00001
00023 #include <stdlib.h>
00024 #include <stdio.h>
00025 #include <string.h>
00026 #include "common.h"
00027 #include "aes_wrap.h"
00028 #include "crypto.h"
00029
00030 #ifndef EAP_TLS_FUNCS
00031 #include "aes.c"
00032 #endif
00033
00034
00044 int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher)
00045 {
00046 u8 *a, *r, b[16];
00047 int i, j;
00048 void *ctx;
00049
00050 a = cipher;
00051 r = cipher + 8;
00052
00053
00054 memset(a, 0xa6, 8);
00055 memcpy(r, plain, 8 * n);
00056
00057 ctx = aes_encrypt_init(kek, 16);
00058 if (ctx == NULL)
00059 return -1;
00060
00061
00062
00063
00064
00065
00066
00067
00068 for (j = 0; j <= 5; j++) {
00069 r = cipher + 8;
00070 for (i = 1; i <= n; i++) {
00071 memcpy(b, a, 8);
00072 memcpy(b + 8, r, 8);
00073 aes_encrypt(ctx, b, b);
00074 memcpy(a, b, 8);
00075 a[7] ^= n * j + i;
00076 memcpy(r, b + 8, 8);
00077 r += 8;
00078 }
00079 }
00080 aes_encrypt_deinit(ctx);
00081
00082
00083
00084
00085
00086
00087
00088 return 0;
00089 }
00090
00091
00101 int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain)
00102 {
00103 u8 a[8], *r, b[16];
00104 int i, j;
00105 void *ctx;
00106
00107
00108 memcpy(a, cipher, 8);
00109 r = plain;
00110 memcpy(r, cipher + 8, 8 * n);
00111
00112 ctx = aes_decrypt_init(kek, 16);
00113 if (ctx == NULL)
00114 return -1;
00115
00116
00117
00118
00119
00120
00121
00122
00123 for (j = 5; j >= 0; j--) {
00124 r = plain + (n - 1) * 8;
00125 for (i = n; i >= 1; i--) {
00126 memcpy(b, a, 8);
00127 b[7] ^= n * j + i;
00128
00129 memcpy(b + 8, r, 8);
00130 aes_decrypt(ctx, b, b);
00131 memcpy(a, b, 8);
00132 memcpy(r, b + 8, 8);
00133 r -= 8;
00134 }
00135 }
00136 aes_decrypt_deinit(ctx);
00137
00138
00139
00140
00141
00142
00143 for (i = 0; i < 8; i++) {
00144 if (a[i] != 0xa6)
00145 return -1;
00146 }
00147
00148 return 0;
00149 }
00150
00151
00152 #define BLOCK_SIZE 16
00153
00154 static void gf_mulx(u8 *pad)
00155 {
00156 int i, carry;
00157
00158 carry = pad[0] & 0x80;
00159 for (i = 0; i < BLOCK_SIZE - 1; i++)
00160 pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
00161 pad[BLOCK_SIZE - 1] <<= 1;
00162 if (carry)
00163 pad[BLOCK_SIZE - 1] ^= 0x87;
00164 }
00165
00166
00176 int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
00177 {
00178 void *ctx;
00179 u8 cbc[BLOCK_SIZE], pad[BLOCK_SIZE];
00180 const u8 *pos = data;
00181 int i;
00182 size_t left = data_len;
00183
00184 ctx = aes_encrypt_init(key, 16);
00185 if (ctx == NULL)
00186 return -1;
00187 memset(cbc, 0, BLOCK_SIZE);
00188
00189 while (left >= BLOCK_SIZE) {
00190 for (i = 0; i < BLOCK_SIZE; i++)
00191 cbc[i] ^= *pos++;
00192 if (left > BLOCK_SIZE)
00193 aes_encrypt(ctx, cbc, cbc);
00194 left -= BLOCK_SIZE;
00195 }
00196
00197 memset(pad, 0, BLOCK_SIZE);
00198 aes_encrypt(ctx, pad, pad);
00199 gf_mulx(pad);
00200
00201 if (left || data_len == 0) {
00202 for (i = 0; i < left; i++)
00203 cbc[i] ^= *pos++;
00204 cbc[left] ^= 0x80;
00205 gf_mulx(pad);
00206 }
00207
00208 for (i = 0; i < BLOCK_SIZE; i++)
00209 pad[i] ^= cbc[i];
00210 aes_encrypt(ctx, pad, mac);
00211 aes_encrypt_deinit(ctx);
00212 return 0;
00213 }
00214
00215
00224 int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out)
00225 {
00226 void *ctx;
00227 ctx = aes_encrypt_init(key, 16);
00228 if (ctx == NULL)
00229 return -1;
00230 aes_encrypt(ctx, in, out);
00231 aes_encrypt_deinit(ctx);
00232 return 0;
00233 }
00234
00235
00245 int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce,
00246 u8 *data, size_t data_len)
00247 {
00248 void *ctx;
00249 size_t len, left = data_len;
00250 int i;
00251 u8 *pos = data;
00252 u8 counter[BLOCK_SIZE], buf[BLOCK_SIZE];
00253
00254 ctx = aes_encrypt_init(key, 16);
00255 if (ctx == NULL)
00256 return -1;
00257 memcpy(counter, nonce, BLOCK_SIZE);
00258
00259 while (left > 0) {
00260 aes_encrypt(ctx, counter, buf);
00261
00262 len = (left < BLOCK_SIZE) ? left : BLOCK_SIZE;
00263 for (i = 0; i < len; i++)
00264 pos[i] ^= buf[i];
00265 pos += len;
00266 left -= len;
00267
00268 for (i = BLOCK_SIZE - 1; i >= 0; i--) {
00269 counter[i]++;
00270 if (counter[i])
