• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2  *
3  * LibTomCrypt is a library that provides various cryptographic
4  * algorithms in a highly modular and flexible manner.
5  *
6  * The library is free for all purposes without any express
7  * guarantee it works.
8  *
9  * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
10  */
11 
12 /**
13    @file ocb_test.c
14    OCB implementation, self-test by Tom St Denis
15 */
16 #include "tomcrypt.h"
17 
18 #ifdef OCB_MODE
19 
20 /**
21   Test the OCB protocol
22   @return   CRYPT_OK if successful
23 */
ocb_test(void)24 int ocb_test(void)
25 {
26 #ifndef LTC_TEST
27    return CRYPT_NOP;
28 #else
29    static const struct {
30          int ptlen;
31          unsigned char key[16], nonce[16], pt[34], ct[34], tag[16];
32    } tests[] = {
33 
34    /* OCB-AES-128-0B */
35 {
36    0,
37    /* key */
38    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
39      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
40    /* nonce */
41    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
42      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
43    /* pt */
44    { 0 },
45    /* ct */
46    { 0 },
47    /* tag */
48    { 0x15, 0xd3, 0x7d, 0xd7, 0xc8, 0x90, 0xd5, 0xd6,
49      0xac, 0xab, 0x92, 0x7b, 0xc0, 0xdc, 0x60, 0xee },
50 },
51 
52 
53    /* OCB-AES-128-3B */
54 {
55    3,
56    /* key */
57    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
58      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
59    /* nonce */
60    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
61      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
62    /* pt */
63    { 0x00, 0x01, 0x02 },
64    /* ct */
65    { 0xfc, 0xd3, 0x7d },
66    /* tag */
67    { 0x02, 0x25, 0x47, 0x39, 0xa5, 0xe3, 0x56, 0x5a,
68      0xe2, 0xdc, 0xd6, 0x2c, 0x65, 0x97, 0x46, 0xba },
69 },
70 
71    /* OCB-AES-128-16B */
72 {
73    16,
74    /* key */
75    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
76      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
77    /* nonce */
78    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
79      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
80    /* pt */
81    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
82      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
83    /* ct */
84    { 0x37, 0xdf, 0x8c, 0xe1, 0x5b, 0x48, 0x9b, 0xf3,
85      0x1d, 0x0f, 0xc4, 0x4d, 0xa1, 0xfa, 0xf6, 0xd6 },
86    /* tag */
87    { 0xdf, 0xb7, 0x63, 0xeb, 0xdb, 0x5f, 0x0e, 0x71,
88      0x9c, 0x7b, 0x41, 0x61, 0x80, 0x80, 0x04, 0xdf },
89 },
90 
91    /* OCB-AES-128-20B  */
92 {
93    20,
94    /* key */
95    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
96      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
97    /* nonce */
98    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
99      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
100    /* pt */
101    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
102      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
103      0x10, 0x11, 0x12, 0x13 },
104    /* ct */
105    { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4,
106      0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb,
107      0x70, 0x03, 0xeb, 0x55},
108    /* tag */
109    { 0x75, 0x30, 0x84, 0x14, 0x4e, 0xb6, 0x3b, 0x77,
110      0x0b, 0x06, 0x3c, 0x2e, 0x23, 0xcd, 0xa0, 0xbb },
111 },
112 
113    /* OCB-AES-128-32B  */
114 {
115    32,
116    /* key */
117    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
118      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
119    /* nonce */
120    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
121      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
122    /* pt */
123    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
124      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
125      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
126      0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
127    /* ct */
