5f77801ac3
XTS mode is fully known as "xor-encrypt-xor with ciphertext-stealing". This is the generalization of the XEX mode. This implementation is limited to an 8-bits (1 byte) boundary, which doesn't seem to be what was thought considering some test vectors [1]. This commit comes with tests, extracted from [1], and benchmarks. Although, benchmarks aren't really nice here, as they work with a buffer of a multiple of 16 bytes, which isn't a challenge for XTS compared to XEX. [1] http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip
502 lines
16 KiB
Text
502 lines
16 KiB
Text
/* BEGIN_HEADER */
|
|
#include "mbedtls/aes.h"
|
|
/* END_HEADER */
|
|
|
|
/* BEGIN_DEPENDENCIES
|
|
* depends_on:MBEDTLS_AES_C
|
|
* END_DEPENDENCIES
|
|
*/
|
|
|
|
/* BEGIN_CASE */
|
|
void aes_encrypt_ecb( char *hex_key_string, char *hex_src_string,
|
|
char *hex_dst_string, int setkey_result )
|
|
{
|
|
unsigned char key_str[100];
|
|
unsigned char src_str[100];
|
|
unsigned char dst_str[100];
|
|
unsigned char output[100];
|
|
mbedtls_aes_context ctx;
|
|
int key_len;
|
|
|
|
memset(key_str, 0x00, 100);
|
|
memset(src_str, 0x00, 100);
|
|
memset(dst_str, 0x00, 100);
|
|
memset(output, 0x00, 100);
|
|
mbedtls_aes_init( &ctx );
|
|
|
|
key_len = unhexify( key_str, hex_key_string );
|
|
unhexify( src_str, hex_src_string );
|
|
|
|
TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 ) == setkey_result );
|
|
if( setkey_result == 0 )
|
|
{
|
|
TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str, output ) == 0 );
|
|
hexify( dst_str, output, 16 );
|
|
|
|
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_aes_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void aes_decrypt_ecb( char *hex_key_string, char *hex_src_string,
|
|
char *hex_dst_string, int setkey_result )
|
|
{
|
|
unsigned char key_str[100];
|
|
unsigned char src_str[100];
|
|
unsigned char dst_str[100];
|
|
unsigned char output[100];
|
|
mbedtls_aes_context ctx;
|
|
int key_len;
|
|
|
|
memset(key_str, 0x00, 100);
|
|
memset(src_str, 0x00, 100);
|
|
memset(dst_str, 0x00, 100);
|
|
memset(output, 0x00, 100);
|
|
mbedtls_aes_init( &ctx );
|
|
|
|
key_len = unhexify( key_str, hex_key_string );
|
|
unhexify( src_str, hex_src_string );
|
|
|
|
TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str, key_len * 8 ) == setkey_result );
|
|
if( setkey_result == 0 )
|
|
{
|
|
TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str, output ) == 0 );
|
|
hexify( dst_str, output, 16 );
|
|
|
|
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_aes_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
|
|
void aes_encrypt_cbc( char *hex_key_string, char *hex_iv_string,
|
|
char *hex_src_string, char *hex_dst_string,
|
|
int cbc_result )
|
|
{
|
|
unsigned char key_str[100];
|
|
unsigned char iv_str[100];
|
|
unsigned char src_str[100];
|
|
unsigned char dst_str[100];
|
|
unsigned char output[100];
|
|
mbedtls_aes_context ctx;
|
|
int key_len, data_len;
|
|
|
|
memset(key_str, 0x00, 100);
|
|
memset(iv_str, 0x00, 100);
|
|
memset(src_str, 0x00, 100);
|
|
memset(dst_str, 0x00, 100);
|
|
memset(output, 0x00, 100);
|
|
mbedtls_aes_init( &ctx );
|
|
|
|
key_len = unhexify( key_str, hex_key_string );
|
|
unhexify( iv_str, hex_iv_string );
|
|
data_len = unhexify( src_str, hex_src_string );
|
|
|
|
mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
|
|
TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_ENCRYPT, data_len, iv_str, src_str, output ) == cbc_result );
|
|
if( cbc_result == 0 )
|
|
{
|
|
hexify( dst_str, output, data_len );
|
|
|
|
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_aes_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
|
|
void aes_decrypt_cbc( char *hex_key_string, char *hex_iv_string,
|
|
char *hex_src_string, char *hex_dst_string,
|
|
int cbc_result )
|
|
{
|
|
unsigned char key_str[100];
|
|
unsigned char iv_str[100];
|
|
unsigned char src_str[100];
|
|
unsigned char dst_str[100];
|
|
unsigned char output[100];
|
|
mbedtls_aes_context ctx;
|
|
int key_len, data_len;
|
|
|
|
memset(key_str, 0x00, 100);
|
|
memset(iv_str, 0x00, 100);
|
|
memset(src_str, 0x00, 100);
|
|
memset(dst_str, 0x00, 100);
|
|
memset(output, 0x00, 100);
|
|
mbedtls_aes_init( &ctx );
|
|
|
|
key_len = unhexify( key_str, hex_key_string );
|
|
unhexify( iv_str, hex_iv_string );
|
|
data_len = unhexify( src_str, hex_src_string );
|
|
|
|
mbedtls_aes_setkey_dec( &ctx, key_str, key_len * 8 );
|
|
TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_DECRYPT, data_len, iv_str, src_str, output ) == cbc_result );
|
|
if( cbc_result == 0)
|
|
{
|
|
hexify( dst_str, output, data_len );
|
|
|
|
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_aes_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_XEX */
|
|
void aes_encrypt_xex( char *hex_key_string, char *hex_iv_string,
|
|
char *hex_src_string, char *hex_dst_string,
|
|
int xex_result )
|
|
{
|
|
unsigned char key_str[100] = { 0, };
|
|
unsigned char iv_str[100] = { 0, };
|
|
unsigned char src_str[100] = { 0, };
|
|
unsigned char dst_str[100] = { 0, };
|
|
unsigned char output[100] = { 0, };
|
|
mbedtls_aes_context crypt_ctx, tweak_ctx;
|
|
int key_len, data_len;
|
|
|
|
mbedtls_aes_init( &crypt_ctx );
|
|
mbedtls_aes_init( &tweak_ctx );
|
|
|
|
key_len = unhexify( key_str, hex_key_string );
|
|
unhexify( iv_str, hex_iv_string );
|
|
data_len = unhexify( src_str, hex_src_string );
|
|
|
|
mbedtls_aes_setkey_enc( &crypt_ctx, key_str, ( key_len * 8 ) / 2 );
|
|
mbedtls_aes_setkey_enc( &tweak_ctx, key_str + key_len / 2, ( key_len * 8 ) / 2 );
|
|
|
|
TEST_ASSERT( mbedtls_aes_crypt_xex( &crypt_ctx, &tweak_ctx, MBEDTLS_AES_ENCRYPT, data_len, iv_str, src_str, output ) == xex_result );
|
|
if( xex_result == 0 )
|
|
{
|
|
hexify( dst_str, output, data_len );
|
|
|
|
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_aes_free( &crypt_ctx );
|
|
mbedtls_aes_free( &tweak_ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_XEX */
|
|
void aes_decrypt_xex( char *hex_key_string, char *hex_iv_string,
|
|
char *hex_src_string, char *hex_dst_string,
|
|
int xex_result )
|
|
{
|
|
unsigned char key_str[100] = { 0, };
|
|
unsigned char iv_str[100] = { 0, };
|
|
