1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
10 */
11
12 /**
13 @file eax_test.c
14 EAX implementation, self-test, by Tom St Denis
15 */
16 #include "tomcrypt.h"
17
18 #ifdef EAX_MODE
19
20 /**
21 Test the EAX implementation
22 @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled
23 */
eax_test(void)24 int eax_test(void)
25 {
26 #ifndef LTC_TEST
27 return CRYPT_NOP;
28 #else
29 static const struct {
30 int keylen,
31 noncelen,
32 headerlen,
33 msglen;
34
35 unsigned char key[MAXBLOCKSIZE],
36 nonce[MAXBLOCKSIZE],
37 header[MAXBLOCKSIZE],
38 plaintext[MAXBLOCKSIZE],
39 ciphertext[MAXBLOCKSIZE],
40 tag[MAXBLOCKSIZE];
41 } tests[] = {
42
43 /* NULL message */
44 {
45 16, 0, 0, 0,
46 /* key */
47 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
48 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
49 /* nonce */
50 { 0 },
51 /* header */
52 { 0 },
53 /* plaintext */
54 { 0 },
55 /* ciphertext */
56 { 0 },
57 /* tag */
58 { 0x9a, 0xd0, 0x7e, 0x7d, 0xbf, 0xf3, 0x01, 0xf5,
59 0x05, 0xde, 0x59, 0x6b, 0x96, 0x15, 0xdf, 0xff }
60 },
61
62 /* test with nonce */
63 {
64 16, 16, 0, 0,
65 /* key */
66 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
67 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
68 /* nonce */
69 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
70 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
71 /* header */
72 { 0 },
73 /* plaintext */
74 { 0 },
75 /* ciphertext */
76 { 0 },
77 /* tag */
78 { 0x1c, 0xe1, 0x0d, 0x3e, 0xff, 0xd4, 0xca, 0xdb,
79 0xe2, 0xe4, 0x4b, 0x58, 0xd6, 0x0a, 0xb9, 0xec }
80 },
81
82 /* test with header [no nonce] */
83 {
84 16, 0, 16, 0,
85 /* key */
86 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
87 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
88 /* nonce */
89 { 0 },
90 /* header */
91 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
92 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
93 /* plaintext */
94 { 0 },
95 /* ciphertext */
96 { 0 },
97 /* tag */
98 { 0x3a, 0x69, 0x8f, 0x7a, 0x27, 0x0e, 0x51, 0xb0,
99 0xf6, 0x5b, 0x3d, 0x3e, 0x47, 0x19, 0x3c, 0xff }
100 },
101
102 /* test with header + nonce + plaintext */
103 {
104 16, 16, 16, 32,
105 /* key */
106 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
107 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
108 /* nonce */
109 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
110 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
111 /* header */
112 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
113 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
114 /* plaintext */
115 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
116 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
117 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
118 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
119 /* ciphertext */
120 { 0x29, 0xd8, 0x78, 0xd1, 0xa3, 0xbe, 0x85, 0x7b,
121 0x6f, 0xb8, 0xc8, 0xea, 0x59, 0x50, 0xa7, 0x78,
122 0x33, 0x1f, 0xbf, 0x2c, 0xcf, 0x33, 0x98, 0x6f,
123 0x35, 0xe8, 0xcf, 0x12, 0x1d, 0xcb, 0x30, 0xbc },
124 /* tag */
125 { 0x4f, 0xbe, 0x03, 0x38, 0xbe, 0x1c, 0x8c, 0x7e,
126 0x1d, 0x7a, 0xe7, 0xe4, 0x5b, 0x92, 0xc5, 0x87 }
127 },
128
129 /* test with header + nonce + plaintext [not even sizes!] */
130 {
131 16, 15, 14, 29,
132 /* key */
133 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
134 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
135 /* nonce */
136 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
137 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e },
138 /* header */
139 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
140 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d },
141 /* plaintext */
142 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
143 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
144 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
145 0x18, 0x19, 0x1a, 0x1b, 0x1c },
146 /* ciphertext */
147 { 0xdd, 0x25, 0xc7, 0x54, 0xc5, 0xb1, 0x7c, 0x59,
148 0x28, 0xb6, 0x9b, 0x73, 0x15, 0x5f, 0x7b, 0xb8,
