Cyclic0007/micro-AES
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added OCB & Poly1305 test vectors

Browse Source
This commit is contained in:
polfosol
2022-11-09 18:15:14 +03:30
parent 4dea365380
commit 7eae3893a2
12 changed files with 1384 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
main.c
View File

@@ -2,7 +2,7 @@
==============================================================================
Name : main.c
Author : polfosol
Version : 9.5.0.0
Version : 9.5.1.2
Copyright : copyright © 2022 - polfosol
Description : test vectors for µAES ™ library, mostly generated by Crypto++ ®
==============================================================================

27
micro_aes.c
View File

@@ -2,7 +2,7 @@
==============================================================================
Name : micro_aes.c
Author : polfosol
Version : 9.5.1.0
Version : 9.5.1.2
Copyright : copyright © 2022 - polfosol
Description : ANSI-C compatible implementation of µAES ™ library.
==============================================================================
@@ -1784,22 +1784,23 @@ static void OCB_Cipher( const uint8_t* nonce, fmix_t cipher,
const void* input, const size_t dataSize,
block_t Ls, block_t Ld, block_t Del, void* output )
{
uint8_t Kt[2 * BLOCKSIZE] = { OCB_TAG_LEN << 4 & 0xFF, 0, 0, 1 };
uint8_t kt[2 * BLOCKSIZE] = { OCB_TAG_LEN << 4 & 0xFF };
uint8_t r, *y = output;
count_t i, n;
memcpy( output, input, dataSize ); /* copy input data to output */
n = nonce[11] % 64 >> 3;
r = nonce[11] % 8; /* take last 6 bits of nonce */
memcpy( Kt + 4, nonce, 12 );
Kt[BLOCKSIZE - 1] &= 0xC0; /* clear last 6 bits */
memcpy( kt + 16 - OCB_NONCE_LEN, nonce, OCB_NONCE_LEN );
kt[BLOCKSIZE - OCB_NONCE_LEN - 1] |= 1;
n = nonce[OCB_NONCE_LEN - 1] % 64 >> 3;
r = nonce[OCB_NONCE_LEN - 1] % 8; /* take last 6 bits of nonce */
kt[BLOCKSIZE - 1] &= 0xC0; /* clear last 6 bits */
rijndaelEncrypt( Kt, Kt ); /* construct K_top */
memcpy( Kt + BLOCKSIZE, Kt + 1, 8 ); /* stretch K_top */
xorBlock( Kt, Kt + BLOCKSIZE );
rijndaelEncrypt( kt, kt ); /* construct K_top */
memcpy( kt + BLOCKSIZE, kt + 1, 8 ); /* stretch K_top */
xorBlock( kt, kt + BLOCKSIZE );
for (i = 0; i < BLOCKSIZE; ++n) /* shift the stretched K_top */
{
Kt[i++] = Kt[n] << r | Kt[n + 1] >> (8 - r);
kt[i++] = kt[n] << r | kt[n + 1] >> (8 - r);
}
n = dataSize / BLOCKSIZE;
r = dataSize % BLOCKSIZE;
@@ -1809,11 +1810,11 @@ static void OCB_Cipher( const uint8_t* nonce, fmix_t cipher,
doubleGF128B( Ld ); /* L_$ = double(L_*) */
if (n == 0) /* processed nonce is Δ_0 */
{
memcpy( Del, Kt, BLOCKSIZE ); /* initialize Δ_0 */
memcpy( Del, kt, BLOCKSIZE ); /* initialize Δ_0 */
}
for (i = 0; i < n; y += BLOCKSIZE)
{
memcpy( Del, Kt, BLOCKSIZE ); /* calculate Δ_i using my */
memcpy( Del, kt, BLOCKSIZE ); /* calculate Δ_i using my */
OffsetB( Ld, ++i, Del ); /* .. 'magic' algorithm */
xorBlock( Del, y );
cipher( y, y ); /* Y = Δ_i ^ Cipher(Δ_i ^ X) */
@@ -1822,7 +1823,7 @@ static void OCB_Cipher( const uint8_t* nonce, fmix_t cipher,
if (r) /* Δ_* = Δ_n ^ L_* and then */
{ /* Y_* = Enc(Δ_*) ^ X */
xorBlock( Ls, Del );
mixThenXor( Del, &rijndaelEncrypt, Kt, y, r, y );
mixThenXor( Del, &rijndaelEncrypt, kt, y, r, y );
Del[r] ^= 0x80; /* pad it for checksum */
}
}

