1 /*
2 * Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the License); you may
5 * not use this file except in compliance with the License.
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 */
9
10
11
12 #include <stdio.h>
13 #include <string.h>
14 #include <stdlib.h>
15 #include <gmssl/aes.h>
16 #include <gmssl/hex.h>
17 #include <gmssl/error.h>
18
19
test_aes(void)20 int test_aes(void)
21 {
22 AES_KEY aes_key;
23 int i;
24
25 /* test 1 */
26 uint8_t key128[16] = {
27 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
28 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
29 };
30 uint32_t rk128[4 * 11] = {
31 0x2b7e1516, 0x28aed2a6, 0xabf71588, 0x09cf4f3c,
32 0xa0fafe17, 0x88542cb1, 0x23a33939, 0x2a6c7605,
33 0xf2c295f2, 0x7a96b943, 0x5935807a, 0x7359f67f,
34 0x3d80477d, 0x4716fe3e, 0x1e237e44, 0x6d7a883b,
35 0xef44a541, 0xa8525b7f, 0xb671253b, 0xdb0bad00,
36 0xd4d1c6f8, 0x7c839d87, 0xcaf2b8bc, 0x11f915bc,
37 0x6d88a37a, 0x110b3efd, 0xdbf98641, 0xca0093fd,
38 0x4e54f70e, 0x5f5fc9f3, 0x84a64fb2, 0x4ea6dc4f,
39 0xead27321, 0xb58dbad2, 0x312bf560, 0x7f8d292f,
40 0xac7766f3, 0x19fadc21, 0x28d12941, 0x575c006e,
41 0xd014f9a8, 0xc9ee2589, 0xe13f0cc8, 0xb6630ca6,
42 };
43
44 /* test 2 */
45 uint8_t key192[24] = {
46 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
47 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
48 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b,
49 };
50 uint32_t rk192[4 * 13] = {
51 0x8e73b0f7, 0xda0e6452, 0xc810f32b, 0x809079e5,
52 0x62f8ead2, 0x522c6b7b, 0xfe0c91f7, 0x2402f5a5,
53 0xec12068e, 0x6c827f6b, 0x0e7a95b9, 0x5c56fec2,
54 0x4db7b4bd, 0x69b54118, 0x85a74796, 0xe92538fd,
55 0xe75fad44, 0xbb095386, 0x485af057, 0x21efb14f,
56 0xa448f6d9, 0x4d6dce24, 0xaa326360, 0x113b30e6,
57 0xa25e7ed5, 0x83b1cf9a, 0x27f93943, 0x6a94f767,
58 0xc0a69407, 0xd19da4e1, 0xec1786eb, 0x6fa64971,
59 0x485f7032, 0x22cb8755, 0xe26d1352, 0x33f0b7b3,
60 0x40beeb28, 0x2f18a259, 0x6747d26b, 0x458c553e,
61 0xa7e1466c, 0x9411f1df, 0x821f750a, 0xad07d753,
62 0xca400538, 0x8fcc5006, 0x282d166a, 0xbc3ce7b5,
63 0xe98ba06f, 0x448c773c, 0x8ecc7204, 0x01002202,
64 };
65
66 /* test 3 */
67 uint8_t key256[32] = {
68 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
69 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
70 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
71 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
72 };
73 uint32_t rk256[4 * 15] = {
74 0x603deb10, 0x15ca71be, 0x2b73aef0, 0x857d7781,
75 0x1f352c07, 0x3b6108d7, 0x2d9810a3, 0x0914dff4,
76 0x9ba35411, 0x8e6925af, 0xa51a8b5f, 0x2067fcde,
77 0xa8b09c1a, 0x93d194cd, 0xbe49846e, 0xb75d5b9a,
78 0xd59aecb8, 0x5bf3c917, 0xfee94248, 0xde8ebe96,
79 0xb5a9328a, 0x2678a647, 0x98312229, 0x2f6c79b3,
80 0x812c81ad, 0xdadf48ba, 0x24360af2, 0xfab8b464,
81 0x98c5bfc9, 0xbebd198e, 0x268c3ba7, 0x09e04214,
82 0x68007bac, 0xb2df3316, 0x96e939e4, 0x6c518d80,
83 0xc814e204, 0x76a9fb8a, 0x5025c02d, 0x59c58239,
84 0xde136967, 0x6ccc5a71, 0xfa256395, 0x9674ee15,
85 0x5886ca5d, 0x2e2f31d7, 0x7e0af1fa, 0x27cf73c3,
86 0x749c47ab, 0x18501dda, 0xe2757e4f, 0x7401905a,
87 0xcafaaae3, 0xe4d59b34, 0x9adf6ace, 0xbd10190d,
88 0xfe4890d1, 0xe6188d0b, 0x046df344, 0x706c631e,
89 };
90
91 /* test 4 */
92 unsigned char in1[16] = {
93 0x32, 0x43, 0xf6, 0xa8, 0x88, 0x5a, 0x30, 0x8d,
94 0x31, 0x31, 0x98, 0xa2, 0xe0, 0x37, 0x07, 0x34,
95 };
96 unsigned char out1[16] = {
97 0x39, 0x25, 0x84, 0x1d, 0x02, 0xdc, 0x09, 0xfb,
98 0xdc, 0x11, 0x85, 0x97, 0x19, 0x6a, 0x0b, 0x32,
99 };
100
101 unsigned char buf[16] = {0};
102
103 printf("aes test 1 ");
104 aes_set_encrypt_key(&aes_key, key128, sizeof(key128));
105 if (memcmp(&aes_key, rk128, sizeof(rk128)) != 0) {
106 printf("failed\n");
107 return -1;
108 } else {
109 printf("ok\n");
110 }
111
112 printf("aes test 2 ");
113 aes_set_encrypt_key(&aes_key, key192, sizeof(key192));
114 if (memcmp(&aes_key, rk192, sizeof(rk192)) != 0) {
115 printf("failed\n");
116 return -1;
117 } else {
118 printf("ok\n");
119 }
120
121 printf("aes test 3 ");
122 aes_set_encrypt_key(&aes_key, key256, sizeof(key256));
123 if (memcmp(&aes_key, rk256, sizeof(rk256)) != 0) {
124 printf("failed\n");
125 return -1;
126 } else {
127 printf("ok\n");
128 }
129
130 printf("aes test 4 ");
131 aes_set_encrypt_key(&aes_key, key128, sizeof(key128));
132 aes_encrypt(&aes_key, in1, buf);
133 if (memcmp(buf, out1, sizeof(out1)) != 0) {
134 printf("failed\n");
135 return -1;
136 } else {
137 printf("ok\n");
138 }
139
140 printf("aes test 5 ");
141 aes_set_decrypt_key(&aes_key, key128, sizeof(key128));
142 aes_decrypt(&aes_key, buf, buf);
143 if (memcmp(buf, in1, sizeof(in1)) != 0) {
144 printf("failed\n");
145 return -1;
146 } else {
147 printf("ok\n");
148 }
149
150 printf("%s() ok\n", __FUNCTION__);
151 return 1;
152 }
153
test_aes_ctr(void)154 int test_aes_ctr(void)
155 {
156 // NIST SP 800-38A F.5.1
157 char *hex_key = "2b7e151628aed2a6abf7158809cf4f3c";
158 char *hex_ctr = "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff";
159 char *hex_msg = "6bc1bee22e409f96e93d7e117393172a"
160 "ae2d8a571e03ac9c9eb76fac45af8e51"
161 "30c81c46a35ce411e5fbc1191a0a52ef"
162 "f69f2445df4f9b17ad2b417be66c3710";
163 char *hex_out = "874d6191b620e3261bef6864990db6ce"
164 "9806f66b7970fdff8617187bb9fffdff"
165 "5ae4df3edbd5d35e5b4f09020db03eab"
166 "1e031dda2fbe03d1792170a0f3009cee";
167
168 AES_KEY aes_key;
169 uint8_t key[32];
170 uint8_t ctr[16];
171 uint8_t msg[64];
172 uint8_t out[64];
173 uint8_t buf[64];
174 size_t keylen, ctrlen, msglen, outlen, buflen;
175
176 hex_to_bytes(hex_key, strlen(hex_key), key, &keylen);
177 hex_to_bytes(hex_ctr, strlen(hex_ctr), ctr, &ctrlen);
178 hex_to_bytes(hex_msg, strlen(hex_msg), msg, &msglen);
