25a6471
CT = c438aa6d187643d030dfe4d6b5b578f84838f4dc5c396d700c0986ecd7dab44e5e97db37392a485a
Count = 24
Nonce = b9bad794d49cdac9b3
Adata = de9ff2a43f49cdc502cd17a373989bafd13fa6ccff6660557ce05b6295186d47
Payload = 40d1cd4063750184356a1d7cae1cf1824f552c5d59a62dc1
CT = 9952b25f4f4f375440cd958456184fe61610381ba92ca48f38dd977042c4d97da84e4effa650799a
Count = 25
Nonce = bbe054fbef86db3ce7
Adata = dcec76181e3b872a5a6e79f070354e38866c7f67fc428fbca29ae6d929b1dd7f
Payload = 5f29808ba74b672a0f82b3b7581dc32478c6e790e2b8c61c
CT = 4d176f48b09b772dde8adbdaef720aba128a8d38a902847ebf22c81a5d824b4916660be6f9b513e6
Count = 26
Nonce = 6a35e1a4307f6efc6d
Adata = af28120505a84a75b0f6b18cc9d8c75c661bf143be29c11d8ede78b9bb98c98a
Payload = 5e2f601395ec406fcf96785f768162e849f867dca77667ab
CT = 4e305e26d34711c6aa775f490939cc6560d3cb6905f5b0f5588ace6fc303600abc8e5825cbaedc7c
Count = 27
Nonce = f6c237fb3cfe95ec84
Adata = 038f8ed89444784417a9c23bf11e9b436174e6c10959e00faa1704ce2f7f2c7e
Payload = dfd9cacbf7d73d688447ebab13d2e13f3613652379b386f6
CT = fb16c17a6b22a8658f446203ad46a48b34808083b271cabb015a1f78abc287bd2a63381ead07c558
Count = 28
Nonce = 50d024a3e7455d7249
Adata = 8513365786b7988b208984e11022c15573f978bbdc29e8a7a4745c8a81885a1d
Payload = 400317786b7df63373ffe541efcee6318cfc95bb673aad3e
CT = d33b3141fea3a9ebdeb80d1da32dae42680be78471fb3023721f714120162514555b60560afa4256
Count = 29
Nonce = 02769283d5a06c363c
Adata = 292c0be3713c6c588cb4e29a1c43b3e6353e33556194e568e800e4e44e8281e0
Payload = 12ba8eddff1c2a03ddd25bb924ff065a93fd712b2c4f61eb
CT = b15b1789c323a68568f86f35483bd7e204beff8f318ae14351f5e62b3b923a937e6c307af202fab3
[Nlen = 10]
Key = aecc5e18088bf9fd7b17f089bdd5607b69903b04b726361f8a81e221b1c91891
Count = 30
Nonce = c527d309ab29ee91c5fc
Adata = 8f9a73e7bc1c11e2919020ba3a404cbddf861e9e78477218e3be2cd4337b278d
Payload = d4291c99901345afe29f58912a414a7498f37b44362bdf3c
CT = 392784a9e0b14bcd37639ec5409d6ead3e75f855e5a92c33ffc040ef3977e0035ce6ea6d157c18d3
Count = 31
Nonce = eebc31a5813b4fb93b63
Adata = 9c87ad77953bf8a811e001ddb946eefafbfaa598150e85f0701853fa307d77d6
Payload = ebcfd71120b0f9a2cccb898e6dfa082998cbe10032de3e61
CT = e38eaad1e2df77e85e7129a8ce0f82cfc32b0aef79ab651bade65aa17e4dfb0aafe18cf71a72b180
Count = 32
Nonce = 231b33dc406c9210f59a
Adata = 38be46d271bf868c198052391f8a2147c663700d9bb25a0caaa36974f18dacea
Payload = 9032f910347daf661092b5c1f15b5ffed1369b194d9e12f0
CT = 868b85288828501cf1d06610fec25e8b8a4b437e2e4f5563b7f3b898a2356909784598f8a8916f5a
Count = 33
Nonce = f2a88c3ebc74e62f24c7
Adata = 5f495c5da035cabeb77e8aef10e91a05bd5aa414d1a37fa1099af959b26e5403
Payload = cfe8ee9b475e36058471e2984ae66f6ba1b3cb477b15155e
CT = 22c16333ac651cd9c183e78aba3e9312fb3b77dd6f9199502788860aae5534cf84979e30c3327d37
Count = 34
Nonce = 9cbaf1c83ba60b1e90ea
Adata = 7ef136bd9a5809676abbaa68016d6fc713e34ac4b768a8246b1198c959f43085
Payload = c3bcb0aaea93893f05eeb6439c8619dec17670a6439e2921
CT = ebd9fb86563aa8f10062624441336f982c161ce5717d990a599ca6ec1c61a14c37b5902389e47aee
Count = 35
Nonce = e25322845d87d8a76753
Adata = 2a89b9f0e56a1cf87dd38ed78028b6286ef8b7141dd2b3c65c5a8e1ed79bf4aa
Payload = ae622ff9381854f831892c318bae5c003e74b15199bc12c0
CT = 144c920f0fe278f353d0b053563d907c7589e4f1479d7a93a0604deb3fd9cea2d89987833ff5c2f1
Count = 36
Nonce = f4d7978fad36223623cc
Adata = 8671de7e994967f2521d263925e745af9273682d9c08ced07d4a98fc985f68a0
Payload = ef9b4ff8da108cabc972192ffecd5f96594c6d0871ffa6aa
CT = ae4948b3bc1e50beb9f5d005871fc0d3dbde295de1c9ec3cbc866ab47bea7a4d0070e52b492fb8f6
Count = 37
Nonce = 6597ffb9eaad0fd9d830
Adata = d2967ddf69ef62a9e23c9118dfaa55df92b4116322f1c9275131e3875dc92faa
Payload = 5015c894b2437ff15c46bca9236830ff4bb057cd5764f027
CT = 0b1dcb3cb0b4c32f398f3c43eccfe8f4242f33c99a2a2283efcb3dacac25bed0304f227fd5b77b8f
Count = 38
Nonce = 80e376b87272d99cde28
Adata = c9cc8f967dff45c05b9345d03813b6e30dace99556f7df75b7120bb6e5f55827
Payload = 615f657e24129a3e0f119988959608821219ce8354c4be26
CT = d3e8b8f7ff8faa666ffe2509187fa7befc7412fd4e3bdb06cd2f7494b1fb0a0c6a2184e5c4787fea
Count = 39
Nonce = 344cce96455541d403f3
Adata = 748cce18fb40126ce125dbe341fbbc59d2aacc170ed5ef0293b15713c9184a07
Payload = 828b6a4cd49f499a6e8e8508f9ab35255d8e9fed33ba4d91
CT = b67e582a74d7f022a16ada2de7ec18caafdefa6b104baf4ed93b6f8c8a1bf72be75976e4ebe6dd1f
[Nlen = 11]
Key = 97bc7482a87ba005475dfa3448f59d4b3f9c4c969d08b39b1b21ef965c0f5125
Count = 40
Nonce = 0bcf78103ec52d6df28887
Adata = 049c10f0cb37ae08eae2d0766563b7c5a8454f841c2061a4f71a0a2158ae6ce5
Payload = b99bf4dc781795fc4d3a8467b06e1665d4e543657f23129f
CT = 0d3891fa0caac1f7ebe41b480920ffd34d4155064c24f3b17a483163dd8f228d1f20cd4f86cf38fd
Count = 41
Nonce = ab6374c6b2faefd92fa3d3
Adata = f19c044023e5cf339203738ee70e76527519763664c06ae00e002a5ba94c32c6
Payload = a2e5c51f516db01688b64c173bb25645182a005018022ee1
CT = f70c598df3c64d3527ebb7fc8408b7de2cfaa1da7984ec361f1ad61758d828b70d4881b7d6ae8cd0
Count = 42
Nonce = cfb89e7ddcba601e875110
Adata = 052714010da516c896ac5842a839ae845324643cddb080e6206148432d0d0407
Payload = 037f206cab78a6ca0745dc8fc137e22e14f3d7183917ef83
CT = ccd675862502a2e2520a33250150b8b7b220e84db854888c316dd62075fc761e2bc80edc5c564bdf
Count = 43
Nonce = 967cb6f8530bf8a43adb42
Adata = cf391a84d03e2e22aec1965cec821f99e7bf21a7c3580dffa531464b22d83225
Payload = caa3d928d2bf2b7f2cd8a7f357055b6d6895a5e34f47972a