unsigned char src_str[100] = { 0, };
|
|
unsigned char dst_str[100] = { 0, };
|
|
unsigned char output[100] = { 0, };
|
|
mbedtls_aes_context crypt_ctx, tweak_ctx;
|
|
int key_len, data_len;
|
|
|
|
mbedtls_aes_init( &crypt_ctx );
|
|
mbedtls_aes_init( &tweak_ctx );
|
|
|
|
key_len = unhexify( key_str, hex_key_string );
|
|
unhexify( iv_str, hex_iv_string );
|
|
data_len = unhexify( src_str, hex_src_string );
|
|
|
|
mbedtls_aes_setkey_dec( &crypt_ctx, key_str, ( key_len * 8 ) / 2 );
|
|
mbedtls_aes_setkey_enc( &tweak_ctx, key_str + key_len / 2, ( key_len * 8 ) / 2 );
|
|
|
|
TEST_ASSERT( mbedtls_aes_crypt_xex( &crypt_ctx, &tweak_ctx, MBEDTLS_AES_DECRYPT, data_len, iv_str, src_str, output ) == xex_result );
|
|
if( xex_result == 0 )
|
|
{
|
|
hexify( dst_str, output, data_len );
|
|
|
|
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_aes_free( &crypt_ctx );
|
|
mbedtls_aes_free( &tweak_ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_XTS */
|
|
void aes_encrypt_xts( char *hex_key_string, char *hex_iv_string,
|
|
char *hex_src_string, char *hex_dst_string,
|
|
int data_unit_len, int xts_result )
|
|
{
|
|
unsigned char key_str[100] = { 0, };
|
|
unsigned char iv_str[100] = { 0, };
|
|
unsigned char src_str[100] = { 0, };
|
|
unsigned char dst_str[100] = { 0, };
|
|
unsigned char output[100] = { 0, };
|
|
mbedtls_aes_context crypt_ctx, tweak_ctx;
|
|
int key_len, data_len;
|
|
|
|
mbedtls_aes_init( &crypt_ctx );
|
|
mbedtls_aes_init( &tweak_ctx );
|
|
|
|
key_len = unhexify( key_str, hex_key_string );
|
|
unhexify( iv_str, hex_iv_string );
|
|
data_len = unhexify( src_str, hex_src_string );
|
|
|
|
mbedtls_aes_setkey_enc( &crypt_ctx, key_str, ( key_len * 8 ) / 2 );
|
|
mbedtls_aes_setkey_enc( &tweak_ctx, key_str + key_len / 2, ( key_len * 8 ) / 2 );
|
|
|
|
TEST_ASSERT( mbedtls_aes_crypt_xts( &crypt_ctx, &tweak_ctx, MBEDTLS_AES_ENCRYPT, data_unit_len, iv_str, src_str, output ) == xts_result );
|
|
if( xts_result == 0 )
|
|
{
|
|
hexify( dst_str, output, data_len );
|
|
|
|
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_aes_free( &crypt_ctx );
|
|
mbedtls_aes_free( &tweak_ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_XTS */
|
|
void aes_decrypt_xts( char *hex_key_string, char *hex_iv_string,
|
|
char *hex_src_string, char *hex_dst_string,
|
|
int data_unit_len, int xts_result )
|
|
{
|
|
unsigned char key_str[100] = { 0, };
|
|
unsigned char iv_str[100] = { 0, };
|
|
unsigned char src_str[100] = { 0, };
|
|
unsigned char dst_str[100] = { 0, };
|
|
unsigned char output[100] = { 0, };
|
|
mbedtls_aes_context crypt_ctx, tweak_ctx;
|
|
int key_len, data_len;
|
|
|
|
mbedtls_aes_init( &crypt_ctx );
|
|
mbedtls_aes_init( &tweak_ctx );
|
|
|
|
key_len = unhexify( key_str, hex_key_string );
|
|
unhexify( iv_str, hex_iv_string );
|
|
data_len = unhexify( src_str, hex_src_string );
|
|
|
|
mbedtls_aes_setkey_dec( &crypt_ctx, key_str, ( key_len * 8 ) / 2 );
|
|
mbedtls_aes_setkey_enc( &tweak_ctx, key_str + key_len / 2, ( key_len * 8 ) / 2 );
|
|
|
|
TEST_ASSERT( mbedtls_aes_crypt_xts( &crypt_ctx, &tweak_ctx, MBEDTLS_AES_DECRYPT, data_unit_len, iv_str, src_str, output ) == xts_result );
