aes_wrap.c

Go to the documentation of this file.
00001 
00023 #include <stdlib.h>
00024 #include <stdio.h>
00025 #include <string.h>
00026 #include "common.h"
00027 #include "aes_wrap.h"
00028 #include "crypto.h"
00029 
00030 #ifndef EAP_TLS_FUNCS
00031 #include "aes.c"
00032 #endif /* EAP_TLS_FUNCS */
00033 
00034 
00044 int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher)
00045 {
00046         u8 *a, *r, b[16];
00047         int i, j;
00048         void *ctx;
00049 
00050         a = cipher;
00051         r = cipher + 8;
00052 
00053         /* 1) Initialize variables. */
00054         memset(a, 0xa6, 8);
00055         memcpy(r, plain, 8 * n);
00056 
00057         ctx = aes_encrypt_init(kek, 16);
00058         if (ctx == NULL)
00059                 return -1;
00060 
00061         /* 2) Calculate intermediate values.
00062          * For j = 0 to 5
00063          *     For i=1 to n
00064          *         B = AES(K, A | R[i])
00065          *         A = MSB(64, B) ^ t where t = (n*j)+i
00066          *         R[i] = LSB(64, B)
00067          */
00068         for (j = 0; j <= 5; j++) {
00069                 r = cipher + 8;
00070                 for (i = 1; i <= n; i++) {
00071                         memcpy(b, a, 8);
00072                         memcpy(b + 8, r, 8);
00073                         aes_encrypt(ctx, b, b);
00074                         memcpy(a, b, 8);
00075                         a[7] ^= n * j + i;
00076                         memcpy(r, b + 8, 8);
00077                         r += 8;
00078                 }
00079         }
00080         aes_encrypt_deinit(ctx);
00081 
00082         /* 3) Output the results.
00083          *
00084          * These are already in @cipher due to the location of temporary
00085          * variables.
00086          */
00087 
00088         return 0;
00089 }
00090 
00091 
00101 int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain)
00102 {
00103         u8 a[8], *r, b[16];
00104         int i, j;
00105         void *ctx;
00106 
00107         /* 1) Initialize variables. */
00108         memcpy(a, cipher, 8);
00109         r = plain;
00110         memcpy(r, cipher + 8, 8 * n);
00111 
00112         ctx = aes_decrypt_init(kek, 16);
00113         if (ctx == NULL)
00114                 return -1;
00115 
00116         /* 2) Compute intermediate values.
00117          * For j = 5 to 0
00118          *     For i = n to 1
00119          *         B = AES-1(K, (A ^ t) | R[i]) where t = n*j+i
00120          *         A = MSB(64, B)
00121          *         R[i] = LSB(64, B)
00122          */
00123         for (j = 5; j >= 0; j--) {
00124                 r = plain + (n - 1) * 8;
00125                 for (i = n; i >= 1; i--) {
00126                         memcpy(b, a, 8);
00127                         b[7] ^= n * j + i;
00128 
00129                         memcpy(b + 8, r, 8);
00130                         aes_decrypt(ctx, b, b);
00131                         memcpy(a, b, 8);
00132                         memcpy(r, b + 8, 8);
00133                         r -= 8;
00134                 }
00135         }
00136         aes_decrypt_deinit(ctx);
00137 
00138         /* 3) Output results.
00139          *
00140          * These are already in @plain due to the location of temporary
00141          * variables. Just verify that the IV matches with the expected value.