CT = 4f4f509debe6e52eae4af8b1740dde0a5338f78711a3b4ebfc8b5aca6d606222d6af7cfea0d1f4e1
Count = 44
Nonce = f5b7b5dd2b5e1ec93710c9
Adata = e7a6b228a67d37b9d29a38efc547e50b4a6d95d599b45ee189ece21101ac6b5b
Payload = 4a74ff35418723f2cecec1012484b52114067b2b2393e7f4
CT = 25b140922a9d4f2ce153a4ff86596a49d7de6a6184e931e8b2ff27a98029b23484e00c2a5d291887
Count = 45
Nonce = 713de00faff892977d99d0
Adata = 14ea93488d4284d21d4c7ce14414adf45c1ed9d2d99db866d0e59accb6234dac
Payload = 3820db475c7cb04a0f74d8e449f026ec951fa59667738698
CT = e4d92ab8d1ffb0976670d891cc8338da12f86d5d79b334103d2ae816edf857c810b6fdc7f2c71f1d
Count = 46
Nonce = ba87934808de09b2ae829b
Adata = 30e2ea2a505f19e8760a0a84961000c7a0b7fe3460a9d3f5a38f54149be2e9ee
Payload = 0e52a384cedcdf7f179348de6e7336aa86f8855fbd903cfa
CT = 6df893eed2be958e5f542f8cb4adb392b34786cb4ce821ec93fc57997b977948d55bdb026db5bc48
Count = 47
Nonce = ea09fbe5da0fa4fe911e18
Adata = 237dc8512b29bccdeb8ee39cf83b9b6dd203823d175c44d5f605b194e7ec136e
Payload = 41cee0ecaf9c65cef740440af37954ef49a585779d2abbca
CT = 2f204ebcf549ee2a800d870e6341b9a89a41ab4ae91b6902ff704a2bcfb8becd0226f76d68fbb08b
Count = 48
Nonce = 5b80d7affc4ab4a4b68bdd
Adata = 3a38dd7da30f5c312fb1e978d87b7a39792fd9ea3e9ab1565874e99df587327c
Payload = 5ff92f6d3ca791421363e10cc84b4e8e21e0ebe5d8c55d6c
CT = 05472db7875d59f8bed45606f355a516de93740aa2baeba18df9400df42baee6b9a0d75b45840104
Count = 49
Nonce = 514bba483fe7f2b7e555cc
Adata = ac8beb419099cdb42a39e9b46fd900cc52eec4b43a96ed18b37b899b63fb931c
Payload = b0b11dfca9b3936d1b4a423c5acd3d012b399a487c19c994
CT = fa20629d514c4ce7bf727629bca5aa1c0c7e7851fc1bfc5c847729a70d7b4cff5281aece37006015
[Nlen = 12]
Key = d6ff67379a2ead2ca87aa4f29536258f9fb9fc2e91b0ed18e7b9f5df332dd1dc
Count = 50
Nonce = 2f1d0717a822e20c7cd28f0a
Adata = d50741d34c8564d92f396b97be782923ff3c855ea9757bde419f632c83997630
Payload = 98626ffc6c44f13c964e7fcb7d16e988990d6d063d012d33
CT = 50e22db70ac2bab6d6af7059c90d00fbf0fb52eee5eb650e08aca7dec636170f481dcb9fefb85c05
Count = 51
Nonce = 819ecbe71f851743871163cc
Adata = 48e06c3b2940819e58eb24122a2988c997697347a6e34c21267d76049febdcf8
Payload = 8d164f598ea141082b1069776fccd87baf6a2563cbdbc9d1
CT = 70fd9d3c7d9e8af610edb3d329f371cf3052d820e79775a932d42f9954f9d35d989a09e4292949fc
Count = 52
Nonce = 22168c66967d545823ea0b7a
Adata = 7f596bc7a815d103ed9f6dc428b60e72aeadcb9382ccde4ac9f3b61e7e8047fd
Payload = b28a5bc814e7f71ae94586b58281ff05a71191c92e45db74
CT = 30254fe7c249c0125c56c90bad3983c7f852df91fa4e828b7522efcd96cd4de4cf41e9b67c708f9f
Count = 53
Nonce = 225557b0faca3d6cbaedec5c
Adata = c7aafe7d3b419fa4ea06143897054846ac4b25e4744b62ba8a809cc19253a94b
Payload = 0e71863c2962244c7d1a28fc755f0c73e5cbd630a8dbdeb3