|
|
if( xts_result == 0 )
|
|
{
|
|
hexify( dst_str, output, data_len );
|
|
|
|
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_aes_free( &crypt_ctx );
|
|
mbedtls_aes_free( &tweak_ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
|
|
void aes_encrypt_cfb128( char *hex_key_string, char *hex_iv_string,
|
|
char *hex_src_string, char *hex_dst_string )
|
|
{
|
|
unsigned char key_str[100];
|
|
unsigned char iv_str[100];
|
|
unsigned char src_str[100];
|
|
unsigned char dst_str[100];
|
|
unsigned char output[100];
|
|
mbedtls_aes_context ctx;
|
|
size_t iv_offset = 0;
|
|
int key_len;
|
|
|
|
memset(key_str, 0x00, 100);
|
|
memset(iv_str, 0x00, 100);
|
|
memset(src_str, 0x00, 100);
|
|
memset(dst_str, 0x00, 100);
|
|
memset(output, 0x00, 100);
|
|
mbedtls_aes_init( &ctx );
|
|
|
|
key_len = unhexify( key_str, hex_key_string );
|
|
unhexify( iv_str, hex_iv_string );
|
|
unhexify( src_str, hex_src_string );
|
|
|
|
mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
|
|
TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str, src_str, output ) == 0 );
|
|
hexify( dst_str, output, 16 );
|
|
|
|
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_aes_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
|
|
void aes_decrypt_cfb128( char *hex_key_string, char *hex_iv_string,
|
|
char *hex_src_string, char *hex_dst_string )
|
|
{
|
|
unsigned char key_str[100];
|
|
unsigned char iv_str[100];
|
|
unsigned char src_str[100];
|
|
unsigned char dst_str[100];
|
|
unsigned char output[100];
|
|
mbedtls_aes_context ctx;
|
|
size_t iv_offset = 0;
|
|
int key_len;
|
|
|
|
memset(key_str, 0x00, 100);
|
|
memset(iv_str, 0x00, 100);
|
|
memset(src_str, 0x00, 100);
|
|
memset(dst_str, 0x00, 100);
|
|
memset(output, 0x00, 100);
|
|
mbedtls_aes_init( &ctx );
|
|
|
|
key_len = unhexify( key_str, hex_key_string );
|
|
unhexify( iv_str, hex_iv_string );
|
|
unhexify( src_str, hex_src_string );
|
|
|
|
mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
|
|
TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str, src_str, output ) == 0 );
|
|
hexify( dst_str, output, 16 );
|
|
|
|
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_aes_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
|
|
void aes_encrypt_cfb8( char *hex_key_string, char *hex_iv_string,
|
|
char *hex_src_string, char *hex_dst_string )
|
|
{
|
|
unsigned char key_str[100];
|
|
unsigned char iv_str[100];
|
|
unsigned char src_str[100];
|
|
unsigned char dst_str[100];
|
|
unsigned char output[100];
|
|
mbedtls_aes_context ctx;
|
|
int key_len, src_len;
|
|
|
|
memset(key_str, 0x00, 100);
|
|
memset(iv_str, 0x00, 100);
|
|
memset(src_str, 0x00, 100);
|
|
memset(dst_str, 0x00, 100);
|
|
memset(output, 0x00, 100);
|
|
mbedtls_aes_init( &ctx );
|
|
|
|
key_len = unhexify( key_str, hex_key_string );
|
|
unhexify( iv_str, hex_iv_string );
|
|
src_len = unhexify( src_str, hex_src_string );
|
|
|
|
mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
|
|
TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_len, iv_str, src_str, output ) == 0 );
