1 /* test_cbc_mode.c - TinyCrypt implementation of some AES-CBC tests */
2
3 /*
4 * Copyright (C) 2015 by Intel Corporation, All Rights Reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
8 *
9 * - Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 *
12 * - Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * - Neither the name of Intel Corporation nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 */
32 /*
33 * DESCRIPTION
34 * This module tests the following AES-CBC Mode routines:
35 * Scenarios tested include:
36 * - AES128 CBC mode encryption SP 800-38a tests
37 */
38
39 #include <tinycrypt/cbc_mode.h>
40 #include <tinycrypt/constants.h>
41 #include <zephyr/test_utils.h>
42
43 #include <stdlib.h>
44 #include <stdio.h>
45 #include <string.h>
46 #include <zephyr/ztest.h>
47
48 /*
49 * NIST test vectors from SP 800-38a:
50 *
51 * Block #1
52 * Plaintext 6bc1bee22e409f96e93d7e117393172a
53 * Input Block 6bc0bce12a459991e134741a7f9e1925
54 * Output Block 7649abac8119b246cee98e9b12e9197d
55 * Ciphertext 7649abac8119b246cee98e9b12e9197d
56 * Block #2
57 * Plaintext ae2d8a571e03ac9c9eb76fac45af8e51
58 * Input Block d86421fb9f1a1eda505ee1375746972c
59 * Output Block 5086cb9b507219ee95db113a917678b2
60 * Ciphertext 5086cb9b507219ee95db113a917678b2
61 * Block #3
62 * Plaintext 30c81c46a35ce411e5fbc1191a0a52ef
63 * Input Block 604ed7ddf32efdff7020d0238b7c2a5d
64 * Output Block 73bed6b8e3c1743b7116e69e22229516
65 * Ciphertext 73bed6b8e3c1743b7116e69e22229516
66 * Block #4
67 * Plaintext f69f2445df4f9b17ad2b417be66c3710
68 * Input Block 8521f2fd3c8eef2cdc3da7e5c44ea206
69 * Output Block 3ff1caa1681fac09120eca307586e1a7
70 * Ciphertext 3ff1caa1681fac09120eca307586e1a7
71 */
72 const uint8_t key[16] = {
73 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88,
74 0x09, 0xcf, 0x4f, 0x3c
75 };
76
77 const uint8_t iv[16] = {
78 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
79 0x0c, 0x0d, 0x0e, 0x0f
80 };
81
82 const uint8_t plaintext[64] = {
83 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11,
84 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
85 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 0x30, 0xc8, 0x1c, 0x46,
86 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
87 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b,
88 0xe6, 0x6c, 0x37, 0x10
89 };
90
91 const uint8_t ciphertext[80] = {
92 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
93 0x0c, 0x0d, 0x0e, 0x0f, 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
94 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d, 0x50, 0x86, 0xcb, 0x9b,
95 0x50, 0x72, 0x19, 0xee, 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2,
96 0x73, 0xbe, 0xd6, 0xb8, 0xe3, 0xc1, 0x74, 0x3b, 0x71, 0x16, 0xe6, 0x9e,
97 0x22, 0x22, 0x95, 0x16, 0x3f, 0xf1, 0xca, 0xa1, 0x68, 0x1f, 0xac, 0x09,
98 0x12, 0x0e, 0xca, 0x30, 0x75, 0x86, 0xe1, 0xa7
99 };
100
101 /*
102 * NIST SP 800-38a CBC Test for encryption and decryption.
103 */
ZTEST(tinycrypt,test_cbc_sp_800_38a_encrypt_decrypt)104 ZTEST(tinycrypt, test_cbc_sp_800_38a_encrypt_decrypt)
105 {
106
107 TC_PRINT("Performing CBC tests:\n");
108
109 struct tc_aes_key_sched_struct a;
110 uint8_t iv_buffer[16];
111 uint8_t encrypted[80];
112 uint8_t decrypted[64];
113 uint8_t *p;
114 uint32_t length;
115 int result = TC_PASS;
116
117 (void)tc_aes128_set_encrypt_key(&a, key);
118
119 (void)memcpy(iv_buffer, iv, TC_AES_BLOCK_SIZE);
120
121 TC_PRINT("CBC test #1 (encryption SP 800-38a tests):\n");
122
123 /**TESTPOINT: Check test 1*/
124 zassert_true(tc_cbc_mode_encrypt(encrypted,
125 sizeof(plaintext) + TC_AES_BLOCK_SIZE,
126 plaintext, sizeof(plaintext), iv_buffer, &a),
127 "CBC test #1 (encryption SP 800-38a tests) failed");
128
129 result = check_result(1, ciphertext, sizeof(encrypted),
130 encrypted, sizeof(encrypted), 1);
131 zassert_false(result, "CBC test #1 failed.");
132
133 TC_PRINT("CBC test #2 (decryption SP 800-38a tests):\n");
134 (void)tc_aes128_set_decrypt_key(&a, key);
135
136 p = &encrypted[TC_AES_BLOCK_SIZE];
137 length = ((uint32_t) sizeof(encrypted)) - TC_AES_BLOCK_SIZE;
138
139 /**TESTPOINT: Check test 2*/
140 zassert_true(tc_cbc_mode_decrypt(decrypted,
141 length, p, length, encrypted,
142 &a), "CBC test #2 (decryption SP 800-38a tests) failed");
143
144 result = check_result(2, plaintext, sizeof(decrypted),
145 decrypted, sizeof(decrypted), 1);
146
147 /**TESTPOINT: Check result*/
148 zassert_false(result, "CBC test #2 failed.");
149 }
150