CT = 2369b56f21336aba9ac3e9ba428e0d648842a7971182d5ffac57f6ae1080efab4ed93f8b4ce1d355
Count = 54
Nonce = 78912be1a35e156a70fb72f7
Adata = 12ba8eddff1c2a03ddd25bb924ff065a93fd712b2c4f61eb80d77fab2c4900e0
Payload = 113efd182f683596862ccd5eba2e2d4ffa709d9b85c6f1d5
CT = 835a22eb8d718c0ee1531a2d1bb95f58215c997c612908eeed3ccaeb7a814f69d3ec1fbf2ee9792d
Count = 55
Nonce = 91ad90b58d2044abacf957e1
Adata = 4fc795b9126c23dd7fd514c2e5a8ca583e88a783b28cbb2a5df09f8b520ba0d1
Payload = ed55f6b9eb8fe74474c037ede94ffd84ada846ede4ecff74
CT = ecb595276fd5d412a7cc3f5cfe960f47a0d0e2df0b08a11ac257d67143722a976c9d7f44b09a767d
Count = 56
Nonce = 4bbe4ca29122c4892ca09b5b
Adata = 367ecd1b71dfb96a84e2369f28705dfaebf0c73ed35d5364449b2391230be846
Payload = 8dd497bb777bbc3e56e3af25a43545007bb00f2b9e9f815c
CT = 563d61fc0a5b82804a580a7d752a8e61d3342fb39372b39b6843a685bde3175695796f6e64f35901
Count = 57
Nonce = 218e7b8a8fd62927f90b70e5
Adata = 01815f599d6ba0d1c09f6f673bb6cca4c2a7a74f4e985be4c0f37842c7bbc5a4
Payload = 80f3e4245c3eab16ef8bf001429122e46bde21735f63adba
CT = aaceb16589b9de253c99d0d32409a631db71e8df8a7644bfd027e3466e8220144cb0552f9b2800e6
Count = 58
Nonce = eecc9f106a0721334cc7f5ba
Adata = bf38d0ee11a796a517539bbc9ab00ff85a4ddbf0a612d46e2bc635180ad34c50
Payload = 36cefa10af1a3446a2c8d4a1171144b9ddd8e33a7cd5a02d
CT = 9bf3b2df93cf5b587ecc96f45fc75e6eb066cb286cb06f284c9027fc41bb8c848025fcf9d092a873
Count = 59
Nonce = e41af8ca408c4c12e37561a4
Adata = e0b20892875f60b5d8763a04958487fa5b7cf8d67a456e430475b337245d671c
Payload = 32a4da08bdd51336ed5798c7177b853a534bc98f2e6f7d4e
CT = 95ffdc68f721cf2294d0d88002e3814167306fd906dbebdb7e6e0e5dc0a03826e51bd94269d7a41d
[Nlen = 13]
Key = 4a75ff2f66dae2935403cce27e829ad8be98185c73f8bc61d3ce950a83007e11
Count = 60
Nonce = 46eb390b175e75da6193d7edb6
Adata = 282f05f734f249c0535ee396282218b7c4913c39b59ad2a03ffaf5b0e9b0f780
Payload = 205f2a664a8512e18321a91c13ec13b9e6b633228c57cc1e
CT = 58f1584f761983bef4d0060746b5d5ee610ecfda31101a7f5460e9b7856d60a5ad9803c0762f8176
Count = 61
Nonce = 8a56588fe5e125237b6cdc30f9
Adata = b3aee5fbf409bcfe9b46ae68d570edbbed32c12d13926ffb5ddc60ff0bdb7f85
Payload = eca81bbd12d3fd28df85e2cc3dcc2ecbd87408002fd00fe1
CT = 9aad62a5443550d11f9efdab2de0eba74d47ae4f7d16adf4276664f6567f2f978bd4be4d80cd07be
Count = 62
Nonce = d908b04840caca2280e5293ade
Adata = 314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e
Payload = ad1109ea5c79bb55d22e9713eb2df42767cb29a2eba3ad2c
CT = 61fdcebb158cd03151697ae7871c0a998802997e0672e5886e5a9df1b1d6284ef657cde6f74734bb
Count = 63
Nonce = 6df8c5c28d1728975a0b766cd7
Adata = 080f82469505118842e5fa70df5323de175a37609904ee5e76288f94ca84b3c5
