Commit 639a1a89 by Enrico Pozzobon

Merge branch 'master' of lab.las3.de:lwc/compare

parents a7239a02 92460565
Count = 1
Key = 0C0102030405060708090A0B0C0D0E0F
Nonce = FF0102030405060708090A0B
PT = 10010203
AD =
CT = 09F654220000000000000000000000003381ABB14002E61F0CABC2D4B535927F
crypto_aead_decrypt returned <-18>
PT = 00000000000000000000000000000000
CC=gcc
CFLAGS=-c -Wall
LDFLAGS=
SOURCES=aes.c cipher.c cipher_wrap.c gcm.c main.c platform.c platform_util.c
OBJECTS=$(SOURCES:.c=.o)
EXECUTABLE=gcm
NISTGCCFLAGS=-std=c99 -Wall -Wextra -Wshadow -O2
LFLAGS=-lm
all: $(SOURCES) $(EXECUTABLE)
all: gcm
$(EXECUTABLE): $(OBJECTS)
$(CC) $(LDFLAGS) $(OBJECTS) -o $@
gcm: gcm.c genkat_aead.c aes.c cipher.c cipher_wrap.c platform.c platform_util.c
$(CC) $(NISTGCCFLAGS) -o $@ $^ $(LFLAGS)
.cpp.o:
$(CC) $(CFLAGS) $< -o $@
.PHONY: clean
clean:
rm -rf *.o out
rm -rf gcm
#define CRYPTO_KEYBYTES 16
#define CRYPTO_NSECBYTES 0
#define CRYPTO_NPUBBYTES 12
#define CRYPTO_ABYTES 16
#define CRYPTO_ABYTES 16
#define CRYPTO_NOOVERLAP 1
/* Reference implementation of ACE-128 AEAD
Written by:
Kalikinkar Mandal <kmandal@uwaterloo.ca>
*/
typedef unsigned long long u64;
int ace_init(
unsigned char *state,
const unsigned char *npub,
const unsigned char *k
);
int ace_ad(
unsigned char *state,
const unsigned char *ad,
const u64 adlen
);
int ace_gentag(
unsigned char *tag,
const unsigned char tlen,
unsigned char *state,
const unsigned char *k
);
int crypto_encrypt(
unsigned char *c,unsigned long long *clen,
const unsigned char *m,unsigned long long mlen,
......@@ -56,9 +34,3 @@ int crypto_aead_decrypt(
const unsigned char *k
);
int ace_gentag(
unsigned char *tag,
const unsigned char tlen,
unsigned char *state,
const unsigned char *k
);
#include "gcm.h"
#include "platform_util.h"
#include "api.h"
#include <stdio.h>
#include "crypto_aead.h"
static void single_encryption(void) {
// 32 bytes.. that's 256 bits
const unsigned char k[32] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 };
unsigned char c[64] = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85};
unsigned char npub[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88 };
unsigned char ad[1400];
unsigned long long adlen = 0;
unsigned long long mlen = 0;
unsigned long long clen = 64;
unsigned char m[1400];
unsigned char nsec[CRYPTO_NSECBYTES];
//mbedtls_gcm_init( &ctx );
// 128 bits, not bytes!
//ret = mbedtls_gcm_setkey( &ctx, cipher, key, 128 );
// Context, flag (1/0), length, nonce, nonce_len, AD, AD_len, PT, output, tag_len, tag
//ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, 64, initial_value, 12, additional, 0, plaintext, buf, 16, tag_buf);
//mbedtls_gcm_free( &ctx );
int res;
res = crypto_aead_decrypt(m, mlen, nsec, c, clen, ad, adlen, npub, k);
if (res == 0) {
printf("Local decryption test workerino!\n");
} else {
printf("Local test failed -.-\n");
}
}
int main(void) {
//mbedtls_gcm_self_test(1);
single_encryption();
return 0;
}
#include "gcm.h"
#include "platform_util.h"
#include "api.h"
#include <stdio.h>
#include "crypto_aead.h"
static void single_encryption(void) {
// 32 bytes.. that's 256 bits
const unsigned char k[32] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 };
unsigned char m[64] = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 };
unsigned char npub[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88 };
unsigned char ad[1400];
unsigned long long adlen = 0;
unsigned long long mlen = 64;
unsigned long long clen = 0;
unsigned char c[1400];
unsigned char nsec[CRYPTO_NSECBYTES];
//mbedtls_gcm_init( &ctx );
// 128 bits, not bytes!