179 hex_to_bytes(hex_out, strlen(hex_out), out, &outlen);
180
181 aes_set_encrypt_key(&aes_key, key, keylen);
182 aes_ctr_encrypt(&aes_key, ctr, msg, msglen, buf);
183 buflen = msglen;
184
185 printf("aes ctr test 1 ");
186 if (memcmp(buf, out, outlen) != 0) {
187 printf("failed\n");
188 format_bytes(stdout, 0, 0, "aes_ctr(msg) = ", buf, buflen);
189 format_bytes(stdout, 0, 0, " != ", out, outlen);
190 return -1;
191 } else {
192 printf("ok\n");
193 }
194
195 printf("aes ctr test 2 ");
196 hex_to_bytes(hex_ctr, strlen(hex_ctr), ctr, &ctrlen);
197 aes_ctr_decrypt(&aes_key, ctr, buf, buflen, buf);
198 if (memcmp(buf, msg, msglen) != 0) {
199 printf("failed\n");
200 format_bytes(stdout, 0, 0, "msg = ", msg, msglen);
201 format_bytes(stdout, 0, 0, " = ", buf, buflen);
202 return -1;
203 } else {
204 printf("ok\n");
205 }
206
207 printf("%s() ok\n", __FUNCTION__);
208 return 1;
209 }
210
211
212 struct {
213 char *K;
214 char *P;
215 char *A;
216 char *IV;
217 char *C;
218 char *T;
219 } aes_gcm_tests[] = {
220 // test 1
221 {
222 "00000000000000000000000000000000",
223 "",
224 "",
225 "000000000000000000000000",
226 "",
227 "58e2fccefa7e3061367f1d57a4e7455a",
228 },
229 // test 2
230 {
231 "00000000000000000000000000000000",
232 "00000000000000000000000000000000",
233 "",
234 "000000000000000000000000",
235 "0388dace60b6a392f328c2b971b2fe78",
236 "ab6e47d42cec13bdf53a67b21257bddf",
237 },
238 // test 3
239 {
240 "feffe9928665731c6d6a8f9467308308",
241 "d9313225f88406e5a55909c5aff5269a"
242 "86a7a9531534f7da2e4c303d8a318a72"
243 "1c3c0c95956809532fcf0e2449a6b525"
244 "b16aedf5aa0de657ba637b391aafd255",
245 "",
246 "cafebabefacedbaddecaf888",
247 "42831ec2217774244b7221b784d0d49c"
248 "e3aa212f2c02a4e035c17e2329aca12e"
249 "21d514b25466931c7d8f6a5aac84aa05"
250 "1ba30b396a0aac973d58e091473f5985",
251 "4d5c2af327cd64a62cf35abd2ba6fab4",
252 },
253 // test 4
254 {
255 "feffe9928665731c6d6a8f9467308308",
256 "d9313225f88406e5a55909c5aff5269a"
257 "86a7a9531534f7da2e4c303d8a318a72"
258 "1c3c0c95956809532fcf0e2449a6b525"
259 "b16aedf5aa0de657ba637b39",
260 "feedfacedeadbeeffeedfacedeadbeef"
261 "abaddad2",
262 "cafebabefacedbaddecaf888",
263 "42831ec2217774244b7221b784d0d49c"
264 "e3aa212f2c02a4e035c17e2329aca12e"
265 "21d514b25466931c7d8f6a5aac84aa05"
266 "1ba30b396a0aac973d58e091",
267 "5bc94fbc3221a5db94fae95ae7121a47",
268 },
269 // test 5
270 {
271 "feffe9928665731c6d6a8f9467308308",
272 "d9313225f88406e5a55909c5aff5269a"
273 "86a7a9531534f7da2e4c303d8a318a72"
274 "1c3c0c95956809532fcf0e2449a6b525"
275 "b16aedf5aa0de657ba637b39",
276 "feedfacedeadbeeffeedfacedeadbeef"
277 "abaddad2",
278 "cafebabefacedbad",
279 "61353b4c2806934a777ff51fa22a4755"
280 "699b2a714fcdc6f83766e5f97b6c7423"
281 "73806900e49f24b22b097544d4896b42"
282 "4989b5e1ebac0f07c23f4598",
283 "3612d2e79e3b0785561be14aaca2fccb",
284 },
285 // test 6
286 {
287 "feffe9928665731c6d6a8f9467308308",
288 "d9313225f88406e5a55909c5aff5269a"
289 "86a7a9531534f7da2e4c303d8a318a72"
290 "1c3c0c95956809532fcf0e2449a6b525"
291 "b16aedf5aa0de657ba637b39",
292 "feedfacedeadbeeffeedfacedeadbeef"
293 "abaddad2",
294 "9313225df88406e555909c5aff5269aa"
295 "6a7a9538534f7da1e4c303d2a318a728"
296 "c3c0c95156809539fcf0e2429a6b5254"
297 "16aedbf5a0de6a57a637b39b",
298 "8ce24998625615b603a033aca13fb894"
299 "be9112a5c3a211a8ba262a3cca7e2ca7"
300 "01e4a9a4fba43c90ccdcb281d48c7c6f"
301 "d62875d2aca417034c34aee5",
302 "619cc5aefffe0bfa462af43c1699d050",
303 },
304 // test 7
305 {
306 "00000000000000000000000000000000"
307 "0000000000000000",
308 "",
309 "",
310 "000000000000000000000000",
311 "",
312 "cd33b28ac773f74ba00ed1f312572435",
313 },
314 };
315
test_aes_gcm(void)316 int test_aes_gcm(void)
317 {
318 int err = 0;
319 uint8_t K[32];
320 uint8_t P[64];
321 uint8_t A[32];
322 uint8_t IV[64];
323 uint8_t C[64];
324 uint8_t T[16];
325 size_t Klen, Plen, Alen, IVlen, Clen, Tlen;
326
327 AES_KEY aes_key;
328 uint8_t out[64];
329 uint8_t tag[16];
330 uint8_t buf[64];
331 int i;
332
333 for (i = 0; i < sizeof(aes_gcm_tests)/sizeof(aes_gcm_tests[0]); i++) {
334 hex_to_bytes(aes_gcm_tests[i].K, strlen(aes_gcm_tests[i].K), K, &Klen);
335 hex_to_bytes(aes_gcm_tests[i].P, strlen(aes_gcm_tests[i].P), P, &Plen);
336 hex_to_bytes(aes_gcm_tests[i].A, strlen(aes_gcm_tests[i].A), A, &Alen);
337 hex_to_bytes(aes_gcm_tests[i].IV, strlen(aes_gcm_tests[i].IV), IV, &IVlen);
338 hex_to_bytes(aes_gcm_tests[i].C, strlen(aes_gcm_tests[i].C), C, &Clen);
339 hex_to_bytes(aes_gcm_tests[i].T, strlen(aes_gcm_tests[i].T), T, &Tlen);
340
341 aes_set_encrypt_key(&aes_key, K, Klen);
342 aes_gcm_encrypt(&aes_key, IV, IVlen, A, Alen, P, Plen, out, Tlen, tag);
343
344 printf("aes gcm test %d ", i + 1);
345 if (aes_gcm_decrypt(&aes_key, IV, IVlen, A, Alen, out, Plen, tag, Tlen, buf) != 1
346 || memcmp(buf, P, Plen) != 0) {
347 printf("failed\n");
348 format_print(stdout, 0, 2, "K = %s\n", aes_gcm_tests[i].K);
349 format_print(stdout, 0, 2, "P = %s\n", aes_gcm_tests[i].P);
350 format_print(stdout, 0, 2, "A = %s\n", aes_gcm_tests[i].A);
351 format_print(stdout, 0, 2, "IV = %s\n", aes_gcm_tests[i].IV);
352 format_print(stdout, 0, 2, "C = %s\n", aes_gcm_tests[i].C);
353 format_bytes(stdout, 0, 2, " = ", out, Plen);
354 format_print(stdout, 0, 2, "T = %s\n", aes_gcm_tests[i].T);
355 format_bytes(stdout, 0, 2, " = ", tag, Tlen);
356 return -1;
357 } else {
358 printf("ok\n");
359 }
360 }
361
362 printf("%s() ok\n", __FUNCTION__);
363 return 1;
364 }
365
main(void)366 int main(void)
367 {
368 if (test_aes() != 1) goto err;
369 if (test_aes_ctr() != 1) goto err;
370 if (test_aes_gcm() != 1) goto err;
371 printf("%s all tests passed!\n", __FILE__);
372 return 0;
373 err:
374 error_print();
375 return 1;
376 }
377