149 0x88, 0x8f, 0xaf, 0x37, 0x09, 0x1a, 0xd9, 0x2c,
150 0x8a, 0x24, 0xdb, 0x86, 0x8b },
151 /* tag */
152 { 0x0d, 0x1a, 0x14, 0xe5, 0x22, 0x24, 0xff, 0xd2,
153 0x3a, 0x05, 0xfa, 0x02, 0xcd, 0xef, 0x52, 0xda }
154 },
155
156 /* Vectors from Brian Gladman */
157
158 {
159 16, 16, 8, 0,
160 /* key */
161 { 0x23, 0x39, 0x52, 0xde, 0xe4, 0xd5, 0xed, 0x5f,
162 0x9b, 0x9c, 0x6d, 0x6f, 0xf8, 0x0f, 0xf4, 0x78 },
163 /* nonce */
164 { 0x62, 0xec, 0x67, 0xf9, 0xc3, 0xa4, 0xa4, 0x07,
165 0xfc, 0xb2, 0xa8, 0xc4, 0x90, 0x31, 0xa8, 0xb3 },
166 /* header */
167 { 0x6b, 0xfb, 0x91, 0x4f, 0xd0, 0x7e, 0xae, 0x6b },
168 /* PT */
169 { 0x00 },
170 /* CT */
171 { 0x00 },
172 /* tag */
173 { 0xe0, 0x37, 0x83, 0x0e, 0x83, 0x89, 0xf2, 0x7b,
174 0x02, 0x5a, 0x2d, 0x65, 0x27, 0xe7, 0x9d, 0x01 }
175 },
176
177 {
178 16, 16, 8, 2,
179 /* key */
180 { 0x91, 0x94, 0x5d, 0x3f, 0x4d, 0xcb, 0xee, 0x0b,
181 0xf4, 0x5e, 0xf5, 0x22, 0x55, 0xf0, 0x95, 0xa4 },
182 /* nonce */
183 { 0xbe, 0xca, 0xf0, 0x43, 0xb0, 0xa2, 0x3d, 0x84,
184 0x31, 0x94, 0xba, 0x97, 0x2c, 0x66, 0xde, 0xbd },
185 /* header */
186 { 0xfa, 0x3b, 0xfd, 0x48, 0x06, 0xeb, 0x53, 0xfa },
187 /* PT */
188 { 0xf7, 0xfb },
189 /* CT */
190 { 0x19, 0xdd },
191 /* tag */
192 { 0x5c, 0x4c, 0x93, 0x31, 0x04, 0x9d, 0x0b, 0xda,
193 0xb0, 0x27, 0x74, 0x08, 0xf6, 0x79, 0x67, 0xe5 }
194 },
195
196 {
197 16, 16, 8, 5,
198 /* key */
199 { 0x01, 0xf7, 0x4a, 0xd6, 0x40, 0x77, 0xf2, 0xe7,
200 0x04, 0xc0, 0xf6, 0x0a, 0xda, 0x3d, 0xd5, 0x23 },
201 /* nonce */
202 { 0x70, 0xc3, 0xdb, 0x4f, 0x0d, 0x26, 0x36, 0x84,
203 0x00, 0xa1, 0x0e, 0xd0, 0x5d, 0x2b, 0xff, 0x5e },
204 /* header */
205 { 0x23, 0x4a, 0x34, 0x63, 0xc1, 0x26, 0x4a, 0xc6 },
206 /* PT */
207 { 0x1a, 0x47, 0xcb, 0x49, 0x33 },
208 /* CT */
209 { 0xd8, 0x51, 0xd5, 0xba, 0xe0 },
210 /* Tag */
211 { 0x3a, 0x59, 0xf2, 0x38, 0xa2, 0x3e, 0x39, 0x19,
212 0x9d, 0xc9, 0x26, 0x66, 0x26, 0xc4, 0x0f, 0x80 }
213 }
214
215 };
216 int err, x, idx, res;
217 unsigned long len;
218 unsigned char outct[MAXBLOCKSIZE], outtag[MAXBLOCKSIZE];
219
220 /* AES can be under rijndael or aes... try to find it */
221 if ((idx = find_cipher("aes")) == -1) {
222 if ((idx = find_cipher("rijndael")) == -1) {
223 return CRYPT_NOP;
224 }
225 }
226
227 for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
228 len = sizeof(outtag);
229 if ((err = eax_encrypt_authenticate_memory(idx, tests[x].key, tests[x].keylen,
230 tests[x].nonce, tests[x].noncelen, tests[x].header, tests[x].headerlen,
231 tests[x].plaintext, tests[x].msglen, outct, outtag, &len)) != CRYPT_OK) {
232 return err;
233 }
234 if (XMEMCMP(outct, tests[x].ciphertext, tests[x].msglen) || XMEMCMP(outtag, tests[x].tag, len)) {
235 #if 0
236 unsigned long y;
237 printf("\n\nFailure: \nCT:\n");
238 for (y = 0; y < (unsigned long)tests[x].msglen; ) {
239 printf("0x%02x", outct[y]);
240 if (y < (unsigned long)(tests[x].msglen-1)) printf(", ");
241 if (!(++y % 8)) printf("\n");
242 }
243 printf("\nTAG:\n");
244 for (y = 0; y < len; ) {
245 printf("0x%02x", outtag[y]);
246 if (y < len-1) printf(", ");
247 if (!(++y % 8)) printf("\n");
248 }
249 #endif
250 return CRYPT_FAIL_TESTVECTOR;
251 }
252
253 /* test decrypt */
254 if ((err = eax_decrypt_verify_memory(idx, tests[x].key, tests[x].keylen,
255 tests[x].nonce, tests[x].noncelen, tests[x].header, tests[x].headerlen,
256 outct, tests[x].msglen, outct, outtag, len, &res)) != CRYPT_OK) {
257 return err;
258 }
259 if ((res != 1) || XMEMCMP(outct, tests[x].plaintext, tests[x].msglen)) {
260 #if 0
261 unsigned long y;
262 printf("\n\nFailure (res == %d): \nPT:\n", res);
263 for (y = 0; y < (unsigned long)tests[x].msglen; ) {
264 printf("0x%02x", outct[y]);
265 if (y < (unsigned long)(tests[x].msglen-1)) printf(", ");
266 if (!(++y % 8)) printf("\n");
267 }
268 printf("\n\n");
269 #endif
270 return CRYPT_FAIL_TESTVECTOR;
271 }
272
273 }
274 return CRYPT_OK;
275 #endif /* LTC_TEST */
276 }
277
278 #endif /* EAX_MODE */
279
280 /* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_test.c,v $ */
281 /* $Revision: 1.5 $ */
282 /* $Date: 2006/11/01 09:28:17 $ */
283