1/* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 * 3 * LibTomCrypt is a library that provides various cryptographic 4 * algorithms in a highly modular and flexible manner. 5 * 6 * The library is free for all purposes without any express 7 * guarantee it works. 8 * 9 * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com 10 */ 11 12/** 13 @file ocb_test.c 14 OCB implementation, self-test by Tom St Denis 15*/ 16#include "tomcrypt.h" 17 18#ifdef OCB_MODE 19 20/** 21 Test the OCB protocol 22 @return CRYPT_OK if successful 23*/ 24int ocb_test(void) 25{ 26#ifndef LTC_TEST 27 return CRYPT_NOP; 28#else 29 static const struct { 30 int ptlen; 31 unsigned char key[16], nonce[16], pt[34], ct[34], tag[16]; 32 } tests[] = { 33 34 /* OCB-AES-128-0B */ 35{ 36 0, 37 /* key */ 38 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 39 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, 40 /* nonce */ 41 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 42 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, 43 /* pt */ 44 { 0 }, 45 /* ct */ 46 { 0 }, 47 /* tag */ 48 { 0x15, 0xd3, 0x7d, 0xd7, 0xc8, 0x90, 0xd5, 0xd6, 49 0xac, 0xab, 0x92, 0x7b, 0xc0, 0xdc, 0x60, 0xee }, 50}, 51 52 53 /* OCB-AES-128-3B */ 54{ 55 3, 56 /* key */ 57 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 58 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, 59 /* nonce */ 60 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 61 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, 62 /* pt */ 63 { 0x00, 0x01, 0x02 }, 64 /* ct */ 65 { 0xfc, 0xd3, 0x7d }, 66 /* tag */ 67 { 0x02, 0x25, 0x47, 0x39, 0xa5, 0xe3, 0x56, 0x5a, 68 0xe2, 0xdc, 0xd6, 0x2c, 0x65, 0x97, 0x46, 0xba }, 69}, 70 71 /* OCB-AES-128-16B */ 72{ 73 16, 74 /* key */ 75 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 76 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, 77 /* nonce */ 78 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 79 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, 80 /* pt */ 81 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 82 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, 83 /* ct */ 84 { 0x37, 0xdf, 0x8c, 0xe1, 0x5b, 0x48, 0x9b, 0xf3, 85 0x1d, 0x0f, 0xc4, 0x4d, 0xa1, 0xfa, 0xf6, 0xd6 }, 86 /* tag */ 87 { 0xdf, 0xb7, 0x63, 0xeb, 0xdb, 0x5f, 0x0e, 0x71, 88 0x9c, 0x7b, 0x41, 0x61, 0x80, 0x80, 0x04, 0xdf }, 89}, 90 91 /* OCB-AES-128-20B */ 92{ 93 20, 94 /* key */ 95 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 96 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, 97 /* nonce */ 98 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 99 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, 100 /* pt */ 101 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 102 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 103 0x10, 0x11, 0x12, 0x13 }, 104 /* ct */ 105 { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4, 106 0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb, 107 0x70, 0x03, 0xeb, 0x55}, 108 /* tag */ 109 { 0x75, 0x30, 0x84, 0x14, 0x4e, 0xb6, 0x3b, 0x77, 110 0x0b, 0x06, 0x3c, 0x2e, 0x23, 0xcd, 0xa0, 0xbb }, 111}, 112 113 /* OCB-AES-128-32B */ 114{ 115 32, 116 /* key */ 117 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 118 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, 119 /* nonce */ 120 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 121 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, 122 /* pt */ 123 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 124 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 125 