//ret = mbedtls_gcm_setkey( &ctx, cipher, key, 128 );
// Context, flag (1/0), length, nonce, nonce_len, AD, AD_len, PT, output, tag_len, tag
//ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, 64, initial_value, 12, additional, 0, plaintext, buf, 16, tag_buf);
//mbedtls_gcm_free( &ctx );
int res;
res = crypto_aead_encrypt(c, &clen, m, mlen, ad, adlen, nsec, npub, k);
if (res == 0) {
printf("Local encryption test workerino!\n");
} else {
printf("Local test failed -.-\n");
}
}
int main(void) {
//mbedtls_gcm_self_test(1);
single_encryption();
return 0;
}
......@@ -38,6 +38,7 @@
#if defined(MBEDTLS_GCM_C)
#include "gcm.h"
#include "api.h"
#include "crypto_aead.h"
#include "platform_util.h"
......@@ -87,6 +88,8 @@
}
#endif
/*
* Initialize a context
*/
......@@ -109,14 +112,17 @@ int crypto_aead_encrypt(
)
{
mbedtls_gcm_context ctx;
unsigned char tag_buf[16];
int ret;
unsigned long long mask = 15;
unsigned long long mlenp = (mlen + mask) & (~mask);
unsigned char tag_buf[CRYPTO_ABYTES];
*clen = mlenp + CRYPTO_ABYTES;
mbedtls_gcm_init( &ctx );
ret = mbedtls_gcm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, k, 128);
ret = mbedtls_gcm_crypt_and_tag( &ctx, 1, mlen, npub, 12, ad, adlen, m, c, 16, tag_buf );
mbedtls_gcm_free( &ctx );
memcpy(c + mlenp, tag_buf, CRYPTO_ABYTES);
return ret;
}
......@@ -130,12 +136,16 @@ int crypto_aead_decrypt(
)
{
mbedtls_gcm_context ctx;
unsigned char tag_buf[16];
int ret;
unsigned char tag_buf[CRYPTO_ABYTES];
clen -= CRYPTO_ABYTES;
memcpy(tag_buf, c + clen, CRYPTO_ABYTES);
*mlen = clen;
mbedtls_gcm_init( &ctx );
ret = mbedtls_gcm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, k, 128);
ret = mbedtls_gcm_crypt_and_tag( &ctx, 0, mlen, npub, 12, ad, adlen, m, c, 16, tag_buf );
ret = mbedtls_gcm_auth_decrypt( &ctx, clen, npub, 12, ad, adlen, tag_buf, 16, c, m);
mbedtls_gcm_free( &ctx );
return ret;
......@@ -829,7 +839,7 @@ int mbedtls_gcm_self_test( int verbose )
{
mbedtls_gcm_context ctx;
unsigned char buf[64];
unsigned char tag_buf[16];
unsigned char tag_buf[CRYPTO_ABYTES];
int i, j, ret;
mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
......
//
// NIST-developed software is provided by NIST as a public service.
// You may use, copy and distribute copies of the software in any medium,
// provided that you keep intact this entire notice. You may improve,
// modify and create derivative works of the software or any portion of
// the software, and you may copy and distribute such modifications or
// works. Modified works should carry a notice stating that you changed
// the software and should note the date and nature of any such change.
// Please explicitly acknowledge the National Institute of Standards and
// Technology as the source of the software.