00142          */
00143         for (i = 0; i < 8; i++) {
00144                 if (a[i] != 0xa6)
00145                         return -1;
00146         }
00147 
00148         return 0;
00149 }
00150 
00151 
00152 #define BLOCK_SIZE 16
00153 
00154 static void gf_mulx(u8 *pad)
00155 {
00156         int i, carry;
00157 
00158         carry = pad[0] & 0x80;
00159         for (i = 0; i < BLOCK_SIZE - 1; i++)
00160                 pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
00161         pad[BLOCK_SIZE - 1] <<= 1;
00162         if (carry)
00163                 pad[BLOCK_SIZE - 1] ^= 0x87;
00164 }
00165 
00166 
00176 int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
00177 {
00178         void *ctx;
00179         u8 cbc[BLOCK_SIZE], pad[BLOCK_SIZE];
00180         const u8 *pos = data;
00181         int i;
00182         size_t left = data_len;
00183 
00184         ctx = aes_encrypt_init(key, 16);
00185         if (ctx == NULL)
00186                 return -1;
00187         memset(cbc, 0, BLOCK_SIZE);
00188 
00189         while (left >= BLOCK_SIZE) {
00190                 for (i = 0; i < BLOCK_SIZE; i++)
00191                         cbc[i] ^= *pos++;
00192                 if (left > BLOCK_SIZE)
00193                         aes_encrypt(ctx, cbc, cbc);
00194                 left -= BLOCK_SIZE;
00195         }
00196 
00197         memset(pad, 0, BLOCK_SIZE);
00198         aes_encrypt(ctx, pad, pad);
00199         gf_mulx(pad);
00200 
00201         if (left || data_len == 0) {
00202                 for (i = 0; i < left; i++)
00203                         cbc[i] ^= *pos++;
00204                 cbc[left] ^= 0x80;
00205                 gf_mulx(pad);
00206         }
00207 
00208         for (i = 0; i < BLOCK_SIZE; i++)
00209                 pad[i] ^= cbc[i];
00210         aes_encrypt(ctx, pad, mac);
00211         aes_encrypt_deinit(ctx);
00212         return 0;
00213 }
00214 
00215 
00224 int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out)
00225 {
00226         void *ctx;
00227         ctx = aes_encrypt_init(key, 16);
00228         if (ctx == NULL)
00229                 return -1;
00230         aes_encrypt(ctx, in, out);
00231         aes_encrypt_deinit(ctx);
00232         return 0;
00233 }
00234 
00235 
00245 int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce,
00246                         u8 *data, size_t data_len)
00247 {
00248         void *ctx;
00249         size_t len, left = data_len;
00250         int i;
00251         u8 *pos = data;
00252         u8 counter[BLOCK_SIZE], buf[BLOCK_SIZE];
00253 
00254         ctx = aes_encrypt_init(key, 16);
00255         if (ctx == NULL)
00256                 return -1;
00257         memcpy(counter, nonce, BLOCK_SIZE);
00258 
00259         while (left > 0) {
00260                 aes_encrypt(ctx, counter, buf);
00261 
00262                 len = (left < BLOCK_SIZE) ? left : BLOCK_SIZE;
00263                 for (i = 0; i < len; i++)
00264                         pos[i] ^= buf[i];
00265                 pos += len;
00266                 left -= len;
00267 
00268                 for (i = BLOCK_SIZE - 1; i >= 0; i--) {
00269                         counter[i]++;
00270                         if (counter[i])
00271                                 break;
00272                 }
00273         }
00274         aes_encrypt_deinit(ctx);
00275         return 0;
00276 }
00277 
00278 
00292 int aes_128_eax_encrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
00293                         const u8 *hdr, size_t hdr_len,
00294                         u8 *data, size_t data_len, u8 *tag)
00295 {
00296         u8 *buf;
00297         size_t buf_len;
00298         u8 nonce_mac[BLOCK_SIZE], hdr_mac[BLOCK_SIZE], data_mac[BLOCK_SIZE];
00299         int i;
00300 
00301         if (nonce_len > data_len)
00302                 buf_len = nonce_len;
00303         else
00304                 buf_len = data_len;
00305         if (hdr_len > buf_len)
00306                 buf_len = hdr_len;
00307         buf_len += 16;
00308 
00309         buf = malloc(buf_len);
00310         if (buf == NULL)
00311                 return -1;
00312 
00313         memset(buf, 0, 15);
00314 
00315         buf[15] = 0;
00316         memcpy(buf + 16, nonce, nonce_len);
00317         omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac);
00318 
00319         buf[15] = 1;
00320         memcpy(buf + 16, hdr, hdr_len);
00321         omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac);
00322 
00323         aes_128_ctr_encrypt(key, nonce_mac, data, data_len);
00324         buf[15] = 2;
00325         memcpy(buf + 16, data, data_len);
00326         omac1_aes_128(key, buf, 16 + data_len, data_mac);
00327 
00328         free(buf);
00329 
00330         for (i = 0; i < BLOCK_SIZE; i++)
00331                 tag[i] = nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i];
00332 
00333         return 0;
00334 }
00335 
00336 
00350 int aes_128_eax_decrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