7
micro_aes.h
View File

@@ -2,7 +2,7 @@
==============================================================================
Name : micro_aes.h
Author : polfosol
Version : 9.5.0.0
Version : 9.5.1.2
Copyright : copyright © 2022 - polfosol
Description : μAES ™ is a minimalist all-in-one library for AES encryption
==============================================================================
@@ -106,6 +106,7 @@ Refer to the BOTTOM OF THIS DOCUMENT for some explanations about these macros:
#endif
#if OCB
#define OCB_NONCE_LEN 12 /* RECOMMENDED. must be positive and less than 16. */
#define OCB_TAG_LEN 16 /* again, please see the bottom of this document! */
#endif
@@ -462,8 +463,8 @@ The error codes and key length should be defined here for external references:
> In AEAD modes, the size of nonce and tag might be a parameter of the algorithm
such that changing them affect the results. The GCM/EAX modes support
arbitrary sizes for nonce. In CCM, the nonce length may vary from 8 to 13
bytes. Also the tag size is an EVEN number between 4..16. In OCB, only the
tag size is a parameter between 0..16 bytes. Note that the 'calculated' tag
bytes. Also the tag size is an EVEN number between 4..16. In OCB, the nonce
size is 1..15 and the tag is 0..16 bytes. Note that the 'calculated' tag-
size is always 16 bytes which can later be truncated to desired values. So
in encryption functions, the provided authTag buffer must be 16 bytes long.

2
testvectors/CCMtest.c
View File

@@ -50,7 +50,7 @@ static int ciphertest(uint8_t* key, uint8_t* iv, uint8_t* p, uint8_t* a, uint8_t
t = 1;
}
memset(tmp, 0xcc , sizeof tmp);
t |= AES_CCM_decrypt(key, iv, c, np, a, na, c + np, CCM_TAG_LEN, tmp) ? 2 : 0;
t |= AES_CCM_decrypt(key, iv, c, np, a, na, CCM_TAG_LEN, tmp) ? 2 : 0;
if (t > 1)
{
sprintf(msg, "%sdecrypt failure", t & 1 ? "encrypt & " : "");

2
testvectors/GCMtest.c
View File

@@ -51,7 +51,7 @@ static int ciphertest(uint8_t* key, uint8_t* iv, uint8_t* p, uint8_t* a, uint8_t
t = 1;
}
memset(tmp, 0xcc , sizeof tmp);
t |= AES_GCM_decrypt(key, iv, c, np, a, na, c + np, nt, tmp) ? 2 : 0;
t |= AES_GCM_decrypt(key, iv, c, np, a, na, nt, tmp) ? 2 : 0;
if (t > 1)
{
sprintf(msg, "%sdecrypt failure", t & 1 ? "encrypt & " : "");

