Merge pull request #5617 from gilles-peskine-arm/chacha20-rfc7539-test-vector
PSA: ChaCha20: add RFC 7539 test vector with counter=1
This commit is contained in:
Manuel Pégourié-Gonnard
GitHub
commit
4014a0408e
3 changed files with 30 additions and 2 deletions
|
|
@ -844,6 +844,12 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
|
|||
* \note Some ciphers do not use IVs nor nonce. For these
|
||||
* ciphers, this function has no effect.
|
||||
*
|
||||
* \note For #MBEDTLS_CIPHER_CHACHA20, the nonce length must
|
||||
* be 12, and the initial counter value is 0.
|
||||
*
|
||||
* \note For #MBEDTLS_CIPHER_CHACHA20_POLY1305, the nonce length
|
||||
* must be 12.
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* bound to a cipher information structure.
|
||||
* \param iv The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This
|
||||
|
|
|
|||
|
|
@ -489,8 +489,12 @@
|
|||
*
|
||||
* ChaCha20 and the ChaCha20_Poly1305 construction are defined in RFC 7539.
|
||||
*
|
||||
* Implementations must support 12-byte nonces, may support 8-byte nonces,
|
||||
* and should reject other sizes.
|
||||
* \note For ChaCha20 and ChaCha20_Poly1305, Mbed TLS only supports
|
||||
* 12-byte nonces.
|
||||
*
|
||||
* \note For ChaCha20, the initial counter value is 0. To encrypt or decrypt
|
||||
* with the initial counter value 1, you can process and discard a
|
||||
* 64-byte block before the real data.
|
||||
*/
|
||||
#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x2004)
|
||||
|
||||
|
|
|
|||
|
|
@ -2315,6 +2315,18 @@ PSA symmetric decrypt: CCM*-no-tag, NIST DVPT AES-128 #15
|
|||
depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES
|
||||
cipher_decrypt:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
|
||||
|
||||
PSA symmetric decrypt: ChaCha20, RFC7539 keystream
|
||||
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
|
||||
# Keystream from RFC 7539 §2.4.2, with an extra 64-byte output block prepended
|
||||
# because the test vector starts at counter=1 but our API starts at counter=0.
|
||||
cipher_decrypt:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"000000000000004a00000000":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"af051e40bba0354981329a806a140eafd258a22a6dcb4bb9f6569cb3efe2deaf837bd87ca20b5ba12081a306af0eb35c41a239d20dfc74c81771560d9c9c1e4b224f51f3401bd9e12fde276fb8631ded8c131f823d2c06e27e4fcaec9ef3cf788a3b0aa372600a92b57974cded2b9334794cba40c63e34cdea212c4cf07d41b769a6749f3f630f4122cafe28ec4dc47e26d4346d70b98c73f3e9c53ac40c5945398b6eda1a832c89c167eacd901d7e2bf363"
|
||||
|
||||
PSA symmetric decrypt: ChaCha20, RFC7539 sunscreen
|
||||
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
|
||||
# Test vector from RFC 7539 §2.4.2, with an extra 64-byte block prepended
|
||||
# because the test vector starts at counter=1 but our API starts at counter=0.
|
||||
cipher_decrypt:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"000000000000004a00000000":"fb6d7b60e9e67669b607a9b94a606bdca678d44f0ebf24cbd623efd69cc2bdc0f615ac19d0366a8d00e3d6728f5ee01d61d74ab77edc17a7621f2268eea12e656e2e359a2568f98041ba0728dd0d6981e97e7aec1d4360c20a27afccfd9fae0bf91b65c5524733ab8f593dabcd62b3571639d624e65152ab8f530c359f0861d807ca0dbf500d6a6156a38e088a22b65e52bc514d16ccf806818ce91ab77937365af90bbf74a35be6b40b8eedf2785e42874d":"546865205246432037353339207465737420766563746f72207573657320636f756e7465723d312c2062757420505341207573657320636f756e7465723d302e4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e"
|
||||
|
||||
PSA symmetric decrypt multipart: AES-ECB, 0 bytes, good
|
||||
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
|
||||
cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":0:0:0:"":PSA_SUCCESS
|
||||
|
|
@ -2611,6 +2623,12 @@ PSA symmetric encryption multipart: ChaCha20, 14+50 bytes
|
|||
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
|
||||
cipher_encrypt_multipart:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":14:14:50:"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4":PSA_SUCCESS
|
||||
|
||||
PSA symmetric encryption multipart: ChaCha20, RFC7539 sunscreen
|
||||
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
|
||||
# Test vector from RFC 7539 §2.4.2, with an extra 64-byte block prepended
|
||||
# because the test vector starts at counter=1 but our API starts at counter=0.
|
||||
cipher_encrypt_multipart:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"000000000000004a00000000":"546865205246432037353339207465737420766563746f72207573657320636f756e7465723d312c2062757420505341207573657320636f756e7465723d302e4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":64:64:114:"fb6d7b60e9e67669b607a9b94a606bdca678d44f0ebf24cbd623efd69cc2bdc0f615ac19d0366a8d00e3d6728f5ee01d61d74ab77edc17a7621f2268eea12e656e2e359a2568f98041ba0728dd0d6981e97e7aec1d4360c20a27afccfd9fae0bf91b65c5524733ab8f593dabcd62b3571639d624e65152ab8f530c359f0861d807ca0dbf500d6a6156a38e088a22b65e52bc514d16ccf806818ce91ab77937365af90bbf74a35be6b40b8eedf2785e42874d":PSA_SUCCESS
|
||||
|
||||
PSA symmetric decrypt multipart: ChaCha20, K=rand N=rand
|
||||
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
|
||||
cipher_decrypt_multipart:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":64:64:0:"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4":PSA_SUCCESS
|
||||
|
|
|
|||
Loading…
Reference in a new issue