testsuite/cbc-test.c

   1 #include "testutils.h"
   2 #include "aes.h"
   3 #include "cbc.h"
   4 #include "knuth-lfib.h"
   5
   6 /* Test with more data and inplace decryption, to check that the
   7  * cbc_decrypt buffering works. */
   8 #define CBC_BULK_DATA 0x2710 /* 10000 */
   9
  10 static void
  11 test_cbc_bulk(void)
  12 {
  13   struct knuth_lfib_ctx random;
  14
  15   uint8_t clear[CBC_BULK_DATA];
  16
  17   uint8_t cipher[CBC_BULK_DATA + 1];
  18
  19   const uint8_t *key = H("966c7bf00bebe6dc 8abd37912384958a"
  20                          "743008105a08657d dcaad4128eee38b3");
  21
  22   const uint8_t *start_iv = H("11adbff119749103 207619cfa0e8d13a");
  23   const uint8_t *end_iv = H("c7a42a569b421224 d0c23e52f46f97f5");
  24
  25   struct CBC_CTX(struct aes_ctx, AES_BLOCK_SIZE) aes;
  26
  27   knuth_lfib_init(&random, CBC_BULK_DATA);
  28   knuth_lfib_random(&random, CBC_BULK_DATA, clear);
  29
  30   /* Byte that should not be overwritten */
  31   cipher[CBC_BULK_DATA] = 17;
  32
  33   aes_set_encrypt_key(&aes.ctx, 32, key);
  34   CBC_SET_IV(&aes, start_iv);
  35
  36   CBC_ENCRYPT(&aes, aes_encrypt, CBC_BULK_DATA, cipher, clear);
  37
  38   ASSERT(cipher[CBC_BULK_DATA] == 17);
  39
  40   if (verbose)
  41     {
  42       printf("IV after bulk encryption: ");
  43       print_hex(AES_BLOCK_SIZE, aes.iv);
  44       printf("\n");
  45     }
  46
  47   ASSERT(MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv));
  48
  49   /* Decrypt, in place */
  50   aes_set_decrypt_key(&aes.ctx, 32, key);
  51   CBC_SET_IV(&aes, start_iv);
  52   CBC_DECRYPT(&aes, aes_decrypt, CBC_BULK_DATA, cipher, cipher);
  53
  54   ASSERT(cipher[CBC_BULK_DATA] == 17);
  55
  56   if (verbose)
  57     {
  58       printf("IV after bulk decryption: ");
  59       print_hex(AES_BLOCK_SIZE, aes.iv);
  60       printf("\n");
  61     }
  62
  63   ASSERT (MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv));
  64   ASSERT (MEMEQ(CBC_BULK_DATA, clear, cipher));
  65 }
  66
  67 void
  68 test_main(void)
  69 {
  70   /* Intermediate values:
  71    *   iv XOR first message block:
  72    *       "a5 ce 55 d4 21 15 a1 c6 4a a4 0c b2 ca a6 d1 37"
  73    *   First ciphertext block, c1:
  74    *       "1f 94 fc 85 f2 36 21 06 4a ea e3 c9 cc 38 01 0e"
  75    *   c1 XOR second message block:
  76    *       "3f e0 94 ec 81 16 4e 68 26 93 c3 a6 a2 5b 64 2f"
  77    *   Second ciphertext block, c1:
  78    *       "7b f6 5f c5 02 59 2e 71 af bf 34 87 c0 36 2a 16"
  79    */
  80
  81   test_cipher_cbc(&nettle_aes256,
  82                   SHEX("8d ae 93 ff fc 78 c9 44"
  83                        "2a bd 0c 1e 68 bc a6 c7"
  84                        "05 c7 84 e3 5a a9 11 8b"
  85                        "d3 16 aa 54 9b 44 08 9e"),
  86                   SDATA("Listen, I'll say this only once!"),
  87                   SHEX("1f 94 fc 85 f2 36 21 06"
  88                        "4a ea e3 c9 cc 38 01 0e"
  89                        "7b f6 5f c5 02 59 2e 71"
  90                        "af bf 34 87 c0 36 2a 16"),
  91                   SHEX("e9 a7 26 a0 44 7b 8d e6  03 83 60 de ea d5 b0 4e"));
  92
  93   /* From NIST spec 800-38a on AES modes.