00271 break;
00272 }
00273 }
00274 aes_encrypt_deinit(ctx);
00275 return 0;
00276 }
00277
00278
00292 int aes_128_eax_encrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
00293 const u8 *hdr, size_t hdr_len,
00294 u8 *data, size_t data_len, u8 *tag)
00295 {
00296 u8 *buf;
00297 size_t buf_len;
00298 u8 nonce_mac[BLOCK_SIZE], hdr_mac[BLOCK_SIZE], data_mac[BLOCK_SIZE];
00299 int i;
00300
00301 if (nonce_len > data_len)
00302 buf_len = nonce_len;
00303 else
00304 buf_len = data_len;
00305 if (hdr_len > buf_len)
00306 buf_len = hdr_len;
00307 buf_len += 16;
00308
00309 buf = malloc(buf_len);
00310 if (buf == NULL)
00311 return -1;
00312
00313 memset(buf, 0, 15);
00314
00315 buf[15] = 0;
00316 memcpy(buf + 16, nonce, nonce_len);
00317 omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac);
00318
00319 buf[15] = 1;
00320 memcpy(buf + 16, hdr, hdr_len);
00321 omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac);
00322
00323 aes_128_ctr_encrypt(key, nonce_mac, data, data_len);
00324 buf[15] = 2;
00325 memcpy(buf + 16, data, data_len);
00326 omac1_aes_128(key, buf, 16 + data_len, data_mac);
00327
00328 free(buf);
00329
00330 for (i = 0; i < BLOCK_SIZE; i++)
00331 tag[i] = nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i];
00332
00333 return 0;
00334 }
00335
00336
00350 int aes_128_eax_decrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
00351 const u8 *hdr, size_t hdr_len,
00352 u8 *data, size_t data_len, const u8 *tag)
00353 {
00354 u8 *buf;
00355 size_t buf_len;
00356 u8 nonce_mac[BLOCK_SIZE], hdr_mac[BLOCK_SIZE], data_mac[BLOCK_SIZE];
00357 int i;
00358
00359 if (nonce_len > data_len)
00360 buf_len = nonce_len;
00361 else
00362 buf_len = data_len;
00363 if (hdr_len > buf_len)
00364 buf_len = hdr_len;
00365 buf_len += 16;
00366
00367 buf = malloc(buf_len);
00368 if (buf == NULL)
00369 return -1;
00370
00371 memset(buf, 0, 15);
00372
00373 buf[15] = 0;
00374 memcpy(buf + 16, nonce, nonce_len);
00375 omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac);
00376
00377 buf[15] = 1;
00378 memcpy(buf + 16, hdr, hdr_len);
00379 omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac);
00380
00381 buf[15] = 2;
00382 memcpy(buf + 16, data, data_len);
00383 omac1_aes_128(key, buf, 16 + data_len, data_mac);
00384
00385 free(buf);
00386
00387 for (i = 0; i < BLOCK_SIZE; i++) {
00388 if (tag[i] != (nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i]))
00389 return -2;
00390 }
00391
00392 aes_128_ctr_encrypt(key, nonce_mac, data, data_len);
00393
00394 return 0;
00395 }
00396
00397
00407 int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
00408 {
00409 void *ctx;
00410 u8 cbc[BLOCK_SIZE];
00411 u8 *pos = data;
00412 int i, j, blocks;
00413
00414 ctx = aes_encrypt_init(key, 16);
00415 if (ctx == NULL)
00416 return -1;
00417 memcpy(cbc, iv, BLOCK_SIZE);
00418
00419 blocks = data_len / BLOCK_SIZE;
00420 for (i = 0; i < blocks; i++) {
00421 for (j = 0; j < BLOCK_SIZE; j++)
00422 cbc[j] ^= pos[j];
00423 aes_encrypt(ctx, cbc, cbc);
00424 memcpy(pos, cbc, BLOCK_SIZE);
00425 pos += BLOCK_SIZE;
00426 }
00427 aes_encrypt_deinit(ctx);
00428 return 0;
00429 }
00430
00431
00441 int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len)
00442 {
00443 void *ctx;
00444 u8 cbc[BLOCK_SIZE], tmp[BLOCK_SIZE];
00445 u8 *pos = data;
00446 int i, j, blocks;
00447
00448 ctx = aes_decrypt_init(key, 16);
00449 if (ctx == NULL)
00450 return -1;
00451 memcpy(cbc, iv, BLOCK_SIZE);
00452
00453 blocks = data_len / BLOCK_SIZE;
00454 for (i = 0; i < blocks; i++) {
00455 memcpy(tmp, pos, BLOCK_SIZE);
00456 aes_decrypt(ctx, pos, pos);
00457 for (j = 0; j < BLOCK_SIZE; j++)
00458 pos[j] ^= cbc[j];
00459 memcpy(cbc, tmp, BLOCK_SIZE);
00460 pos += BLOCK_SIZE;
00461 }
00462 aes_decrypt_deinit(ctx);
00463 return 0;
00464 }
00465
00466
00467 #ifdef TEST_MAIN
00468
00469 #ifdef __i386__
00470 #define rdtscll(val) \
00471 __asm__ __volatile__("rdtsc" : "=A" (val))
00472
00473 static void test_aes_perf(void)
00474 {
00475 const int num_iters = 10;
00476 int i;
00477 unsigned int start, end;
00478 u8 key[16], pt[16], ct[16];