Payload = 1a95f06b821879df3fd3ac52fc99a7c1d3e9775263b7d036
CT = 704f60f9cc3ef7bc00b4f7a271ca70a89f4d5605387b3e2f8cc80aa08572b90e9598d0a73712b720
Count = 64
Nonce = 6c6ebacce80dde9fefb7e5bb47
Adata = 93f0fca0c8c84d5cc48160b25e246226d489225c0f8275e52856da592c715aa6
Payload = 46820aec46ebd0d61706129584058a1498514928a87fe620
CT = 00f6cccf45f046da1e6266afe61eed61c60c28515b2e1ab386b2c952055899184f0d95ffe3959f89
Count = 65
Nonce = b94bc20d8c9abca7645fc6bebf
Adata = e1c083c93663f5a066ef337a61aa3fddde7c301a42463137c375cc2dcdd76954
Payload = f1fca581d3dbbc61060c0c02adb47bc57954d25a283f66d6
CT = 90c65d23e0e1786cebb95f9b1306d001b2e503842cdedb75e37a53d77b9e38605febdd7b2b666f98
Count = 66
Nonce = a4974791d417d7e9eea0f4ae8d
Adata = 33602f308f3a0f7e1c75fc1e4321d545ffa278234958dbadd37f59a0f85349c3
Payload = 41712c058d2d56b43b2c79278e790858a289320746c15a60
CT = aab5656a1ef060c9b1ef7e2f3cc0bda40ff067900401182563ceb824708a20724c99c83f1caacd70
Count = 67
Nonce = 6003b771afe4e99e1ef1ed4a31
Adata = f60d8362b2ebf523681bb051fd3ee13919ad86acd963c703c4178a5f01a84236
Payload = b766022311c5e1d74a607fec7cb8ee805b8397a6c5f374c1
CT = f73b2a6dbf8f798d4bfb489a6578c9c79152e42aa3b81b64a84e7af3116a18f7ce44ae93f420270b
Count = 68
Nonce = 27861168ac731a223dc35c03e8
Adata = b7ba1c66282cb6092ba601407ff9578afdadf7ba7a4d08edef06dbbfd87171bf
Payload = 0822e3e6ba982091d532cd5271fbde25305d1f6e71880f81
CT = 5ab3e5296cd1f08704c82f6b42939702515b7733853d723d4009312bdae46958d844eca502bcb005
Count = 69
Nonce = ef284d1ddf35d1d23de6a2f84b
Adata = 0b90b3a087b9a4d3267bc57c470695ef7cf658353f2f680ee00ccc32c2ba0bdc
Payload = bf35ddbad5e059169468ae8537f00ec790cc038b9ed0a5d7
CT = b702ad593b4169fd7011f0288e4e62620543095186b32c122389523b5ccc33c6b41b139108a99442

0
testvectors/GCM_EncryptExtIV128.rsp → testvectors/gcmEncryptExtIV128.rsp
View File

66156
testvectors/gcmEncryptExtIV192.rsp Normal file
View File

File diff suppressed because it is too large Load Diff

66156
testvectors/gcmEncryptExtIV256.rsp Normal file
View File

File diff suppressed because it is too large Load Diff

86
x86-improvements
View File

@@ -1,24 +1,28 @@
/**
* Since µAES code is optimized for 8-bit CPUs, it might be much less efficient
/** Since µAES code is optimized for 8-bit CPUs, it might be much less efficient
* for a 32-bit machine. We can apply a few tweaks, especially in the process of
* mixing columns, to boost its performance on such systems. For example, here's
* a piece of code to replace the lines #83 to #131 of "micro_aes.c" source file
* —starting with `#if DONT_USE_FUNCTIONS`. The endian-ness of system is crucial
* and must be determined by appropriate macros, e.g. let BIG_ENDIAN_INTEGERS be