00351                         const u8 *hdr, size_t hdr_len,
00352                         u8 *data, size_t data_len, const u8 *tag)
00353 {
00354         u8 *buf;
00355         size_t buf_len;
00356         u8 nonce_mac[BLOCK_SIZE], hdr_mac[BLOCK_SIZE], data_mac[BLOCK_SIZE];
00357         int i;
00358 
00359         if (nonce_len > data_len)
00360                 buf_len = nonce_len;
00361         else
00362                 buf_len = data_len;
00363         if (hdr_len > buf_len)
00364                 buf_len = hdr_len;
00365         buf_len += 16;
00366 
00367         buf = malloc(buf_len);
00368         if (buf == NULL)
00369                 return -1;
00370 
00371         memset(buf, 0, 15);
00372 
00373         buf[15] = 0;
00374         memcpy(buf + 16, nonce, nonce_len);
00375         omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac);
00376 
00377         buf[15] = 1;
00378         memcpy(buf + 16, hdr, hdr_len);
00379         omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac);
00380 
00381         buf[15] = 2;
00382         memcpy(buf + 16, data, data_len);
00383         omac1_aes_128(key, buf, 16 + data_len, data_mac);
00384 
00385         free(buf);
00386 
00387         for (i = 0; i < BLOCK_SIZE; i++) {
00388                 if (tag[i] != (nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i]))
00389                         return -2;
00390         }
00391 
00392         aes_128_ctr_encrypt(key, nonce_mac, data, data_len);
00393 
00394         return 0;
00395 }
00396 
00397 
00407 int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
00408 {
00409         void *ctx;
00410         u8 cbc[BLOCK_SIZE];
00411         u8 *pos = data;
00412         int i, j, blocks;
00413 
00414         ctx = aes_encrypt_init(key, 16);
00415         if (ctx == NULL)
00416                 return -1;
00417         memcpy(cbc, iv, BLOCK_SIZE);
00418 
00419         blocks = data_len / BLOCK_SIZE;
00420         for (i = 0; i < blocks; i++) {
00421                 for (j = 0; j < BLOCK_SIZE; j++)
00422                         cbc[j] ^= pos[j];
00423                 aes_encrypt(ctx, cbc, cbc);
00424                 memcpy(pos, cbc, BLOCK_SIZE);
00425                 pos += BLOCK_SIZE;
00426         }
00427         aes_encrypt_deinit(ctx);
00428         return 0;
00429 }
00430 
00431 
00441 int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
00442 {
00443         void *ctx;
00444         u8 cbc[BLOCK_SIZE], tmp[BLOCK_SIZE];
00445         u8 *pos = data;
00446         int i, j, blocks;
00447 
00448         ctx = aes_decrypt_init(key, 16);
00449         if (ctx == NULL)
00450                 return -1;
00451         memcpy(cbc, iv, BLOCK_SIZE);
00452 
00453         blocks = data_len / BLOCK_SIZE;
00454         for (i = 0; i < blocks; i++) {
00455                 memcpy(tmp, pos, BLOCK_SIZE);
00456                 aes_decrypt(ctx, pos, pos);
00457                 for (j = 0; j < BLOCK_SIZE; j++)
00458                         pos[j] ^= cbc[j];
00459                 memcpy(cbc, tmp, BLOCK_SIZE);
00460                 pos += BLOCK_SIZE;
00461         }
00462         aes_decrypt_deinit(ctx);
00463         return 0;
00464 }
00465 
00466 
00467 #ifdef TEST_MAIN
00468 
00469 #ifdef __i386__
00470 #define rdtscll(val) \
00471      __asm__ __volatile__("rdtsc" : "=A" (val))
00472 
00473 static void test_aes_perf(void)
00474 {
00475         const int num_iters = 10;
00476         int i;
00477         unsigned int start, end;
00478         u8 key[16], pt[16], ct[16];
00479         void *ctx;
00480 
00481         printf("keySetupEnc:");
00482         for (i = 0; i < num_iters; i++) {
00483                 rdtscll(start);
00484                 ctx = aes_encrypt_init(key, 16);
00485                 rdtscll(end);
00486                 aes_encrypt_deinit(ctx);
00487                 printf(" %d", end - start);
00488         }
00489         printf("\n");
00490 
00491         printf("Encrypt:");
00492         ctx = aes_encrypt_init(key, 16);
00493         for (i = 0; i < num_iters; i++) {
00494                 rdtscll(start);
00495                 aes_encrypt(ctx, pt, ct);
00496                 rdtscll(end);
00497                 printf(" %d", end - start);
00498         }
00499         aes_encrypt_deinit(ctx);
00500         printf("\n");
00501 }
00502 #endif /* __i386__ */
00503 
00504 
00505 static int test_eax(void)
00506 {
00507         u8 msg[] = { 0xF7, 0xFB };
00508         u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B,
00509                      0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 };
00510         u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84,
00511                        0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD };
00512         u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA };
00513         u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D,
00514                         0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79,
00515                         0x67, 0xE5 };
00516         u8 data[sizeof(msg)], tag[BLOCK_SIZE];