  94    *
  95    * F.2  CBC Example Vectors
  96    * F.2.1 CBC-AES128.Encrypt
  97    */
  98
  99   /* Intermediate values, blocks input to AES:
 100    *
 101    *   6bc0bce12a459991e134741a7f9e1925
 102    *   d86421fb9f1a1eda505ee1375746972c
 103    *   604ed7ddf32efdff7020d0238b7c2a5d
 104    *   8521f2fd3c8eef2cdc3da7e5c44ea206
 105    */
 106   test_cipher_cbc(&nettle_aes128,
 107                   SHEX("2b7e151628aed2a6abf7158809cf4f3c"),
 108                   SHEX("6bc1bee22e409f96e93d7e117393172a"
 109                        "ae2d8a571e03ac9c9eb76fac45af8e51"
 110                        "30c81c46a35ce411e5fbc1191a0a52ef"
 111                        "f69f2445df4f9b17ad2b417be66c3710"),
 112                   SHEX("7649abac8119b246cee98e9b12e9197d"
 113                        "5086cb9b507219ee95db113a917678b2"
 114                        "73bed6b8e3c1743b7116e69e22229516"
 115                        "3ff1caa1681fac09120eca307586e1a7"),
 116                   SHEX("000102030405060708090a0b0c0d0e0f"));
 117
 118   /* F.2.3 CBC-AES192.Encrypt */
 119
 120   /* Intermediate values, blcoks input to AES:
 121    *
 122    *   6bc0bce12a459991e134741a7f9e1925
 123    *   e12f97e55dbfcfa1efcf7796da0fffb9
 124    *   8411b1ef0e2109e5001cf96f256346b5
 125    *   a1840065cdb4e1f7d282fbd7db9d35f0
 126    */
 127
 128   test_cipher_cbc(&nettle_aes192,
 129                   SHEX("8e73b0f7da0e6452c810f32b809079e5"
 130                        "62f8ead2522c6b7b"),
 131                   SHEX("6bc1bee22e409f96e93d7e117393172a"
 132                        "ae2d8a571e03ac9c9eb76fac45af8e51"
 133                        "30c81c46a35ce411e5fbc1191a0a52ef"
 134                        "f69f2445df4f9b17ad2b417be66c3710"),
 135                   SHEX("4f021db243bc633d7178183a9fa071e8"
 136                        "b4d9ada9ad7dedf4e5e738763f69145a"
 137                        "571b242012fb7ae07fa9baac3df102e0"
 138                        "08b0e27988598881d920a9e64f5615cd"),
 139                   SHEX("000102030405060708090a0b0c0d0e0f"));
 140
 141   /* F.2.5 CBC-AES256.Encrypt */
 142
 143   /* Intermediate values, blcoks input to AES:
 144    *
 145    *   6bc0bce12a459991e134741a7f9e1925
 146    *   5ba1c653c8e65d26e929c4571ad47587
 147    *   ac3452d0dd87649c8264b662dc7a7e92
 148    *   cf6d172c769621d8081ba318e24f2371
 149    */
 150
 151   test_cipher_cbc(&nettle_aes256,
 152                   SHEX("603deb1015ca71be2b73aef0857d7781"
 153                        "1f352c073b6108d72d9810a30914dff4"),
 154                   SHEX("6bc1bee22e409f96e93d7e117393172a"
 155                        "ae2d8a571e03ac9c9eb76fac45af8e51"
 156                        "30c81c46a35ce411e5fbc1191a0a52ef"
 157                        "f69f2445df4f9b17ad2b417be66c3710"),
 158                   SHEX("f58c4c04d6e5f1ba779eabfb5f7bfbd6"
 159                        "9cfc4e967edb808d679f777bc6702c7d"
 160                        "39f23369a9d9bacfa530e26304231461"
 161                        "b2eb05e2c39be9fcda6c19078c6a9d1b"),
 162                   SHEX("000102030405060708090a0b0c0d0e0f"));
