commit 3ffd6ba4529fe5cfa89925f12fe4eef239b893e1 Author: Zack Weinberg zackw@panix.com Date: Mon Jul 18 12:55:21 2011 -0700
Use the official NIST four-block test vector for AES128-CTR. We are testing in-place encryption, so no need for an XXX comment. --- src/crypt.c | 3 +- src/test/unittest_crypt.c | 75 ++++++++++++++++++++++++++++++-------------- 2 files changed, 52 insertions(+), 26 deletions(-)
diff --git a/src/crypt.c b/src/crypt.c index 8d1d607..722fc00 100644 --- a/src/crypt.c +++ b/src/crypt.c @@ -183,8 +183,7 @@ crypt_set_iv(crypt_t *key, const uchar *iv, size_t ivlen) void stream_crypt(crypt_t *key, uchar *buf, size_t len) { - AES_ctr128_encrypt(buf, buf, /* XXX make sure this is okay to do. */ - len, + AES_ctr128_encrypt(buf, buf, len, &key->key, key->ivec, key->ecount_buf, &key->pos); } diff --git a/src/test/unittest_crypt.c b/src/test/unittest_crypt.c index 14c2c41..0e48a90 100644 --- a/src/test/unittest_crypt.c +++ b/src/test/unittest_crypt.c @@ -77,27 +77,54 @@ test_crypt_hashvec(void *data) static void test_crypt_aes1(void *data) { - /* Trying AES_ctr128_encrypt(x,x,...) to see if in-place encryption works. - Seems like it's working alright. - Test vector taken from: - http://www.inconteam.com/software-development/41-encryption/55-aes-test-vect... - maybe we should find something a bit more NIST-ish */ - uchar key[16] = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c"; - uchar iv[16] = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"; - uchar vec[16] = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"; - - crypt_t *crypt; - - crypt = crypt_new(key, sizeof(key)); + /* In-place encryption of the test vectors from + http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf + for AES128 in counter mode (section F.5.1) */ + const uchar key[16] = + "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c"; + const uchar iv[16] = + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"; + struct testblock { + const uchar counter[16]; + const uchar keystream[16]; + const uchar plaintext[16]; + const uchar ciphertext[16]; + }; + const struct testblock testvec[4] = { + { "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", + "\xec\x8c\xdf\x73\x98\x60\x7c\xb0\xf2\xd2\x16\x75\xea\x9e\xa1\xe4", + "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", + "\x87\x4d\x61\x91\xb6\x20\xe3\x26\x1b\xef\x68\x64\x99\x0d\xb6\xce" }, + { "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xff\x00", + "\x36\x2b\x7c\x3c\x67\x73\x51\x63\x18\xa0\x77\xd7\xfc\x50\x73\xae", + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", + "\x98\x06\xf6\x6b\x79\x70\xfd\xff\x86\x17\x18\x7b\xb9\xff\xfd\xff" }, + { "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xff\x01", + "\x6a\x2c\xc3\x78\x78\x89\x37\x4f\xbe\xb4\xc8\x1b\x17\xba\x6c\x44", + "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", + "\x5a\xe4\xdf\x3e\xdb\xd5\xd3\x5e\x5b\x4f\x09\x02\x0d\xb0\x3e\xab", }, + { "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xff\x02", + "\xe8\x9c\x39\x9f\xf0\xf1\x98\xc6\xd4\x0a\x31\xdb\x15\x6c\xab\xfe", + "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", + "\x1e\x03\x1d\xda\x2f\xbe\x03\xd1\x79\x21\x70\xa0\xf3\x00\x9c\xee" } + }; + + uchar vec[16]; + unsigned int i; + + crypt_t *crypt = crypt_new(key, sizeof(key)); crypt_set_iv(crypt, iv, sizeof(iv)); - stream_crypt(crypt, vec, sizeof(vec));
- tt_int_op(0, ==, memcmp(vec, - "\x87\x4d\x61\x91\xb6\x20\xe3\x26\x1b\xef\x68\x64\x99\x0d" - "\xb6\xce", 16)); + for (i = 0; i < 4; i++) { + tt_int_op(0, ==, crypt->pos); + tt_int_op(0, ==, memcmp(crypt->ivec, testvec[i].counter, 16));
- /* XXX test longer streams too; the failure modes for stream crypto are not - * visible in a single block. */ + memcpy(vec, testvec[i].plaintext, 16); + stream_crypt(crypt, vec, 16); + + tt_int_op(0, ==, memcmp(crypt->ecount_buf, testvec[i].keystream, 16)); + tt_int_op(0, ==, memcmp(vec, testvec[i].ciphertext, 16)); + }
end: if (crypt) @@ -152,13 +179,13 @@ test_crypt_rng(void *data) }
-#define T(name, flags) \ - { #name, test_crypt_##name, (flags), NULL, NULL } +#define T(name) \ + { #name, test_crypt_##name, 0, NULL, NULL }
struct testcase_t crypt_tests[] = { - T(hashvec, 0), - T(aes1,0), - T(aes2,0), - T(rng,0), + T(hashvec), + T(aes1), + T(aes2), + T(rng), END_OF_TESTCASES };