00517 
00518         memcpy(data, msg, sizeof(msg));
00519         if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
00520                                 data, sizeof(data), tag)) {
00521                 printf("AES-128 EAX mode encryption failed\n");
00522                 return 1;
00523         }
00524         if (memcmp(data, cipher, sizeof(data)) != 0) {
00525                 printf("AES-128 EAX mode encryption returned invalid cipher "
00526                        "text\n");
00527                 return 1;
00528         }
00529         if (memcmp(tag, cipher + sizeof(data), BLOCK_SIZE) != 0) {
00530                 printf("AES-128 EAX mode encryption returned invalid tag\n");
00531                 return 1;
00532         }
00533 
00534         if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
00535                                 data, sizeof(data), tag)) {
00536                 printf("AES-128 EAX mode decryption failed\n");
00537                 return 1;
00538         }
00539         if (memcmp(data, msg, sizeof(data)) != 0) {
00540                 printf("AES-128 EAX mode decryption returned invalid plain "
00541                        "text\n");
00542                 return 1;
00543         }
00544 
00545         return 0;
00546 }
00547 
00548 
00549 static int test_cbc(void)
00550 {
00551         struct cbc_test_vector {
00552                 u8 key[16];
00553                 u8 iv[16];
00554                 u8 plain[32];
00555                 u8 cipher[32];
00556                 size_t len;
00557         } vectors[] = {
00558                 {
00559                         { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
00560                           0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
00561                         { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
00562                           0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
00563                         "Single block msg",
00564                         { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
00565                           0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a },
00566                         16
00567                 },
00568                 {
00569                         { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
00570                           0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
00571                         { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
00572                           0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
00573                         { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
00574                           0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
00575                           0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
00576                           0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
00577                         { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
00578                           0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
00579                           0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
00580                           0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 },
00581                         32
00582                 }
00583         };
00584         int i, ret = 0;
00585         u8 *buf;
00586 
00587         for (i = 0; i < sizeof(vectors) / sizeof(vectors[0]); i++) {
00588                 struct cbc_test_vector *tv = &vectors[i];
00589                 buf = malloc(tv->len);
00590                 if (buf == NULL) {
00591                         ret++;
00592                         break;
00593                 }
00594                 memcpy(buf, tv->plain, tv->len);
00595                 aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len);
00596                 if (memcmp(buf, tv->cipher, tv->len) != 0) {
00597                         printf("AES-CBC encrypt %d failed\n", i);
00598                         ret++;
00599                 }
00600                 memcpy(buf, tv->cipher, tv->len);
00601                 aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len);
00602                 if (memcmp(buf, tv->plain, tv->len) != 0) {
00603                         printf("AES-CBC decrypt %d failed\n", i);
00604                         ret++;
00605                 }
00606                 free(buf);
00607         }
00608 
00609         return ret;
00610 }
00611 
00612 
00613 /* OMAC1 AES-128 test vectors from
00614  * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf
00615  */
00616 
00617 struct omac1_test_vector {
00618         u8 k[16];
00619         u8 msg[64];
00620         int msg_len;
00621         u8 tag[16];
00622 };
00623 
00624 static struct omac1_test_vector test_vectors[] =
00625 {
00626         {
00627                 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
00628                   0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