00479 void *ctx;
00480
00481 printf("keySetupEnc:");
00482 for (i = 0; i < num_iters; i++) {
00483 rdtscll(start);
00484 ctx = aes_encrypt_init(key, 16);
00485 rdtscll(end);
00486 aes_encrypt_deinit(ctx);
00487 printf(" %d", end - start);
00488 }
00489 printf("\n");
00490
00491 printf("Encrypt:");
00492 ctx = aes_encrypt_init(key, 16);
00493 for (i = 0; i < num_iters; i++) {
00494 rdtscll(start);
00495 aes_encrypt(ctx, pt, ct);
00496 rdtscll(end);
00497 printf(" %d", end - start);
00498 }
00499 aes_encrypt_deinit(ctx);
00500 printf("\n");
00501 }
00502 #endif
00503
00504
00505 static int test_eax(void)
00506 {
00507 u8 msg[] = { 0xF7, 0xFB };
00508 u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B,
00509 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 };
00510 u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84,
00511 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD };
00512 u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA };
00513 u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D,
00514 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79,
00515 0x67, 0xE5 };
00516 u8 data[sizeof(msg)], tag[BLOCK_SIZE];
00517
00518 memcpy(data, msg, sizeof(msg));
00519 if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
00520 data, sizeof(data), tag)) {
00521 printf("AES-128 EAX mode encryption failed\n");
00522 return 1;
00523 }
00524 if (memcmp(data, cipher, sizeof(data)) != 0) {
00525 printf("AES-128 EAX mode encryption returned invalid cipher "
00526 "text\n");
00527 return 1;
00528 }
00529 if (memcmp(tag, cipher + sizeof(data), BLOCK_SIZE) != 0) {
00530 printf("AES-128 EAX mode encryption returned invalid tag\n");
00531 return 1;
00532 }
00533
00534 if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
00535 data, sizeof(data), tag)) {
00536 printf("AES-128 EAX mode decryption failed\n");
00537 return 1;
00538 }
00539 if (memcmp(data, msg, sizeof(data)) != 0) {
00540 printf("AES-128 EAX mode decryption returned invalid plain "
00541 "text\n");
00542 return 1;
00543 }
00544
00545 return 0;
00546 }
00547
00548
00549 static int test_cbc(void)
00550 {
00551 struct cbc_test_vector {
00552 u8 key[16];
00553 u8 iv[16];
00554 u8 plain[32];
00555 u8 cipher[32];
00556 size_t len;
00557 } vectors[] = {
00558 {
00559 { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
00560 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
00561 { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
00562 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
00563 "Single block msg",
00564 { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
00565 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a },
00566 16
00567 },
00568 {
00569 { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
00570 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
00571 { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
00572 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
00573 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
00574 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
00575 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
00576 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
00577 { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
00578 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
00579 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
00580 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 },
00581 32
00582 }
00583 };
00584 int i, ret = 0;
00585 u8 *buf;
00586
00587 for (i = 0; i < sizeof(vectors) / sizeof(vectors[0]); i++) {
00588 struct cbc_test_vector *tv = &vectors[i];
00589 buf = malloc(tv->len);
00590 if (buf == NULL) {
00591 ret++;
00592 break;
00593 }
00594 memcpy(buf, tv->plain, tv->len);
00595 aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len);
00596 if (memcmp(buf, tv->cipher, tv->len) != 0) {
00597 printf("AES-CBC encrypt %d failed\n", i);
00598 ret++;
00599 }
00600 memcpy(buf, tv->cipher, tv->len);
00601 aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len);
00602 if (memcmp(buf, tv->plain, tv->len) != 0) {