 163
 164   test_cbc_bulk();
 165 }
 166
 167 /*
 168 IV
 169   000102030405060708090a0b0c0d0e0f
 170 Block #1
 171 Plaintext      6bc1bee22e409f96e93d7e117393172a
 172 Input Block     6bc0bce12a459991e134741a7f9e1925
 173 Output Block  7649abac8119b246cee98e9b12e9197d
 174 Ciphertext 7649abac8119b246cee98e9b12e9197d
 175 Block #2
 176 Plaintext      ae2d8a571e03ac9c9eb76fac45af8e51
 177 Input Block     d86421fb9f1a1eda505ee1375746972c
 178 Output Block  5086cb9b507219ee95db113a917678b2
 179 Ciphertext 5086cb9b507219ee95db113a917678b2
 180 Block #3
 181 Plaintext      30c81c46a35ce411e5fbc1191a0a52ef
 182 Input Block     604ed7ddf32efdff7020d0238b7c2a5d
 183 Output Block  73bed6b8e3c1743b7116e69e22229516
 184 Ciphertext 73bed6b8e3c1743b7116e69e22229516
 185 Block #4
 186 Plaintext      f69f2445df4f9b17ad2b417be66c3710
 187 Input Block     8521f2fd3c8eef2cdc3da7e5c44ea206
 188 Output Block  3ff1caa1681fac09120eca307586e1a7
 189 Ciphertext 3ff1caa1681fac09120eca307586e1a7
 190  F.2.2 CBC-AES128.Decrypt
 191 Key
 192   2b7e151628aed2a6abf7158809cf4f3c
 193 IV
 194   000102030405060708090a0b0c0d0e0f
 195 Block #1
 196 Ciphertext 7649abac8119b246cee98e9b12e9197d
 197 Input Block     7649abac8119b246cee98e9b12e9197d
 198 Output Block  6bc0bce12a459991e134741a7f9e1925
 199 Plaintext      6bc1bee22e409f96e93d7e117393172a
 200 Block #2
 201 Ciphertext 5086cb9b507219ee95db113a917678b2
 202 Input Block     5086cb9b507219ee95db113a917678b2
 203 Output Block  d86421fb9f1a1eda505ee1375746972c
 204 Plaintext      ae2d8a571e03ac9c9eb76fac45af8e51
 205 Block #3
 206 Ciphertext 73bed6b8e3c1743b7116e69e22229516
 207 Input Block     73bed6b8e3c1743b7116e69e22229516
 208 Output Block  604ed7ddf32efdff7020d0238b7c2a5d
 209 Plaintext      30c81c46a35ce411e5fbc1191a0a52ef
 210 Block #4
 211 Ciphertext 3ff1caa1681fac09120eca307586e1a7
 212 Input Block     3ff1caa1681fac09120eca307586e1a7
 213
 214
 215 Output Block  8521f2fd3c8eef2cdc3da7e5c44ea206
 216 Plaintext      f69f2445df4f9b17ad2b417be66c3710
 217  F.2.3 CBC-AES192.Encrypt
 218 Key
 219   8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b
 220 IV
 221   000102030405060708090a0b0c0d0e0f
 222 Block #1
 223 Plaintext      6bc1bee22e409f96e93d7e117393172a
 224 Input Block     6bc0bce12a459991e134741a7f9e1925
 225 Output Block  4f021db243bc633d7178183a9fa071e8
 226 Ciphertext 4f021db243bc633d7178183a9fa071e8
 227 Block #2
 228 Plaintext      ae2d8a571e03ac9c9eb76fac45af8e51
 229 Input Block     e12f97e55dbfcfa1efcf7796da0fffb9
 230 Output Block  b4d9ada9ad7dedf4e5e738763f69145a
 231 Ciphertext b4d9ada9ad7dedf4e5e738763f69145a
 232 Block #3
 233 Plaintext      30c81c46a35ce411e5fbc1191a0a52ef
 234 Input Block     8411b1ef0e2109e5001cf96f256346b5
 235 Output Block  571b242012fb7ae07fa9baac3df102e0
 236 Ciphertext 571b242012fb7ae07fa9baac3df102e0
 237 Block #4
 238 Plaintext      f69f2445df4f9b17ad2b417be66c3710
 239 Input Block     a1840065cdb4e1f7d282fbd7db9d35f0
 240 Output Block  08b0e27988598881d920a9e64f5615cd
 241 Ciphertext 08b0e27988598881d920a9e64f5615cd
 242  F.2.4 CBC-AES192.Decrypt
 243 Key