00629                 { },
00630                 0,
00631                 { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
00632                   0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }
00633         },
00634         {
00635                 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
00636                   0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
00637                 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
00638                   0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a},
00639                 16,
00640                 { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
00641                   0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }
00642         },
00643         {
00644                 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
00645                   0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
00646                 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
00647                   0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
00648                   0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
00649                   0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
00650                   0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 },
00651                 40,
00652                 { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
00653                   0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 }
00654         },
00655         {
00656                 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
00657                   0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
00658                 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
00659                   0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
00660                   0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
00661                   0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
00662                   0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
00663                   0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
00664                   0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
00665                   0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
00666                 64,
00667                 { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
00668                   0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe }
00669         },
00670 };
00671 
00672 
00673 int main(int argc, char *argv[])
00674 {
00675         u8 kek[] = {
00676                 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
00677                 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
00678         };
00679         u8 plain[] = {
00680                 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
00681                 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
00682         };
00683         u8 crypt[] = {
00684                 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
00685                 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
00686                 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
00687         };
00688         u8 result[24];
00689         int ret = 0, i;
00690         struct omac1_test_vector *tv;
00691 
00692         if (aes_wrap(kek, 2, plain, result)) {
00693                 printf("AES-WRAP-128-128 reported failure\n");
00694                 ret++;
00695         }
00696         if (memcmp(result, crypt, 24) != 0) {
00697                 printf("AES-WRAP-128-128 failed\n");
00698                 ret++;
00699         }
00700         if (aes_unwrap(kek, 2, crypt, result)) {
00701                 printf("AES-UNWRAP-128-128 reported failure\n");
00702                 ret++;
00703         }
00704         if (memcmp(result, plain, 16) != 0) {
00705                 int i;
00706                 printf("AES-UNWRAP-128-128 failed\n");
00707                 ret++;
00708                 for (i = 0; i < 16; i++)
00709                         printf(" %02x", result[i]);
00710                 printf("\n");
00711         }
00712 
00713 #ifdef __i386__
00714         test_aes_perf();
00715 #endif /* __i386__ */
00716 
00717         for (i = 0; i < sizeof(test_vectors) / sizeof(test_vectors[0]); i++) {
00718                 tv = &test_vectors[i];
00719                 omac1_aes_128(tv->k, tv->msg, tv->msg_len, result);
00720                 if (memcmp(result, tv->tag, 16) != 0) {
00721                         printf("OMAC1-AES-128 test vector %d failed\n", i);
00722                         ret++;
00723                 }
00724         }
00725 
00726         ret += test_eax();
00727 
00728         ret += test_cbc();
00729 
00730         if (ret)
00731                 printf("FAILED!\n");
00732 
00733         return ret;
00734 }
00735 #endif /* TEST_MAIN */
00736 

Generated on Sat May 6 21:13:29 2006 for wpa_supplicant by  doxygen 1.4.2