128    { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4,
129      0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb,
130      0x4a, 0xfc, 0xbb, 0x7f, 0xed, 0xc0, 0x8c, 0xa8,
131      0x65, 0x4c, 0x6d, 0x30, 0x4d, 0x16, 0x12, 0xfa },
132 
133    /* tag */
134    { 0xc1, 0x4c, 0xbf, 0x2c, 0x1a, 0x1f, 0x1c, 0x3c,
135      0x13, 0x7e, 0xad, 0xea, 0x1f, 0x2f, 0x2f, 0xcf },
136 },
137 
138    /* OCB-AES-128-34B  */
139 {
140    34,
141    /* key */
142    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
143      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
144    /* nonce */
145    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
146      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
147    /* pt */
148    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
149      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
150      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
151      0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
152      0x20, 0x21 },
153    /* ct */
154    { 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4,
155      0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb,
156      0xd4, 0x90, 0x3d, 0xd0, 0x02, 0x5b, 0xa4, 0xaa,
157      0x83, 0x7c, 0x74, 0xf1, 0x21, 0xb0, 0x26, 0x0f,
158      0xa9, 0x5d },
159 
160    /* tag */
161    { 0xcf, 0x83, 0x41, 0xbb, 0x10, 0x82, 0x0c, 0xcf,
162      0x14, 0xbd, 0xec, 0x56, 0xb8, 0xd7, 0xd6, 0xab },
163 },
164 
165 };
166 
167    int err, x, idx, res;
168    unsigned long len;
169    unsigned char outct[MAXBLOCKSIZE], outtag[MAXBLOCKSIZE];
170 
171     /* AES can be under rijndael or aes... try to find it */
172     if ((idx = find_cipher("aes")) == -1) {
173        if ((idx = find_cipher("rijndael")) == -1) {
174           return CRYPT_NOP;
175        }
176     }
177 
178     for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
179         len = sizeof(outtag);
180         if ((err = ocb_encrypt_authenticate_memory(idx, tests[x].key, 16,
181              tests[x].nonce, tests[x].pt, tests[x].ptlen, outct, outtag, &len)) != CRYPT_OK) {
182            return err;
183         }
184 
185         if (XMEMCMP(outtag, tests[x].tag, len) || XMEMCMP(outct, tests[x].ct, tests[x].ptlen)) {
186 #if 0
187            unsigned long y;
188            printf("\n\nFailure: \nCT:\n");
189            for (y = 0; y < (unsigned long)tests[x].ptlen; ) {
190                printf("0x%02x", outct[y]);
191                if (y < (unsigned long)(tests[x].ptlen-1)) printf(", ");
192                if (!(++y % 8)) printf("\n");
193            }
194            printf("\nTAG:\n");
195            for (y = 0; y < len; ) {
196                printf("0x%02x", outtag[y]);
197                if (y < len-1) printf(", ");
198                if (!(++y % 8)) printf("\n");
199            }
200 #endif
201            return CRYPT_FAIL_TESTVECTOR;
202         }
203 
204         if ((err = ocb_decrypt_verify_memory(idx, tests[x].key, 16, tests[x].nonce, outct, tests[x].ptlen,
205              outct, tests[x].tag, len, &res)) != CRYPT_OK) {
206            return err;
207         }
208         if ((res != 1) || XMEMCMP(tests[x].pt, outct, tests[x].ptlen)) {
209 #if 0
210            unsigned long y;
211            printf("\n\nFailure-decrypt: \nPT:\n");
212            for (y = 0; y < (unsigned long)tests[x].ptlen; ) {
213                printf("0x%02x", outct[y]);
214                if (y < (unsigned long)(tests[x].ptlen-1)) printf(", ");
215                if (!(++y % 8)) printf("\n");
216            }
217            printf("\nres = %d\n\n", res);
218 #endif
219         }
220     }
221     return CRYPT_OK;
222 #endif /* LTC_TEST */
223 }
224 
225 #endif /* OCB_MODE */
226 
227 
228 /* some comments
229 
230    -- it's hard to seek
231    -- hard to stream [you can't emit ciphertext until full block]
232    -- The setup is somewhat complicated...
233 */
234 
235 /* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_test.c,v $ */
236 /* $Revision: 1.5 $ */
237 /* $Date: 2006/11/01 09:28:17 $ */
238