|
|
hexify( dst_str, output, src_len );
|
|
|
|
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_aes_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
|
|
void aes_decrypt_cfb8( char *hex_key_string, char *hex_iv_string,
|
|
char *hex_src_string, char *hex_dst_string )
|
|
{
|
|
unsigned char key_str[100];
|
|
unsigned char iv_str[100];
|
|
unsigned char src_str[100];
|
|
unsigned char dst_str[100];
|
|
unsigned char output[100];
|
|
mbedtls_aes_context ctx;
|
|
int key_len, src_len;
|
|
|
|
memset(key_str, 0x00, 100);
|
|
memset(iv_str, 0x00, 100);
|
|
memset(src_str, 0x00, 100);
|
|
memset(dst_str, 0x00, 100);
|
|
memset(output, 0x00, 100);
|
|
mbedtls_aes_init( &ctx );
|
|
|
|
key_len = unhexify( key_str, hex_key_string );
|
|
unhexify( iv_str, hex_iv_string );
|
|
src_len = unhexify( src_str, hex_src_string );
|
|
|
|
mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
|
|
TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_len, iv_str, src_str, output ) == 0 );
|
|
hexify( dst_str, output, src_len );
|
|
|
|
TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_aes_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_OFB */
|
|
void aes_encrypt_ofb( int fragment_size, char *hex_key_string,
|
|
char *hex_iv_string, char *hex_src_string,
|
|
char *hex_dst_string )
|
|
{
|
|
unsigned char key_str[32];
|
|
unsigned char iv_str[16];
|
|
unsigned char src_str[64];
|
|
unsigned char dst_str[64];
|
|
unsigned char output[32];
|
|
mbedtls_aes_context ctx;
|
|
size_t iv_offset = 0;
|
|
int in_buffer_len;
|
|
unsigned char* src_str_next;
|
|
int key_len;
|
|
|
|
memset( key_str, 0x00, sizeof( key_str ) );
|
|
memset( iv_str, 0x00, sizeof( iv_str ) );
|
|
memset( src_str, 0x00, sizeof( src_str ) );
|
|
memset( dst_str, 0x00, sizeof( dst_str ) );
|
|
memset( output, 0x00, sizeof( output ) );
|
|
mbedtls_aes_init( &ctx );
|
|
|
|
TEST_ASSERT( strlen( hex_key_string ) <= ( 32 * 2 ) );
|
|
TEST_ASSERT( strlen( hex_iv_string ) <= ( 16 * 2 ) );
|
|
TEST_ASSERT( strlen( hex_src_string ) <= ( 64 * 2 ) );
|
|
TEST_ASSERT( strlen( hex_dst_string ) <= ( 64 * 2 ) );
|
|
|
|
key_len = unhexify( key_str, hex_key_string );
|
|
unhexify( iv_str, hex_iv_string );
|
|
in_buffer_len = unhexify( src_str, hex_src_string );
|
|
|
|
TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 ) == 0 );
|
|
src_str_next = src_str;
|
|
|
|
while( in_buffer_len > 0 )
|
|
{
|
|
TEST_ASSERT( mbedtls_aes_crypt_ofb( &ctx, fragment_size, &iv_offset,
|
|
iv_str, src_str_next, output ) == 0 );
|
|
|
|
hexify( dst_str, output, fragment_size );
|
|
TEST_ASSERT( strncmp( (char *) dst_str, hex_dst_string,
|
|
( 2 * fragment_size ) ) == 0 );
|
|
|
|
in_buffer_len -= fragment_size;
|
|
hex_dst_string += ( fragment_size * 2 );
|
|
src_str_next += fragment_size;
|
|
|
|
if( in_buffer_len < fragment_size )
|
|
fragment_size = in_buffer_len;
|
|
}
|
|
|
|
exit:
|
|
mbedtls_aes_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
|
|
void aes_selftest()
|
|
{
|
|
TEST_ASSERT( mbedtls_aes_self_test( 1 ) == 0 );
|
|
}
|
|
/* END_CASE */
|