00603 printf("AES-CBC decrypt %d failed\n", i);
00604 ret++;
00605 }
00606 free(buf);
00607 }
00608
00609 return ret;
00610 }
00611
00612
00613
00614
00615
00616
00617 struct omac1_test_vector {
00618 u8 k[16];
00619 u8 msg[64];
00620 int msg_len;
00621 u8 tag[16];
00622 };
00623
00624 static struct omac1_test_vector test_vectors[] =
00625 {
00626 {
00627 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
00628 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
00629 { },
00630 0,
00631 { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
00632 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }
00633 },
00634 {
00635 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
00636 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
00637 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
00638 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a},
00639 16,
00640 { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
00641 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }
00642 },
00643 {
00644 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
00645 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
00646 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
00647 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
00648 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
00649 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
00650 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 },
00651 40,
00652 { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
00653 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 }
00654 },
00655 {
00656 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
00657 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
00658 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
00659 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
00660 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
00661 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
00662 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
00663 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
00664 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
00665 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
00666 64,
00667 { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
00668 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe }
00669 },
00670 };
00671
00672
00673 int main(int argc, char *argv[])
00674 {
00675 u8 kek[] = {
00676 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
00677 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
00678 };
00679 u8 plain[] = {
00680 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
00681 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
00682 };
00683 u8 crypt[] = {
00684 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
00685 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
00686 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
00687 };
00688 u8 result[24];
00689 int ret = 0, i;
00690 struct omac1_test_vector *tv;
00691
00692 if (aes_wrap(kek, 2, plain, result)) {
00693 printf("AES-WRAP-128-128 reported failure\n");
00694 ret++;
00695 }
00696 if (memcmp(result, crypt, 24) != 0) {
00697 printf("AES-WRAP-128-128 failed\n");
00698 ret++;
00699 }
00700 if (aes_unwrap(kek, 2, crypt, result)) {
00701 printf("AES-UNWRAP-128-128 reported failure\n");
00702 ret++;
00703 }
00704 if (memcmp(result, plain, 16) != 0) {
00705 int i;
00706 printf("AES-UNWRAP-128-128 failed\n");
00707 ret++;
00708 for (i = 0; i < 16; i++)
00709 printf(" %02x", result[i]);
00710 printf("\n");
00711 }
00712
00713 #ifdef __i386__
00714 test_aes_perf();
00715 #endif
00716
00717 for (i = 0; i < sizeof(test_vectors) / sizeof(test_vectors[0]); i++) {
00718 tv = &test_vectors[i];
00719 omac1_aes_128(tv->k, tv->msg, tv->msg_len, result);
00720 if (memcmp(result, tv->tag, 16) != 0) {
00721 printf("OMAC1-AES-128 test vector %d failed\n", i);
00722 ret++;
00723 }
00724 }
00725
00726 ret += test_eax();
00727
00728 ret += test_cbc();
00729
00730 if (ret)
00731 printf("FAILED!\n");
00732
00733 return ret;
00734 }
00735 #endif
00736