218
testvectors/OCB_AES128.tv Normal file
View File

@@ -0,0 +1,218 @@
#
# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# Tests start with one of these keywords
# Cipher Decrypt Derive Digest Encoding KDF MAC PBE
# PrivPubKeyPair Sign Verify VerifyRecover
# and continue until a blank line. Lines starting with a pound sign,
# like this prolog, are ignored.
# DES EDE3 CFB1
# echo -n "Hello World" |
# apps/openssl enc -des-ede3-cfb1 \
# -K 000102030405060708090A0B0C0D0E0F1011121314151617 -iv 0001020304050607 |
# xxd -ps -u
#AES OCB Test vectors
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD =
Tag = 197B9C3C441D3C83EAFB2BEF633B9182
Plaintext =
Ciphertext =
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 0001020304050607
Tag = 16DC76A46D47E1EAD537209E8A96D14E
Plaintext = 0001020304050607
Ciphertext = 92B657130A74B85A
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 0001020304050607
Tag = 98B91552C8C009185044E30A6EB2FE21
Plaintext =
Ciphertext =
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD =
Tag = 971EFFCAE19AD4716F88E87B871FBEED
Plaintext = 0001020304050607
Ciphertext = 92B657130A74B85A
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F
Tag = 776C9924D6723A1FC4524532AC3E5BEB
Plaintext = 000102030405060708090A0B0C0D0E0F
Ciphertext = BEA5E8798DBE7110031C144DA0B26122
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F
Tag = 7DDB8E6CEA6814866212509619B19CC6
Plaintext =
Ciphertext =
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD =
Tag = 13CC8B747807121A4CBB3E4BD6B456AF
Plaintext = 000102030405060708090A0B0C0D0E0F
Ciphertext = BEA5E8798DBE7110031C144DA0B26122
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F1011121314151617
Tag = 5FA94FC3F38820F1DC3F3D1FD4E55E1C
Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617
Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F1011121314151617
Tag = 282026DA3068BC9FA118681D559F10F6
Plaintext =
Ciphertext =
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD =
Tag = 6EF2F52587FDA0ED97DC7EEDE241DF68
Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617
Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
Tag = B2A040DD3BD5164372D76D7BB6824240
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
Tag = E1E072633BADE51A60E85951D9C42A1B
Plaintext =
Ciphertext =
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD =
Tag = 4A3BAE824465CFDAF8C41FC50C7DF9D9
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
Tag = 659C623211DEEA0DE30D2C381879F4C8
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
Tag = 7AEB7A69A1687DD082CA27B0D9A37096
Plaintext =
Ciphertext =
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD =
Tag = 060C8467F4ABAB5E8B3C2067A2E115DC
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635
#AES OCB Non standard test vectors - generated from reference implementation
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
Tag = 1b6c44f34e3abb3cbf8976e7
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
Ciphertext = 09a4fd29de949d9a9aa9924248422097ad4883b4713e6c214ff6567ada08a96766fc4e2ee3e3a5a1
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B0C0D0E
AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
Tag = 1ad62009901f40cba7cd7156f94a7324
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
Ciphertext = 5e2fa7367ffbdb3938845cfd415fcc71ec79634eb31451609d27505f5e2978f43c44213d8fa441ee
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
Tag = C203F98CE28F7DAD3F31C021
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031
Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C822D6
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
Tag = 8346D7D47C5D893ED472F5AB
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F4041
Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F714FF
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
Tag = 5822A9A70FDF55D29D2984A6
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F5051
Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB8294170634D
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
Tag = 81772B6741ABB4ECA9D2DEB2
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F6061
Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7050FAA
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
Tag = 3E52A01D068DE85456DB03B7
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071
Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7051CB4824B8114E9A720CBC1CE0185B156B486
Cipher = aes-128-ocb
Key = 000102030405060708090A0B0C0D0E0F
IV = 000102030405060708090A0B
AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627
Tag = 3E52A01D068DE85456DB03B6
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071
Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7051CB4824B8114E9A720CBC1CE0185B156B486
Operation = DECRYPT
Result = CIPHERFINAL_ERROR

157
testvectors/OCBtest.c Normal file
View File

@@ -0,0 +1,157 @@
/*
==============================================================================
Name : OCBtest.c
Author : polfosol
Version : 1.0.7.0
Copyright : copyright © 2022 - polfosol
Description : illustrating how the OpenSSL's vectors for AES-OCB mode are used
==============================================================================
*/
#include <stdio.h>
#include "../micro_aes.h"
#define TESTFILEPATH "OCB_AES128.tv"
static void str2bytes(const char* str, uint8_t* bytes)
#define char2num(c) (c > '9' ? (c & 7) + 9 : c & 0xF)
{
size_t i, j;
for (i = 0, j = ~0; str[i]; ++i)
{
if (str[i] < '0' || str[i] > 'f') continue;
if (j++ & 1) bytes[j / 2] = char2num(str[i]) << 4;
else bytes[j / 2] |= char2num(str[i]);
}
}
static void bytes2str(const uint8_t* bytes, char* str, size_t len)
#define num2char(x) ((x) > 9 ? 'a' - 10 + (x) : '0' + (x))
{
size_t i, j;
for (i = 0, j = 0; i < len; ++i)
{
str[j++] = num2char(bytes[i] >> 4);
str[j++] = num2char(bytes[i] & 15);
}
str[j] = 0;
}
static int ciphertest(uint8_t* key, uint8_t* iv, uint8_t* p, uint8_t* a, uint8_t* c,
uint8_t np, uint8_t na, uint8_t er, char* r)
{
char sk[70], si[30], sp[0x100], sc[0x100], sa[0x100], msg[30];
uint8_t tmp[0x90], t = 0;
sprintf(msg, "%s", "success");
AES_OCB_encrypt(key, iv, p, np, a, na, tmp, tmp + np);
if (memcmp(c, tmp, np + OCB_TAG_LEN) && er < 7)
{
sprintf(msg, "%s", "encrypt failure");
t = 1;
}
memset(tmp, 0xcc , sizeof tmp);
t |= 2 * (AES_OCB_decrypt(key, iv, c, np, a, na, OCB_TAG_LEN, tmp) && er < 7);
if (t > 1)
{
sprintf(msg, "%sdecrypt failure", t & 1 ? "encrypt & " : "");
}
bytes2str(key, sk, AES_KEY_LENGTH);
bytes2str(iv, si, OCB_NONCE_LEN);
bytes2str(p, sp, np);
bytes2str(a, sa, na);
bytes2str(c, sc, np + OCB_TAG_LEN);
sprintf(r, "%s\nK: %s\ni: %s\nP: %s\nA: %s\nC: %s", msg, sk, si, sp, sa, sc);
return t;
}
int main()
{
const char *linehdr[] =
{ "Key = ", "IV = ", "AAD = ", "Plaintext = ", "Ciphertext = ", "Tag = ", "Result = " };
char buffer[0x800], *value = "";
size_t i, n = 0, pass = 0, df = 0, ef = 0, sp = 0, sa = 0, sn = 0, st = 0, first = 1;
uint8_t key[AES_KEY_LENGTH], tmp[AES_KEY_LENGTH], iv[OCB_NONCE_LEN];
uint8_t p[0x80], c[0x90], a[0x80], t[16];
FILE *fp, *fs, *ferr;
fp = fopen(TESTFILEPATH, "r");
fs = fopen("passed.log", "w");
ferr = fopen("failed.log", "w");
if (fp == NULL)
{
printf("File not found: %s\n", TESTFILEPATH);
return 1;
}
if (!fs || !ferr) return 1;
while (fgets(buffer, sizeof buffer, fp) != NULL)
{
buffer[strcspn(buffer, "\n")] = 0;
if (strlen(buffer) < 4) continue;
for (i = 0; i < 7; i++)
{
if (strncmp(buffer, linehdr[i], strlen(linehdr[i])) == 0)
{
value = strrchr(buffer, ' ') + 1;
break;
}
}
switch (i)
{
case 0:
str2bytes(value, tmp);
break;
case 1:
sn = strlen(value) / 2;
str2bytes(value, iv);
break;
case 2:
sa = strlen(value) / 2;
str2bytes(value, a);
break;
case 3:
sp = strlen(value) / 2;
str2bytes(value, p);
break;
case 4:
str2bytes(value, c);
break;
case 5:
st = strlen(value) / 2;
str2bytes(value, t);
break;
case 6:
i = strstr(value, "ERROR") - value;
i = 7 + (i > 0 && i < 0x100);
break;
}
if (i == 0 || i > 7)
{
if (!first && sn == OCB_NONCE_LEN && st == OCB_TAG_LEN)
{
memcpy(c + sp, t, OCB_TAG_LEN); /* put tag at the end */
n = ciphertest(key, iv, p, a, c, sp, sa, i, buffer);
fprintf(n ? ferr : fs, "%s\n", buffer); /* save the log */
if (n == 0) ++pass;
else
{
if (n & 1) ++ef;
if (n & 2) ++df;
}
}
memcpy(key, tmp, sizeof key);
first = n = 0;
}
}
printf ("test cases: %d\nsuccessful: %d\nfailed encrypt: %d, failed decrypt: %d\n",
pass + ef + df, pass, ef, df);
fclose(fp); fclose(fs); fclose(ferr);
if (ef + df == 0)
{
remove("passed.log"); remove("failed.log");
}
return 0;
}

46
testvectors/OCBtest.cbp Normal file
View File

@@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<CodeBlocks_project_file>
<FileVersion major="1" minor="6" />
<Project>
<Option title="OCBtest" />
<Option pch_mode="2" />
<Option compiler="gcc" />
<Build>
<Target title="Debug">
<Option output="bin/Debug/testvecs" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/Debug/" />
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-pedantic" />
<Add option="-g" />
<Add option="-ansi" />
</Compiler>
</Target>
<Target title="Release">
<Option output="bin/Release/testvecs" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/Release/" />
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-O2" />
<Add option="-pedantic" />
<Add option="-ansi" />
</Compiler>
<Linker>
<Add option="-s" />
</Linker>
</Target>
</Build>
<Unit filename="../micro_aes.c">
<Option compilerVar="CC" />
</Unit>
<Unit filename="../micro_aes.h" />
<Unit filename="OCBtest.c">
<Option compilerVar="CC" />
</Unit>
<Extensions>
<lib_finder disable_auto="1" />
</Extensions>
</Project>
</CodeBlocks_project_file>

771
testvectors/Poly1305AES128.tv Normal file
View File

File diff suppressed because one or more lines are too long

124
testvectors/Poly1305test.c Normal file
View File

@@ -0,0 +1,124 @@
/*
==============================================================================
Name : Poly1305test.c
Author : polfosol
Version : 1.0.0.2
Copyright : copyright © 2022 - polfosol
Description : illustrating how the test vectors of Poly1305-AES are processed
==============================================================================
*/
#include <stdio.h>
#include "../micro_aes.h"
#define TESTFILEPATH "Poly1305AES128.tv"
static void str2bytes(const char* str, uint8_t* bytes)
#define char2num(c) (c > '9' ? (c & 7) + 9 : c & 0xF)
{
size_t i, j;
for (i = 0, j = ~0; str[i]; ++i)
{
if (str[i] < '0' || str[i] > 'f') continue;
if (j++ & 1) bytes[j / 2] = char2num(str[i]) << 4;
else bytes[j / 2] |= char2num(str[i]);
}
}
static void bytes2str(const uint8_t* bytes, char* str, size_t len)
#define num2char(x) ((x) > 9 ? 'a' - 10 + (x) : '0' + (x))
{
size_t i, j;
for (i = 0, j = 0; i < len; ++i)
{
str[j++] = num2char(bytes[i] >> 4);
str[j++] = num2char(bytes[i] & 15);
}
str[j] = 0;
}
static int ciphertest(uint8_t* key, uint8_t* nnc, uint8_t* d, uint8_t* m, size_t ds, char* r)
{
char sk[40], smac[40], msg[30];
uint8_t tmp[32], t = 0;
sprintf(msg, "%s", "success");
AES_Poly1305(key, nnc, d, ds, tmp);
t = memcmp(m, tmp, 16);
if (t) sprintf(msg, "%s", "failed");
bytes2str(key, sk, 16);
bytes2str(m, smac, 16);
sprintf(r, "%s\nK: %s\npoly: %s\n", msg, sk, smac);
return t;
}
int main()
{
const char *linehdr[] = { "Keys = ", "Nonce = ", "Msg = ", "PolyMac = " };
char buffer[0x20100], *value = "";
size_t i, n = 0, pass = 0, nf = 0, sd = 0;
uint8_t key[32], nc[16], d[0x10100], m[32];
FILE *fp, *fs, *ferr;
fp = fopen(TESTFILEPATH, "r");
fs = fopen("passed.log", "w");
ferr = fopen("failed.log", "w");
if (fp == NULL)
{
printf("File not found: %s\n", TESTFILEPATH);
return 1;
}
if (!fs || !ferr) return 1;
while (fgets(buffer, sizeof buffer, fp) != NULL)
{
buffer[strcspn(buffer, "\n")] = 0;
if (strlen(buffer) < 4 || !strcspn(buffer, "=")) continue;
for (i = 0; i < 4; i++)
{
if (strncmp(buffer, linehdr[i], strlen(linehdr[i])) == 0)
{
value = strrchr(buffer, ' ') + 1;
break;
}
}
switch (i)
{
case 0:
str2bytes(value, key);
break;
case 1:
str2bytes(value, nc);
break;
case 2:
sd = strlen(value) / 2;
str2bytes(value, d);
++n;
break;
case 3:
str2bytes(value, m);
++n;
break;
default:
continue;
}
if (n == 2)
{
n = ciphertest(key, nc, d, m, sd, buffer);
fprintf(n ? ferr : fs, "%s\n", buffer); /* save the log */
if (n == 0) ++pass;
else n = !++nf;
}
}
printf ("test cases: %d\nsuccessful: %d\nfailed: %d\n", pass + nf, pass, nf);
fclose(fp); fclose(fs); fclose(ferr);
if (nf == 0)
{
remove("passed.log"); remove("failed.log");
}
return 0;
}

46
testvectors/Poly1305test.cbp Normal file
View File

@@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<CodeBlocks_project_file>
<FileVersion major="1" minor="6" />
<Project>
<Option title="Poly1305test" />
<Option pch_mode="2" />
<Option compiler="gcc" />
<Build>
<Target title="Debug">
<Option output="bin/Debug/testvecs" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/Debug/" />
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-pedantic" />
<Add option="-g" />
<Add option="-ansi" />
</Compiler>
</Target>
<Target title="Release">
<Option output="bin/Release/testvecs" prefix_auto="1" extension_auto="1" />
<Option object_output="obj/Release/" />
<Option type="1" />
<Option compiler="gcc" />
<Compiler>
<Add option="-O2" />
<Add option="-pedantic" />
<Add option="-ansi" />
</Compiler>
<Linker>
<Add option="-s" />
</Linker>
</Target>
</Build>
<Unit filename="../micro_aes.c">
<Option compilerVar="CC" />
</Unit>
<Unit filename="../micro_aes.h" />
<Unit filename="Poly1305test.c">
<Option compilerVar="CC" />
</Unit>
<Extensions>
<lib_finder disable_auto="1" />
</Extensions>
</Project>
</CodeBlocks_project_file>

2
testvectors/README.md
View File

@@ -1,6 +1,6 @@
### Testing µAES
---
This folder contains some of the NIST's official [CAVP](https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/cavp-testing-block-cipher-modes) test vectors. The `*.rsp` files are courtesy of the NIST. Some sample codes are provided alongside them to illustrate how they are used.
This folder contains some of the NIST's official [CAVP](https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/cavp-testing-block-cipher-modes) test vectors. The `*.rsp` files are courtesy of the NIST. Some sample codes are provided alongside them to illustrate how they are used. The test vectors of OCB mode are borrowed from [OpenSSL](https://github.com/openssl/openssl/blob/5a7bc0be97dee9ac715897fe8180a08e211bc6ea/test/evpciph.txt).
Also in the `main.c` file of parent directory, you will find some other test vectors that are either generated by the [Crypto++®](https://www.cryptopp.com) library or taken from various online documents. Please let me know if you faced any issues in verifying them.