* FALSE when compiling for a little-endian system and TRUE otherwise. Note that
* the `unsigned` keyword is actually equivalent to `uint32_t`. Furthermore, the
* body code of `MixColumns` and `InvMixColumns` must be changed as follows.. */
* mixing columns, to boost the performance on such systems. It's safe to assume
* that the `unsigned` keyword is equivalent to `uint32_t` type. But endian-ness
* of the system must be known or pre-determined, either by including <endian.h>
* or evaluating an expression. For example suppose `SYSTEM_IS_BIG_ENDIAN` macro
* indicates whether a system is big-endian or not! Then, the following piece of
* code can be used to replace the lines #88 to #134 of the "micro_aes.c" source
* file —starting with `#if DISCARD_SUBROUTINES`. Next, the body of `MixColumns`
* and `InvMixColumns` functions must be updated to incorporate these changes */
#if BIG_ENDIAN_INTEGERS
#if CHECK_ENDIANNES_AT_RUNTIME
static const unsigned ShiftLE = 16;
#define RL8(x) rotl( x, 8U + *(char*) &ShiftLE )
#elif SYSTEM_IS_BIG_ENDIAN /* ! use appropriate standard macros */
#define RL8(x) rotl( x, 8 )
#else
#define RL8(x) rotl( x, 24 ) /* equivalent little-endian rotation */
#define RL8(x) rotl( x, 24 )
#endif
#define R16(x) rotl( x, 16 )
#define RRR(x) rotl( x, 8 ) ^ rotl( x, 16 ) ^ rotl( x, 24 )
/** This method must simply compile to a bit-rotate CPU instruction (ror/rol) */
static unsigned rotl( const unsigned value, unsigned shift )
static unsigned rotl( unsigned value, unsigned shift )
{
return (value << shift) | (value >> (32 - shift));
}
@@ -66,13 +70,13 @@ InvMixColumns:
================================================================================
a sample compiled assembly output, given by gcc using `-S -Os` flags:
xorBlock(unsigned char const*, unsigned char*):
mov eax, QWORD PTR [rdi]
xor QWORD PTR [rsi], eax
mov eax, QWORD PTR [rdi+8]
xor QWORD PTR [rsi+8], eax
xorBlock:
mov rax, QWORD PTR [rdi]
xor QWORD PTR [rsi], rax
mov rax, QWORD PTR [rdi+8]
xor QWORD PTR [rsi+8], rax
ret
quad_xtime(unsigned int*):
quad_xtime:
mov edx, DWORD PTR [rdi]
mov eax, edx
add edx, edx
@@ -83,7 +87,7 @@ quad_xtime(unsigned int*):
xor eax, edx
mov DWORD PTR [rdi], eax
ret
KeyExpansion(unsigned char const*):
KeyExpansion:
movups xmm0, XMMWORD PTR [rdi]
mov eax, 16
mov dl, 1
@@ -122,7 +126,7 @@ KeyExpansion(unsigned char const*):
cmp rax, 176
jne .L7
ret
SubBytes(unsigned char*):
SubBytes:
xor eax, eax
.L12:
movzx edx, BYTE PTR [rdi+rax]
@@ -132,7 +136,7 @@ SubBytes(unsigned char*):
cmp rax, 16
jne .L12
ret
ShiftRows(unsigned char (*) [4][4]):
ShiftRows:
mov dl, BYTE PTR [rdi+5]
mov al, BYTE PTR [rdi+1]
mov BYTE PTR [rdi+1], dl
@@ -158,7 +162,7 @@ ShiftRows(unsigned char (*) [4][4]):
mov BYTE PTR [rdi+7], al
mov BYTE PTR [rdi+11], dl
ret
MixColumns(unsigned char (*) [4][4]):
MixColumns:
lea r8, [rdi+16]
.L16:
mov eax, DWORD PTR [rdi]
@@ -171,7 +175,7 @@ MixColumns(unsigned char (*) [4][4]):
rol ecx, 8
mov DWORD PTR [rdi], eax
xor ecx, edx
call quad_xtime(unsigned int*)
call quad_xtime
xor ecx, DWORD PTR [rdi]
add rdi, 4
xor ecx, esi
@@ -179,7 +183,7 @@ MixColumns(unsigned char (*) [4][4]):
cmp rdi, r8
jne .L16
ret
rijndaelEncrypt(unsigned char const*, unsigned char*):
rijndaelEncrypt:
mov r9, rsi
push rdx
cmp rsi, rdi
@@ -192,19 +196,19 @@ rijndaelEncrypt(unsigned char const*, unsigned char*):
mov rdi, r10
mov rsi, r9
add r10, 16
call xorBlock(unsigned char const*, unsigned char*)
call xorBlock
mov rdi, r9
call SubBytes(unsigned char*)
call ShiftRows(unsigned char (*) [4][4])
call SubBytes
call ShiftRows
cmp r10, OFFSET FLAT:RoundKey+160
je .L20
call MixColumns(unsigned char (*) [4][4])
call MixColumns
jmp .L21
.L20:
mov edi, OFFSET FLAT:RoundKey+160
pop rax
jmp xorBlock(unsigned char const*, unsigned char*)
InvSubBytes(unsigned char*):
jmp xorBlock
InvSubBytes:
xor eax, eax
.L24:
movzx edx, BYTE PTR [rdi+rax]
@@ -214,7 +218,7 @@ InvSubBytes(unsigned char*):
cmp rax, 16
jne .L24
ret
InvShiftRows(unsigned char (*) [4][4]):
InvShiftRows:
mov dl, BYTE PTR [rdi+9]
mov al, BYTE PTR [rdi+13]
mov BYTE PTR [rdi+13], dl
@@ -240,18 +244,18 @@ InvShiftRows(unsigned char (*) [4][4]):
mov BYTE PTR [rdi+15], al
mov BYTE PTR [rdi+11], dl
ret
InvMixColumns(unsigned char (*) [4][4]):
InvMixColumns:
mov rcx, rdi
lea rsi, [rdi+16]
.L28:
mov rdi, rcx
mov r8d, DWORD PTR [rcx]
add rcx, 4
call quad_xtime(unsigned int*)
call quad_xtime
mov r10d, DWORD PTR [rcx-4]
call quad_xtime(unsigned int*)
call quad_xtime
mov r9d, DWORD PTR [rcx-4]
call quad_xtime(unsigned int*)
call quad_xtime
mov edx, DWORD PTR [rcx-4]
mov eax, r10d
mov edi, r8d
@@ -280,7 +284,7 @@ InvMixColumns(unsigned char (*) [4][4]):
cmp rsi, rcx
jne .L28
ret
rijndaelDecrypt(unsigned char const*, unsigned char*):
rijndaelDecrypt:
push rbp
mov r11, rsi
push rbx
@@ -296,20 +300,20 @@ rijndaelDecrypt(unsigned char const*, unsigned char*):
cmp bl, 10
je .L32
mov rdi, r11
call InvMixColumns(unsigned char (*) [4][4])
call InvMixColumns
jmp .L33
.L32:
mov rsi, r11
mov edi, OFFSET FLAT:RoundKey+160
call xorBlock(unsigned char const*, unsigned char*)
call xorBlock
.L33:
mov rdi, r11
mov rsi, r11
call InvShiftRows(unsigned char (*) [4][4])
call InvSubBytes(unsigned char*)
call InvShiftRows
call InvSubBytes
mov rdi, rbp
sub rbp, 16
call xorBlock(unsigned char const*, unsigned char*)
call xorBlock
dec bl
jne .L34
pop rax