//
// NIST-developed software is expressly provided "AS IS." NIST MAKES NO
// WARRANTY OF ANY KIND, EXPRESS, IMPLIED, IN FACT OR ARISING BY OPERATION
// OF LAW, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY. NIST
// NEITHER REPRESENTS NOR WARRANTS THAT THE OPERATION OF THE SOFTWARE WILL BE
// UNINTERRUPTED OR ERROR-FREE, OR THAT ANY DEFECTS WILL BE CORRECTED. NIST
// DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF THE SOFTWARE
// OR THE RESULTS THEREOF, INCLUDING BUT NOT LIMITED TO THE CORRECTNESS, ACCURACY,
// RELIABILITY, OR USEFULNESS OF THE SOFTWARE.
//
// You are solely responsible for determining the appropriateness of using and
// distributing the software and you assume all risks associated with its use,
// including but not limited to the risks and costs of program errors, compliance
// with applicable laws, damage to or loss of data, programs or equipment, and
// the unavailability or interruption of operation. This software is not intended
// to be used in any situation where a failure could cause risk of injury or
// damage to property. The software developed by NIST employees is not subject to
// copyright protection within the United States.
//
// disable deprecation for sprintf and fopen
#ifdef _MSC_VER
#define _CRT_SECURE_NO_WARNINGS
#endif
#include <stdio.h>
#include <string.h>
#include "crypto_aead.h"
#include "api.h"
#define KAT_SUCCESS 0
#define KAT_FILE_OPEN_ERROR -1
#define KAT_DATA_ERROR -3
#define KAT_CRYPTO_FAILURE -4
#define MAX_FILE_NAME 256
#define MAX_MESSAGE_LENGTH 32
#define MAX_ASSOCIATED_DATA_LENGTH 32
void init_buffer(unsigned char *buffer, unsigned long long numbytes);
void fprint_bstr(FILE *fp, const char *label, const unsigned char *data, unsigned long long length);
int generate_test_vectors();
int main()
{
int ret = generate_test_vectors();
if (ret != KAT_SUCCESS) {
fprintf(stderr, "test vector generation failed with code %d\n", ret);
}
return ret;
}
int generate_test_vectors()
{
FILE *fp;
char fileName[MAX_FILE_NAME];
unsigned char key[CRYPTO_KEYBYTES];
unsigned char nonce[CRYPTO_NPUBBYTES];
unsigned char msg[MAX_MESSAGE_LENGTH];
unsigned char ct[MAX_MESSAGE_LENGTH + CRYPTO_ABYTES];
unsigned char msg2[MAX_MESSAGE_LENGTH];
unsigned char ad[MAX_ASSOCIATED_DATA_LENGTH];
unsigned long long clen, mlen2;
int count = 1;
int func_ret, ret_val = KAT_SUCCESS;
init_buffer(key, sizeof(key));
init_buffer(nonce, sizeof(nonce));
init_buffer(msg, sizeof(msg));
init_buffer(ad, sizeof(ad));
sprintf(fileName, "LWC_AEAD_KAT_%d_%d.txt", (CRYPTO_KEYBYTES * 8), (CRYPTO_NPUBBYTES * 8));
if ((fp = fopen(fileName, "w")) == NULL) {
fprintf(stderr, "Couldn't open <%s> for write\n", fileName);
return KAT_FILE_OPEN_ERROR;
}
for (unsigned long long mlen = 0; (mlen <= MAX_MESSAGE_LENGTH) && (ret_val == KAT_SUCCESS); mlen++) {
for (unsigned long long adlen = 0; adlen <= MAX_ASSOCIATED_DATA_LENGTH; adlen++) {
fprintf(fp, "Count = %d\n", count++);
fprint_bstr(fp, "Key = ", key, CRYPTO_KEYBYTES);
fprint_bstr(fp, "Nonce = ", nonce, CRYPTO_NPUBBYTES);
fprint_bstr(fp, "PT = ", msg, mlen);
fprint_bstr(fp, "AD = ", ad, adlen);
if ((func_ret = crypto_aead_encrypt(ct, &clen, msg, mlen, ad, adlen, NULL, nonce, key)) != 0) {
fprintf(fp, "crypto_aead_encrypt returned <%d>\n", func_ret);
ret_val = KAT_CRYPTO_FAILURE;
break;
}
fprint_bstr(fp, "CT = ", ct, clen);
fprintf(fp, "\n");
if ((func_ret = crypto_aead_decrypt(msg2, &mlen2, NULL, ct, clen, ad, adlen, nonce, key)) != 0) {