 244   8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b
 245 IV
 246   000102030405060708090a0b0c0d0e0f
 247 Block #1
 248 Ciphertext 4f021db243bc633d7178183a9fa071e8
 249 Input Block     4f021db243bc633d7178183a9fa071e8
 250 Output Block  6bc0bce12a459991e134741a7f9e1925
 251 Plaintext      6bc1bee22e409f96e93d7e117393172a
 252 Block #2
 253 Ciphertext b4d9ada9ad7dedf4e5e738763f69145a
 254 Input Block     b4d9ada9ad7dedf4e5e738763f69145a
 255 Output Block  e12f97e55dbfcfa1efcf7796da0fffb9
 256 Plaintext      ae2d8a571e03ac9c9eb76fac45af8e51
 257 Block #3
 258 Ciphertext 571b242012fb7ae07fa9baac3df102e0
 259 Input Block     571b242012fb7ae07fa9baac3df102e0
 260 Output Block  8411b1ef0e2109e5001cf96f256346b5
 261 Plaintext      30c81c46a35ce411e5fbc1191a0a52ef
 262 Block #4
 263 Ciphertext 08b0e27988598881d920a9e64f5615cd
 264 Input Block     08b0e27988598881d920a9e64f5615cd
 265 Output Block  a1840065cdb4e1f7d282fbd7db9d35f0
 266 Plaintext      f69f2445df4f9b17ad2b417be66c3710
 267  F.2.5 CBC-AES256.Encrypt
 268 Key
 269   603deb1015ca71be2b73aef0857d7781
 270 1f352c073b6108d72d9810a30914dff4
 271   IV
 272   000102030405060708090a0b0c0d0e0f
 273 Block #1
 274 Plaintext      6bc1bee22e409f96e93d7e117393172a
 275 Input Block     6bc0bce12a459991e134741a7f9e1925
 276 Output Block  f58c4c04d6e5f1ba779eabfb5f7bfbd6
 277 Ciphertext f58c4c04d6e5f1ba779eabfb5f7bfbd6
 278 Block #2
 279 Plaintext      ae2d8a571e03ac9c9eb76fac45af8e51
 280 Input Block     5ba1c653c8e65d26e929c4571ad47587
 281 Output Block  9cfc4e967edb808d679f777bc6702c7d
 282 Ciphertext 9cfc4e967edb808d679f777bc6702c7d
 283 Block #3
 284 Plaintext      30c81c46a35ce411e5fbc1191a0a52ef
 285 Input Block     ac3452d0dd87649c8264b662dc7a7e92
 286 Output Block  39f23369a9d9bacfa530e26304231461
 287 Ciphertext 39f23369a9d9bacfa530e26304231461
 288 Block #4
 289 Plaintext      f69f2445df4f9b17ad2b417be66c3710
 290 Input Block     cf6d172c769621d8081ba318e24f2371
 291 Output Block  b2eb05e2c39be9fcda6c19078c6a9d1b
 292 Ciphertext b2eb05e2c39be9fcda6c19078c6a9d1b
 293  F.2.6 CBC-AES256.Decrypt
 294 Key
 295   603deb1015ca71be2b73aef0857d7781
 296    1f352c073b6108d72d9810a30914dff4
 297 IV
 298   000102030405060708090a0b0c0d0e0f
 299 Block #1
 300 Ciphertext f58c4c04d6e5f1ba779eabfb5f7bfbd6
 301 Input Block     f58c4c04d6e5f1ba779eabfb5f7bfbd6
 302 Output Block  6bc0bce12a459991e134741a7f9e1925
 303 Plaintext      6bc1bee22e409f96e93d7e117393172a
 304 Block #2
 305 Ciphertext 9cfc4e967edb808d679f777bc6702c7d
 306 Input Block     9cfc4e967edb808d679f777bc6702c7d
 307 Output Block  5ba1c653c8e65d26e929c4571ad47587
 308 Plaintext      ae2d8a571e03ac9c9eb76fac45af8e51
 309 Block #3
 310 Ciphertext 39f23369a9d9bacfa530e26304231461
 311 Input Block     39f23369a9d9bacfa530e26304231461
 312 Output Block  ac3452d0dd87649c8264b662dc7a7e92
 313 Plaintext      30c81c46a35ce411e5fbc1191a0a52ef
 314 Block #4
 315 Ciphertext b2eb05e2c39be9fcda6c19078c6a9d1b
 316 Input Block     b2eb05e2c39be9fcda6c19078c6a9d1b
 317 Output Block  cf6d172c769621d8081ba318e24f2371
 318 Plaintext      f69f2445df4f9b17ad2b417be66c3710
 319 */