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 126 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, 127 /* ct */ 128 { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4, 129 0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb, 130 0x4a, 0xfc, 0xbb, 0x7f, 0xed, 0xc0, 0x8c, 0xa8, 131 0x65, 0x4c, 0x6d, 0x30, 0x4d, 0x16, 0x12, 0xfa }, 132 133 /* tag */ 134 { 0xc1, 0x4c, 0xbf, 0x2c, 0x1a, 0x1f, 0x1c, 0x3c, 135 0x13, 0x7e, 0xad, 0xea, 0x1f, 0x2f, 0x2f, 0xcf }, 136}, 137 138 /* OCB-AES-128-34B */ 139{ 140 34, 141 /* key */ 142 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 143 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, 144 /* nonce */ 145 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 146 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, 147 /* pt */ 148 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 149 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 150 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 151 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 152 0x20, 0x21 }, 153 /* ct */ 154 { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4, 155 0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb, 156 0xd4, 0x90, 0x3d, 0xd0, 0x02, 0x5b, 0xa4, 0xaa, 157 0x83, 0x7c, 0x74, 0xf1, 0x21, 0xb0, 0x26, 0x0f, 158 0xa9, 0x5d }, 159 160 /* tag */ 161 { 0xcf, 0x83, 0x41, 0xbb, 0x10, 0x82, 0x0c, 0xcf, 162 0x14, 0xbd, 0xec, 0x56, 0xb8, 0xd7, 0xd6, 0xab }, 163}, 164 165}; 166 167 int err, x, idx, res; 168 unsigned long len; 169 unsigned char outct[MAXBLOCKSIZE], outtag[MAXBLOCKSIZE]; 170 171 /* AES can be under rijndael or aes... try to find it */ 172 if ((idx = find_cipher("aes")) == -1) { 173 if ((idx = find_cipher("rijndael")) == -1) { 174 return CRYPT_NOP; 175 } 176 } 177 178 for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) { 179 len = sizeof(outtag); 180 if ((err = ocb_encrypt_authenticate_memory(idx, tests[x].key, 16, 181 tests[x].nonce, tests[x].pt, tests[x].ptlen, outct, outtag, &len)) != CRYPT_OK) { 182 return err; 183 } 184 185 if (XMEMCMP(outtag, tests[x].tag, len) || XMEMCMP(outct, tests[x].ct, tests[x].ptlen)) { 186#if 0 187 unsigned long y; 188 printf("\n\nFailure: \nCT:\n"); 189 for (y = 0; y < (unsigned long)tests[x].ptlen; ) { 190 printf("0x%02x", outct[y]); 191 if (y < (unsigned long)(tests[x].ptlen-1)) printf(", "); 192 if (!(++y % 8)) printf("\n"); 193 } 194 printf("\nTAG:\n"); 195 for (y = 0; y < len; ) { 196 printf("0x%02x", outtag[y]); 197 if (y < len-1) printf(", "); 198 if (!(++y % 8)) printf("\n"); 199 } 200#endif 201 return CRYPT_FAIL_TESTVECTOR; 202 } 203 204 if ((err = ocb_decrypt_verify_memory(idx, tests[x].key, 16, tests[x].nonce, outct, tests[x].ptlen, 205 outct, tests[x].tag, len, &res)) != CRYPT_OK) { 206 return err; 207 } 208 if ((res != 1) || XMEMCMP(tests[x].pt, outct, tests[x].ptlen)) { 209#if 0 210 unsigned long y; 211 printf("\n\nFailure-decrypt: \nPT:\n"); 212 for (y = 0; y < (unsigned long)tests[x].ptlen; ) { 213 printf("0x%02x", outct[y]); 214 if (y < (unsigned long)(tests[x].ptlen-1)) printf(", "); 215 if (!(++y % 8)) printf("\n"); 216 } 217 printf("\nres = %d\n\n", res); 218#endif 219 } 220 } 221 return CRYPT_OK; 222#endif /* LTC_TEST */ 223} 224 225#endif /* OCB_MODE */ 226 227 228/* some comments 229 230 -- it's hard to seek 231 -- hard to stream [you can't emit ciphertext until full block] 232 -- The setup is somewhat complicated... 233*/ 234 235/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_test.c,v $ */ 236/* $Revision: 1.5 $ */ 237/* $Date: 2006/11/01 09:28:17 $ */ 238