fprintf(fp, "crypto_aead_decrypt returned <%d>\n", func_ret);
ret_val = KAT_CRYPTO_FAILURE;
fprint_bstr(fp, "PT = ", msg2, mlen2);
break;
}
if (mlen != mlen2) {
fprintf(fp, "crypto_aead_decrypt returned bad 'mlen': Got <%llu>, expected <%llu>\n", mlen2, mlen);
ret_val = KAT_CRYPTO_FAILURE;
break;
}
if (memcmp(msg, msg2, mlen)) {
fprintf(fp, "crypto_aead_decrypt did not recover the plaintext\n");
ret_val = KAT_CRYPTO_FAILURE;
break;
}
}
}
fclose(fp);
return ret_val;
}
void fprint_bstr(FILE *fp, const char *label, const unsigned char *data, unsigned long long length)
{
fprintf(fp, "%s", label);
for (unsigned long long i = 0; i < length; i++)
fprintf(fp, "%02X", data[i]);
fprintf(fp, "\n");
}
void init_buffer(unsigned char *buffer, unsigned long long numbytes)
{
for (unsigned long long i = 0; i < numbytes; i++)
buffer[i] = (unsigned char)i;
}
#include "gcm.h"
#include "platform_util.h"
#include "api.h"
#include <stdio.h>
#include "crypto_aead.h"
static void single_encryption(void) {
// 32 bytes.. that's 256 bits
const unsigned char k[32] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 };
unsigned char c[64] = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85};
unsigned char npub[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88 };
unsigned char ad[1400];
unsigned long long adlen = 0;
unsigned long long mlen = 0;
unsigned long long clen = 64;
unsigned char m[1400];
unsigned char nsec[CRYPTO_NSECBYTES];
//mbedtls_gcm_init( &ctx );
// 128 bits, not bytes!
//ret = mbedtls_gcm_setkey( &ctx, cipher, key, 128 );
// Context, flag (1/0), length, nonce, nonce_len, AD, AD_len, PT, output, tag_len, tag
//ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, 64, initial_value, 12, additional, 0, plaintext, buf, 16, tag_buf);
//mbedtls_gcm_free( &ctx );
int res;
res = crypto_aead_decrypt(m, mlen, nsec, c, clen, ad, adlen, npub, k);
if (res == 0) {
printf("Local decryption test workerino!\n");
} else {
printf("Local test failed -.-\n");
}
}
int main(void) {
//mbedtls_gcm_self_test(1);
single_encryption();
return 0;
}
#include "gcm.h"
#include "platform_util.h"
#include "api.h"
#include <stdio.h>
#include "crypto_aead.h"
static void single_encryption(void) {
// 32 bytes.. that's 256 bits
const unsigned char k[32] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 };
unsigned char c[64] = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85};
unsigned char npub[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88 };
unsigned char ad[1400];
unsigned long long adlen = 0;
unsigned long long mlen = 0;
unsigned long long clen = 64;
unsigned char m[1400];
unsigned char nsec[CRYPTO_NSECBYTES];
//mbedtls_gcm_init( &ctx );
// 128 bits, not bytes!
//ret = mbedtls_gcm_setkey( &ctx, cipher, key, 128 );
// Context, flag (1/0), length, nonce, nonce_len, AD, AD_len, PT, output, tag_len, tag
//ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, 64, initial_value, 12, additional, 0, plaintext, buf, 16, tag_buf);
//mbedtls_gcm_free( &ctx );
int res;
res = crypto_aead_decrypt(m, mlen, nsec, c, clen, ad, adlen, npub, k);
if (res == 0) {
printf("Local decryption test workerino!\n");
} else {
printf("Local test failed -.-\n");
}
}
int main(void) {
//mbedtls_gcm_self_test(1);
single_encryption();
return 0;
}
This source diff could not be displayed because it is too large. You can view the blob instead.
#include "gcm.h"
int main() {
mbedtls_gcm_self_test(1);
return 0;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment