diff --git a/wolfcrypt/src/port/arm/armv8-aes.c b/wolfcrypt/src/port/arm/armv8-aes.c index 68aa958c3..48158f1a6 100644 --- a/wolfcrypt/src/port/arm/armv8-aes.c +++ b/wolfcrypt/src/port/arm/armv8-aes.c @@ -3620,16 +3620,27 @@ static void wc_aes_ctr_encrypt_asm(Aes* aes, byte* out, const byte* in, "AESMC.8 q0, q0\n" "VEXT.8 q13, q13, q13, #8 \n" "SUB r11, r11, #2 \n" + + /* Comparison value to check whether carry is going to happen */ "VMOV.u32 q12, #0xffffffff \n" - "VADD.u32 q12, q14 \n" "VADD.i32 q15, q13, q14 \n" /* add 1 to counter */ - "VCEQ.i32 q13, q15, q12 \n" - "VEXT.8 q13, q14, q13, #12 \n" - "VSUB.i32 q15, q15, q13 \n" - "VADD.i32 q13, q15, q14 \n" /* add 1 to counter */ + /* Carry across 32-bit lanes */ "VCEQ.i32 q12, q13, q12 \n" - "VEXT.8 q12, q14, q12, #12 \n" + "VAND.32 d25, d25, d24 \n" + "VEXT.8 q13, q14, q12, #12 \n" + "VAND.32 d27, d27, d24 \n" + "VSUB.i32 q15, q15, q13 \n" + + "VMOV.u32 q12, #0xffffffff \n" + "VADD.i32 q13, q15, q14 \n" /* add 1 to counter */ + /* Carry across 32-bit lanes */ + "VCEQ.i32 q12, q15, q12 \n" + "VAND.32 d25, d25, d24 \n" + "VEXT.8 d25, d24, d25, #4 \n" + "VAND.32 d25, d25, d24 \n" + "VEXT.8 d24, d29, d24, #4 \n" "VSUB.i32 q13, q13, q12 \n" + "AESE.8 q0, q3\n" "AESMC.8 q0, q0\n" "VEXT.8 q15, q15, q15, #8 \n" @@ -3689,8 +3700,6 @@ static void wc_aes_ctr_encrypt_asm(Aes* aes, byte* out, const byte* in, /* single block */ "2: \n" - "VMOV.u32 q15, #0xffffffff \n" - "VADD.u32 q15, q14 \n" "VMOV.32 q0, q13 \n" "AESE.8 q0, q1\n" "AESMC.8 q0, q0\n" @@ -3700,10 +3709,15 @@ static void wc_aes_ctr_encrypt_asm(Aes* aes, byte* out, const byte* in, "VEXT.8 q13, q13, q13, #8 \n" "AESE.8 q0, q3\n" "AESMC.8 q0, q0\n" - "VADD.i32 q13, q13, q14 \n" /* add 1 to counter */ + + "VMOV.u32 q15, #0xffffffff \n" "VCEQ.i32 q12, q13, q15 \n" - "VEXT.8 q12, q14, q12, #12 \n" - "VSUB.i32 q13, q13, q12 \n" + "VADD.i32 q13, q13, q14 \n" /* add 1 to counter */ + "VAND.32 d25, d25, d24 \n" + "VEXT.8 q15, q14, q12, #12 \n" + "VAND.32 d31, d31, d24 \n" + "VSUB.i32 q13, q13, q15 \n" + "AESE.8 q0, q4\n" "AESMC.8 q0, q0\n" "SUB r11, r11, #1 \n" @@ -3770,16 +3784,26 @@ static void wc_aes_ctr_encrypt_asm(Aes* aes, byte* out, const byte* in, "AESMC.8 q0, q0\n" "VEXT.8 q13, q13, q13, #8 \n" "SUB r11, r11, #2 \n" + "VMOV.u32 q12, #0xffffffff \n" - "VADD.u32 q12, q14 \n" "VADD.i32 q15, q13, q14 \n" /* add 1 to counter */ - "VCEQ.i32 q13, q15, q12 \n" - "VEXT.8 q13, q14, q13, #12 \n" - "VSUB.i32 q15, q15, q13 \n" - "VADD.i32 q13, q15, q14 \n" /* add 1 to counter */ + /* Carry across 32-bit lanes */ "VCEQ.i32 q12, q13, q12 \n" - "VEXT.8 q12, q14, q12, #12 \n" + "VAND.32 d25, d25, d24 \n" + "VEXT.8 q13, q14, q12, #12 \n" + "VAND.32 d27, d27, d24 \n" + "VSUB.i32 q15, q15, q13 \n" + + "VMOV.u32 q12, #0xffffffff \n" + "VADD.i32 q13, q15, q14 \n" /* add 1 to counter */ + /* Carry across 32-bit lanes */ + "VCEQ.i32 q12, q15, q12 \n" + "VAND.32 d25, d25, d24 \n" + "VEXT.8 d25, d24, d25, #4 \n" + "VAND.32 d25, d25, d24 \n" + "VEXT.8 d24, d29, d24, #4 \n" "VSUB.i32 q13, q13, q12 \n" + "AESE.8 q0, q3\n" "AESMC.8 q0, q0\n" "VEXT.8 q15, q15, q15, #8 \n" @@ -3855,8 +3879,6 @@ static void wc_aes_ctr_encrypt_asm(Aes* aes, byte* out, const byte* in, /* single block */ "2: \n" - "VMOV.u32 q15, #0xffffffff \n" - "VADD.u32 q15, q14 \n" "VLD1.32 {q11}, [%[Key]]! \n" "VMOV.32 q0, q13 \n" "AESE.8 q0, q1\n" @@ -3867,10 +3889,15 @@ static void wc_aes_ctr_encrypt_asm(Aes* aes, byte* out, const byte* in, "VEXT.8 q13, q13, q13, #8 \n" "AESE.8 q0, q3\n" "AESMC.8 q0, q0\n" - "VADD.i32 q13, q13, q14 \n" /* add 1 to counter */ + + "VMOV.u32 q15, #0xffffffff \n" "VCEQ.i32 q12, q13, q15 \n" - "VEXT.8 q12, q14, q12, #12 \n" - "VSUB.i32 q13, q13, q12 \n" + "VADD.i32 q13, q13, q14 \n" /* add 1 to counter */ + "VAND.32 d25, d25, d24 \n" + "VEXT.8 q15, q14, q12, #12 \n" + "VAND.32 d31, d31, d24 \n" + "VSUB.i32 q13, q13, q15 \n" + "AESE.8 q0, q4\n" "AESMC.8 q0, q0\n" "SUB r11, r11, #1 \n" @@ -3943,16 +3970,26 @@ static void wc_aes_ctr_encrypt_asm(Aes* aes, byte* out, const byte* in, "AESMC.8 q0, q0\n" "VEXT.8 q13, q13, q13, #8 \n" "SUB r11, r11, #2 \n" + "VMOV.u32 q12, #0xffffffff \n" - "VADD.u32 q12, q14 \n" "VADD.i32 q15, q13, q14 \n" /* add 1 to counter */ - "VCEQ.i32 q13, q15, q12 \n" - "VEXT.8 q13, q14, q13, #12 \n" - "VSUB.i32 q15, q15, q13 \n" - "VADD.i32 q13, q15, q14 \n" /* add 1 to counter */ + /* Carry across 32-bit lanes */ "VCEQ.i32 q12, q13, q12 \n" - "VEXT.8 q12, q14, q12, #12 \n" + "VAND.32 d25, d25, d24 \n" + "VEXT.8 q13, q14, q12, #12 \n" + "VAND.32 d27, d27, d24 \n" + "VSUB.i32 q15, q15, q13 \n" + + "VMOV.u32 q12, #0xffffffff \n" + "VADD.i32 q13, q15, q14 \n" /* add 1 to counter */ + /* Carry across 32-bit lanes */ + "VCEQ.i32 q12, q15, q12 \n" + "VAND.32 d25, d25, d24 \n" + "VEXT.8 d25, d24, d25, #4 \n" + "VAND.32 d25, d25, d24 \n" + "VEXT.8 d24, d29, d24, #4 \n" "VSUB.i32 q13, q13, q12 \n" + "AESE.8 q0, q3\n" "AESMC.8 q0, q0\n" "VEXT.8 q15, q15, q15, #8 \n" @@ -4040,8 +4077,6 @@ static void wc_aes_ctr_encrypt_asm(Aes* aes, byte* out, const byte* in, "B 1b \n" "2: \n" - "VMOV.u32 q15, #0xffffffff \n" - "VADD.u32 q15, q14 \n" "VLD1.32 {q11}, [%[Key]]! \n" "VMOV.32 q0, q13 \n" "AESE.8 q0, q1\n" @@ -4052,10 +4087,15 @@ static void wc_aes_ctr_encrypt_asm(Aes* aes, byte* out, const byte* in, "VEXT.8 q13, q13, q13, #8 \n" "AESE.8 q0, q3\n" "AESMC.8 q0, q0\n" - "VADD.i32 q13, q13, q14 \n" /* add 1 to counter */ + + "VMOV.u32 q15, #0xffffffff \n" "VCEQ.i32 q12, q13, q15 \n" - "VEXT.8 q12, q14, q12, #12 \n" - "VSUB.i32 q13, q13, q12 \n" + "VADD.i32 q13, q13, q14 \n" /* add 1 to counter */ + "VAND.32 d25, d25, d24 \n" + "VEXT.8 q15, q14, q12, #12 \n" + "VAND.32 d31, d31, d24 \n" + "VSUB.i32 q13, q13, q15 \n" + "AESE.8 q0, q4\n" "AESMC.8 q0, q0\n" "AESE.8 q0, q5\n" diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 6b5d8ecd2..20bbd5f19 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -8586,6 +8586,609 @@ static int aesecb_test(void) } #endif /* HAVE_AES_ECB */ +#ifdef WOLFSSL_AES_COUNTER +static int aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) +{ + int ret; + + /* test vectors from "Recommendation for Block Cipher Modes of + * Operation" NIST Special Publication 800-38A */ + + WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; + +#ifdef WOLFSSL_ARMASM + WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap32[] = + { + 0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap32_2[] = + { + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xfe + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap64[] = + { + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0x0f,0xff,0xff,0xff,0xff,0xff,0xff,0xff + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap64_2[] = + { + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap96[] = + { + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xff + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap96_2[] = + { + 0xff,0xff,0xff,0xf0,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe + }; +#endif + WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128[] = + { + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + }; +#ifdef WOLFSSL_ARMASM + WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128_2[] = + { + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe + }; +#endif + +#ifdef WOLFSSL_AES_128 + WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] = + { + 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, + 0xc2 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Key[] = + { + 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, + 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Cipher[] = + { + 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26, + 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce, + 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff, + 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff, + 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e, + 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab, + 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, + 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee + }; + +#ifdef WOLFSSL_ARMASM + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32Cipher[] = + { + 0xb3,0x8b,0x58,0xbc,0xce,0xf4,0x71,0x78, + 0xf6,0x7c,0xdb,0xb4,0x27,0x2b,0x0a,0xbf, + 0x7e,0xad,0xea,0x5c,0xd1 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32CipherLong[] = + { + 0xb3,0x8b,0x58,0xbc,0xce,0xf4,0x71,0x78, + 0xf6,0x7c,0xdb,0xb4,0x27,0x2b,0x0a,0xbf, + 0x7e,0xad,0xea,0x5c,0xd1,0xb7,0x98,0xf0, + 0x22,0x20,0xfe,0x67,0xb0,0x02,0x23,0x50 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32_2CipherLong[] = + { + 0x6e,0xa1,0x27,0x4d,0xea,0x20,0x5f,0x39, + 0x68,0xc8,0xb6,0x78,0xde,0xfc,0x53,0x5c, + 0x90,0xc8,0xf6,0xc6,0xfa,0xe0,0x7b,0x09, + 0x7c,0xf8,0x9c,0x6a,0x5a,0xa5,0x17,0x7f, + 0x03,0x92,0x5f,0x4e,0x85,0xea,0x26,0xc9, + 0x5a,0xc2,0x74,0xe2,0xbf,0xe4,0x1b,0xd4 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64Cipher[] = + { + 0xdd,0x17,0x10,0x7c,0x45,0x04,0xac,0x43, + 0xef,0xa8,0xcc,0x32,0x34,0x87,0x88,0xd7, + 0xae,0x74,0x94,0x72,0x8e + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64CipherLong[] = + { + 0xdd,0x17,0x10,0x7c,0x45,0x04,0xac,0x43, + 0xef,0xa8,0xcc,0x32,0x34,0x87,0x88,0xd7, + 0xae,0x74,0x94,0x72,0x8e,0xd0,0x71,0xc0, + 0x89,0x8a,0xa1,0xb0,0x29,0xa0,0x10,0x9e + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64_2CipherLong[] = + { + 0x3f,0xe7,0xd5,0xf3,0xfa,0x09,0xfe,0x40, + 0xa6,0xa1,0x32,0x8b,0x57,0x12,0xb9,0xfa, + 0xf2,0x2d,0xe4,0x3c,0x66,0x1d,0x0a,0x8e, + 0x46,0xf8,0x2e,0x33,0xce,0x8d,0x4e,0x3b, + 0x17,0x67,0x9e,0x9f,0x76,0x9e,0xc2,0x99, + 0xd5,0xd4,0x71,0xed,0xb4,0x33,0xb2,0xcd + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96Cipher[] = + { + 0x55,0x24,0xc2,0x73,0xca,0xa3,0x48,0x03, + 0x0b,0x72,0x8d,0xd7,0x6c,0x99,0x8e,0x04, + 0x9d,0x77,0xc9,0x5f,0x38 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96CipherLong[] = + { + 0x55,0x24,0xc2,0x73,0xca,0xa3,0x48,0x03, + 0x0b,0x72,0x8d,0xd7,0x6c,0x99,0x8e,0x04, + 0x9d,0x77,0xc9,0x5f,0x38,0xb5,0x6e,0x44, + 0x21,0x8e,0xda,0x57,0xe0,0x41,0xc7,0x6a + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96_2CipherLong[] = + { + 0xc8,0x81,0x1a,0xbe,0xc7,0x5b,0x93,0x6f, + 0xe6,0x52,0xe4,0xb1,0x2d,0x1c,0x39,0xbc, + 0xeb,0x82,0x27,0x0a,0x7e,0xa5,0x0e,0x2d, + 0x32,0xda,0xbe,0x10,0x7a,0x10,0xcc,0xd3, + 0x6f,0xc6,0x83,0x28,0x05,0x57,0x8a,0x24, + 0x44,0x76,0x17,0x81,0xb9,0x5c,0x94,0x81 + }; +#endif + + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128Cipher[] = + { + 0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62, + 0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86, + 0xd3,0xda,0xe1,0x5b,0x04 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128CipherLong[] = + { + 0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62, + 0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86, + 0xd3,0xda,0xe1,0x5b,0x04,0xbb,0x35,0x2f, + 0xa0,0xf5,0x9f,0xeb,0xfc,0xb4,0xda,0x3e + }; +#ifdef WOLFSSL_ARMASM + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128_2CipherLong[] = + { + 0xba,0x76,0xaa,0x54,0xd5,0xb5,0x60,0x67, + 0xc1,0xa7,0x90,0x3b,0x3f,0xdd,0xfa,0x89, + 0x24,0xdf,0x0c,0x56,0x5c,0xf4,0x2a,0x68, + 0x97,0x87,0x13,0xb6,0x7a,0xd1,0x24,0xfd, + 0x4d,0x3f,0x77,0x4a,0xb9,0xe4,0x7d,0xa2, + 0xdb,0xb9,0x31,0x5e,0xa3,0x11,0x06,0x80 + }; +#endif +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] = + { + 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] = + { + 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2, + 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b, + 0x09,0x03,0x39,0xec,0x0a,0xa6,0xfa,0xef, + 0xd5,0xcc,0xc2,0xc6,0xf4,0xce,0x8e,0x94, + 0x1e,0x36,0xb2,0x6b,0xd1,0xeb,0xc6,0x70, + 0xd1,0xbd,0x1d,0x66,0x56,0x20,0xab,0xf7, + 0x4f,0x78,0xa7,0xf6,0xd2,0x98,0x09,0x58, + 0x5a,0x97,0xda,0xec,0x58,0xc6,0xb0,0x50 + }; + +#ifdef WOLFSSL_ARMASM + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32Cipher[] = + { + 0x28,0xaa,0xfa,0x90,0x72,0x74,0x86,0xaf, + 0x72,0x73,0x35,0x17,0x70,0x4e,0x7d,0xca, + 0x0c,0x33,0x97,0x06,0xc0 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32CipherLong[] = + { + 0x28,0xaa,0xfa,0x90,0x72,0x74,0x86,0xaf, + 0x72,0x73,0x35,0x17,0x70,0x4e,0x7d,0xca, + 0x0c,0x33,0x97,0x06,0xc0,0xbe,0x83,0x87, + 0xdd,0xd3,0xff,0xd8,0xe4,0x6a,0x5b,0x84 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32_2CipherLong[] = + { + 0xf5,0x00,0xa2,0x91,0x54,0xa3,0x76,0xa2, + 0xdd,0xad,0x16,0x89,0xe5,0xf0,0x1d,0x40, + 0x84,0xcd,0x74,0x84,0xcb,0x8b,0x9e,0x29, + 0xa9,0x8a,0x12,0x65,0xa0,0x79,0x5e,0xce, + 0xd9,0x50,0x65,0x21,0x86,0xb0,0x85,0x0d, + 0x98,0x2d,0x9a,0x5a,0x11,0xbe,0xa5,0x7f + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64Cipher[] = + { + 0xfe,0x39,0x27,0x97,0xac,0xe5,0xb8,0x74, + 0xb9,0x8c,0xbf,0x58,0x71,0xa4,0x80,0x33, + 0x3d,0xf7,0xb4,0xfd,0x8c + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64CipherLong[] = + { + 0xfe,0x39,0x27,0x97,0xac,0xe5,0xb8,0x74, + 0xb9,0x8c,0xbf,0x58,0x71,0xa4,0x80,0x33, + 0x3d,0xf7,0xb4,0xfd,0x8c,0x55,0x47,0x10, + 0xd5,0x91,0x35,0xbe,0xd8,0x0d,0xa5,0x9e + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64_2CipherLong[] = + { + 0x59,0xf1,0xed,0x70,0x62,0x42,0xa8,0x06, + 0x07,0x36,0xe1,0xc5,0x04,0x79,0xc3,0x9b, + 0xd1,0x14,0x5c,0xcc,0x6f,0x81,0x5f,0x2f, + 0xa0,0xde,0xcf,0x61,0x55,0x18,0x7a,0xac, + 0xb0,0x59,0x37,0x90,0x53,0xb3,0x00,0x88, + 0xb4,0x49,0x90,0x7b,0x96,0xcd,0xcc,0xc3 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96Cipher[] = + { + 0x41,0x21,0x40,0x31,0xfb,0xc8,0xad,0x23, + 0xde,0x00,0x03,0xd8,0x96,0x45,0xc7,0xb5, + 0x47,0xb5,0xf3,0x30,0x3b + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96CipherLong[] = + { + 0x41,0x21,0x40,0x31,0xfb,0xc8,0xad,0x23, + 0xde,0x00,0x03,0xd8,0x96,0x45,0xc7,0xb5, + 0x47,0xb5,0xf3,0x30,0x3b,0xef,0xcd,0x80, + 0xe3,0x61,0x34,0xef,0x4e,0x1b,0x79,0xc1 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96_2CipherLong[] = + { + 0x3c,0xb2,0xff,0xc0,0x24,0xe1,0xf5,0xc4, + 0x0f,0xd1,0x0a,0x1b,0xbe,0x1f,0x23,0xa1, + 0x8e,0xbf,0x2b,0x96,0xb6,0x37,0xc8,0x25, + 0x06,0x90,0xe2,0xca,0x71,0x24,0x52,0x95, + 0xaa,0x8c,0x80,0xdf,0xb7,0xd7,0x30,0xb0, + 0xcc,0x06,0x4f,0x28,0xa2,0x74,0x27,0xf8 + }; +#endif + + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128Cipher[] = + { + 0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67, + 0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98, + 0x8c,0x68,0xa7,0xd9,0x57 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128CipherLong[] = + { + 0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67, + 0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98, + 0x8c,0x68,0xa7,0xd9,0x57,0xab,0x09,0x0f, + 0x01,0xc4,0x4e,0x62,0xaf,0xc2,0xdf,0x1a + }; +#ifdef WOLFSSL_ARMASM + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128_2CipherLong[] = + { + 0x88,0x0a,0x26,0x4e,0xa8,0x26,0x21,0xe0, + 0xfc,0xbc,0x63,0xdc,0xd9,0x60,0x52,0xb2, + 0x99,0x2f,0xbb,0x1e,0x00,0xf5,0x9f,0x6d, + 0xab,0x48,0x0f,0xc6,0x37,0x12,0x56,0xe3, + 0x12,0x8d,0x31,0xc8,0xea,0xf4,0x41,0x82, + 0x7a,0x88,0xe0,0xd7,0xf0,0x67,0x03,0xa4 + }; +#endif +#endif +#ifdef WOLFSSL_AES_256 + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] = + { + 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5, + 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28, + 0xf4,0x43,0xe3,0xca,0x4d,0x62,0xb5,0x9a, + 0xca,0x84,0xe9,0x90,0xca,0xca,0xf5,0xc5, + 0x2b,0x09,0x30,0xda,0xa2,0x3d,0xe9,0x4c, + 0xe8,0x70,0x17,0xba,0x2d,0x84,0x98,0x8d, + 0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6, + 0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6 + }; + +#ifdef WOLFSSL_ARMASM + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32Cipher[] = + { + 0xb0,0xa8,0xc0,0x65,0x85,0x20,0x0d,0x5c, + 0x25,0xcf,0xe7,0x58,0x63,0xc8,0xd4,0xea, + 0xa2,0x13,0x47,0x74,0xda + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32CipherLong[] = + { + 0xb0,0xa8,0xc0,0x65,0x85,0x20,0x0d,0x5c, + 0x25,0xcf,0xe7,0x58,0x63,0xc8,0xd4,0xea, + 0xa2,0x13,0x47,0x74,0xda,0x89,0x77,0x40, + 0x28,0x9c,0xe8,0x19,0x26,0x32,0xd8,0x1f + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32_2CipherLong[] = + { + 0xf6,0xd9,0x22,0xc6,0x80,0x29,0xaf,0x14, + 0x54,0x6c,0x0a,0xce,0x42,0xea,0x3c,0xa1, + 0x7c,0xeb,0x36,0x0d,0x8e,0xd7,0x8c,0x59, + 0xa8,0x09,0x9f,0x9e,0xba,0x5b,0x95,0xfa, + 0x26,0x8c,0x37,0x59,0xf8,0xae,0x8e,0xaa, + 0x4d,0xe4,0x1c,0xfe,0x51,0xc7,0xb7,0xcc + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64Cipher[] = + { + 0x74,0x1a,0x52,0x41,0x76,0xb4,0x11,0x8f, + 0xfd,0x57,0x31,0xfd,0x3d,0x76,0x8f,0x07, + 0xd4,0x94,0x4c,0xcd,0x4d + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64CipherLong[] = + { + 0x74,0x1a,0x52,0x41,0x76,0xb4,0x11,0x8f, + 0xfd,0x57,0x31,0xfd,0x3d,0x76,0x8f,0x07, + 0xd4,0x94,0x4c,0xcd,0x4d,0x47,0x5a,0x92, + 0x26,0x49,0x81,0x7a,0xda,0x36,0x27,0x01 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64_2CipherLong[] = + { + 0xf7,0x9c,0xbf,0xf6,0xa2,0xaa,0x8a,0x0a, + 0x63,0x8a,0x20,0x2f,0x12,0xf1,0x8e,0x49, + 0x30,0xc0,0x8d,0x5c,0x5f,0x8b,0xbc,0x16, + 0xdd,0x71,0xee,0x13,0x14,0x7b,0xe1,0x25, + 0xcb,0x87,0x8a,0xc6,0xdc,0x1d,0x54,0x7a, + 0xe1,0xe4,0x6f,0x0d,0x95,0x1b,0xd1,0x8b + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96Cipher[] = + { + 0xb9,0x07,0x02,0xb8,0xbe,0x94,0xbf,0x53, + 0xdf,0x83,0x8e,0x23,0x8c,0x67,0x0c,0x81, + 0xb8,0x69,0xa1,0x48,0x45 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96CipherLong[] = + { + 0xb9,0x07,0x02,0xb8,0xbe,0x94,0xbf,0x53, + 0xdf,0x83,0x8e,0x23,0x8c,0x67,0x0c,0x81, + 0xb8,0x69,0xa1,0x48,0x45,0xf1,0xc6,0x27, + 0x36,0xa8,0xb2,0x4b,0x0e,0x62,0x6b,0x72 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96_2CipherLong[] = + { + 0xd5,0x56,0x73,0xaa,0xb8,0xe4,0x06,0xf6, + 0x83,0x45,0x3a,0xb4,0xb9,0x63,0xec,0xad, + 0x73,0xc5,0xab,0x78,0xb1,0x21,0xab,0xef, + 0x69,0x15,0xb7,0x0c,0xe9,0xb4,0x3a,0xe7, + 0xbc,0xc4,0x22,0xbd,0x93,0xba,0x52,0xe0, + 0x91,0x2f,0x5e,0x8d,0x6d,0x59,0xf7,0xc2 + }; +#endif + + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128Cipher[] = + { + 0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48, + 0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6, + 0x4b,0x45,0x7c,0xd6,0x8a + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128CipherLong[] = + { + 0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48, + 0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6, + 0x4b,0x45,0x7c,0xd6,0x8a,0xcc,0xda,0x4a, + 0x89,0xfa,0x23,0x6c,0x06,0xbf,0x26,0x05 + }; +#ifdef WOLFSSL_ARMASM + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128_2CipherLong[] = + { + 0x24,0x5c,0x09,0xa0,0x3b,0x1a,0x5a,0x94, + 0x2b,0x93,0x56,0x13,0x48,0xa0,0x21,0xce, + 0x95,0x11,0xa3,0x76,0xd6,0x59,0x88,0x42, + 0x04,0x71,0x69,0x62,0x28,0xb2,0xee,0x9d, + 0xd5,0xa0,0xea,0xc7,0x37,0x93,0x92,0xc7, + 0xf2,0xb6,0x8d,0xd9,0x59,0x1a,0xfa,0xbb + }; +#endif +#endif + int i; + struct { + const byte* key; + int keySz; + const byte* iv; + const byte* plain; + int len; + const byte* cipher; + } testVec[] = { +#ifdef WOLFSSL_AES_128 + { ctr128Key, (int)sizeof(ctr128Key), ctrIv, + ctrPlain, (int)sizeof(ctrPlain), ctr128Cipher }, + /* let's try with just 9 bytes, non block size test */ + { ctr128Key, (int)sizeof(ctr128Key), ctrIv, + ctrPlain, (int)sizeof(oddCipher), ctr128Cipher }, + /* and an additional 9 bytes to reuse tmp left buffer */ + { NULL, 0, NULL, ctrPlain, (int)sizeof(oddCipher), oddCipher }, + /* Counter wrapping */ + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128, + ctrPlain, (int)sizeof(ctr128Wrap128Cipher), ctr128Wrap128Cipher }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128, + ctrPlain, (int)sizeof(ctr128Wrap128CipherLong), + ctr128Wrap128CipherLong }, + #ifdef WOLFSSL_ARMASM + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128_2, + ctrPlain, (int)sizeof(ctr128Wrap128_2CipherLong), + ctr128Wrap128_2CipherLong }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96, + ctrPlain, (int)sizeof(ctr128Wrap96Cipher), ctr128Wrap96Cipher }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96, + ctrPlain, (int)sizeof(ctr128Wrap96CipherLong), + ctr128Wrap96CipherLong }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96_2, + ctrPlain, (int)sizeof(ctr128Wrap96_2CipherLong), + ctr128Wrap96_2CipherLong }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64, + ctrPlain, (int)sizeof(ctr128Wrap64Cipher), ctr128Wrap64Cipher }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64, + ctrPlain, (int)sizeof(ctr128Wrap64CipherLong), + ctr128Wrap64CipherLong }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64_2, + ctrPlain, (int)sizeof(ctr128Wrap64_2CipherLong), + ctr128Wrap64_2CipherLong }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32, + ctrPlain, (int)sizeof(ctr128Wrap32Cipher), ctr128Wrap32Cipher }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32, + ctrPlain, (int)sizeof(ctr128Wrap32CipherLong), + ctr128Wrap32CipherLong }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32_2, + ctrPlain, (int)sizeof(ctr128Wrap32_2CipherLong), + ctr128Wrap32_2CipherLong }, + #endif +#endif +#ifdef WOLFSSL_AES_192 + { ctr192Key, (int)sizeof(ctr192Key), ctrIv, + ctrPlain, (int)sizeof(ctrPlain), ctr192Cipher }, + /* let's try with just 9 bytes, non block size test */ + { ctr192Key, (int)sizeof(ctr192Key), ctrIv, + ctrPlain, (int)sizeof(oddCipher), ctr192Cipher }, + /* Counter wrapping */ + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128, + ctrPlain, (int)sizeof(ctr192Wrap128Cipher), ctr192Wrap128Cipher }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128, + ctrPlain, (int)sizeof(ctr192Wrap128CipherLong), + ctr192Wrap128CipherLong }, + #ifdef WOLFSSL_ARMASM + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128_2, + ctrPlain, (int)sizeof(ctr192Wrap128_2CipherLong), + ctr192Wrap128_2CipherLong }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96, + ctrPlain, (int)sizeof(ctr192Wrap96Cipher), ctr192Wrap96Cipher }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96, + ctrPlain, (int)sizeof(ctr192Wrap96CipherLong), + ctr192Wrap96CipherLong }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96_2, + ctrPlain, (int)sizeof(ctr192Wrap96_2CipherLong), + ctr192Wrap96_2CipherLong }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64, + ctrPlain, (int)sizeof(ctr192Wrap64Cipher), ctr192Wrap64Cipher }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64, + ctrPlain, (int)sizeof(ctr192Wrap64CipherLong), + ctr192Wrap64CipherLong }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64_2, + ctrPlain, (int)sizeof(ctr192Wrap64_2CipherLong), + ctr192Wrap64_2CipherLong }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32, + ctrPlain, (int)sizeof(ctr192Wrap32Cipher), ctr192Wrap32Cipher }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32, + ctrPlain, (int)sizeof(ctr192Wrap32CipherLong), + ctr192Wrap32CipherLong }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32_2, + ctrPlain, (int)sizeof(ctr192Wrap32_2CipherLong), + ctr192Wrap32_2CipherLong }, + #endif +#endif +#ifdef WOLFSSL_AES_256 + { ctr256Key, (int)sizeof(ctr256Key), ctrIv, + ctrPlain, (int)sizeof(ctrPlain), ctr256Cipher }, + /* let's try with just 9 bytes, non block size test */ + { ctr256Key, (int)sizeof(ctr256Key), ctrIv, + ctrPlain, (int)sizeof(oddCipher), ctr256Cipher }, + /* Counter wrapping */ + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128, + ctrPlain, (int)sizeof(ctr256Wrap128Cipher), ctr256Wrap128Cipher }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128, + ctrPlain, (int)sizeof(ctr256Wrap128CipherLong), + ctr256Wrap128CipherLong }, + #ifdef WOLFSSL_ARMASM + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128_2, + ctrPlain, (int)sizeof(ctr256Wrap128_2CipherLong), + ctr256Wrap128_2CipherLong }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96, + ctrPlain, (int)sizeof(ctr256Wrap96Cipher), ctr256Wrap96Cipher }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96, + ctrPlain, (int)sizeof(ctr256Wrap96CipherLong), + ctr256Wrap96CipherLong }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96_2, + ctrPlain, (int)sizeof(ctr256Wrap96_2CipherLong), + ctr256Wrap96_2CipherLong }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64, + ctrPlain, (int)sizeof(ctr256Wrap64Cipher), ctr256Wrap64Cipher }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64, + ctrPlain, (int)sizeof(ctr256Wrap64CipherLong), + ctr256Wrap64CipherLong }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64_2, + ctrPlain, (int)sizeof(ctr256Wrap64_2CipherLong), + ctr256Wrap64_2CipherLong }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32, + ctrPlain, (int)sizeof(ctr256Wrap32Cipher), ctr256Wrap32Cipher }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32, + ctrPlain, (int)sizeof(ctr256Wrap32CipherLong), + ctr256Wrap32CipherLong }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32_2, + ctrPlain, (int)sizeof(ctr256Wrap32_2CipherLong), + ctr256Wrap32_2CipherLong }, + #endif +#endif + }; + #define AES_CTR_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec)) + + for (i = 0; i < AES_CTR_TEST_LEN; i++) { + if (testVec[i].key != NULL) { + ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz, + testVec[i].iv, AES_ENCRYPTION); + if (ret != 0) { + ERROR_OUT(-5930 - i * 10, out); + } + /* Ctr only uses encrypt, even on key setup */ + ret = wc_AesSetKeyDirect(dec, testVec[i].key, testVec[i].keySz, + testVec[i].iv, AES_ENCRYPTION); + if (ret != 0) { + ERROR_OUT(-5931 - i * 10, out); + } + } + + ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, testVec[i].len); + if (ret != 0) { + ERROR_OUT(-5932 - i * 10, out); + } + ret = wc_AesCtrEncrypt(dec, plain, cipher, testVec[i].len); + if (ret != 0) { + ERROR_OUT(-5933 - i * 10, out); + } + + if (XMEMCMP(plain, ctrPlain, testVec[i].len)) { + ERROR_OUT(-5934 - i * 10, out); + } + if (XMEMCMP(cipher, testVec[i].cipher, testVec[i].len)) { + ERROR_OUT(-5935 - i * 10, out); + } + } + +out: + return ret; +} +#endif /* WOLFSSL_AES_COUNTER */ + WOLFSSL_TEST_SUBROUTINE int aes_test(void) { @@ -8887,456 +9490,10 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void) #endif /* HAVE_AES_CBC */ #ifdef WOLFSSL_AES_COUNTER - { - /* test vectors from "Recommendation for Block Cipher Modes of - * Operation" NIST Special Publication 800-38A */ - - WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] = - { - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, - 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff - }; - - WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - }; - - WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap[] = - { - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff - }; - -#ifdef WOLFSSL_AES_128 - WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] = - { - 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, - 0xc2 - }; - - WOLFSSL_SMALL_STACK_STATIC const byte ctr128Key[] = - { - 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, - 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c - }; - - WOLFSSL_SMALL_STACK_STATIC const byte ctr128Cipher[] = - { - 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26, - 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce, - 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff, - 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff, - 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e, - 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab, - 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, - 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee - }; - - WOLFSSL_SMALL_STACK_STATIC const byte ctr128WrapCipher[] = - { - 0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62, - 0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86, - 0xd3,0xda,0xe1,0x5b,0x04 - }; - - WOLFSSL_SMALL_STACK_STATIC const byte ctr128WrapCipherLong[] = - { - 0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62, - 0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86, - 0xd3,0xda,0xe1,0x5b,0x04,0xbb,0x35,0x2f, - 0xa0,0xf5,0x9f,0xeb,0xfc,0xb4,0xda,0x3e - }; -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] = - { - 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, - 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, - 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b - }; - - WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] = - { - 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2, - 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b, - 0x09,0x03,0x39,0xec,0x0a,0xa6,0xfa,0xef, - 0xd5,0xcc,0xc2,0xc6,0xf4,0xce,0x8e,0x94, - 0x1e,0x36,0xb2,0x6b,0xd1,0xeb,0xc6,0x70, - 0xd1,0xbd,0x1d,0x66,0x56,0x20,0xab,0xf7, - 0x4f,0x78,0xa7,0xf6,0xd2,0x98,0x09,0x58, - 0x5a,0x97,0xda,0xec,0x58,0xc6,0xb0,0x50 - }; - - WOLFSSL_SMALL_STACK_STATIC const byte ctr192WrapCipher[] = - { - 0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67, - 0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98, - 0x8c,0x68,0xa7,0xd9,0x57 - }; - - WOLFSSL_SMALL_STACK_STATIC const byte ctr192WrapCipherLong[] = - { - 0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67, - 0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98, - 0x8c,0x68,0xa7,0xd9,0x57,0xab,0x09,0x0f, - 0x01,0xc4,0x4e,0x62,0xaf,0xc2,0xdf,0x1a, - }; + ret = aesctr_test(enc, dec, cipher, plain); + if (ret != 0) + return ret; #endif -#ifdef WOLFSSL_AES_256 - WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] = - { - 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5, - 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28, - 0xf4,0x43,0xe3,0xca,0x4d,0x62,0xb5,0x9a, - 0xca,0x84,0xe9,0x90,0xca,0xca,0xf5,0xc5, - 0x2b,0x09,0x30,0xda,0xa2,0x3d,0xe9,0x4c, - 0xe8,0x70,0x17,0xba,0x2d,0x84,0x98,0x8d, - 0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6, - 0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6 - }; - - WOLFSSL_SMALL_STACK_STATIC const byte ctr256WrapCipher[] = - { - 0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48, - 0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6, - 0x4b,0x45,0x7c,0xd6,0x8a - }; - - WOLFSSL_SMALL_STACK_STATIC const byte ctr256WrapCipherLong[] = - { - 0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48, - 0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6, - 0x4b,0x45,0x7c,0xd6,0x8a,0xcc,0xda,0x4a, - 0x89,0xfa,0x23,0x6c,0x06,0xbf,0x26,0x05, - }; -#endif - -#ifdef WOLFSSL_AES_128 - ret = wc_AesSetKeyDirect(enc, ctr128Key, sizeof(ctr128Key), - ctrIv, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5930, out); - } - /* Ctr only uses encrypt, even on key setup */ - ret = wc_AesSetKeyDirect(dec, ctr128Key, sizeof(ctr128Key), - ctrIv, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5931, out); - } - - ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(ctrPlain)); - if (ret != 0) { - ERROR_OUT(-5932, out); - } - ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(ctrPlain)); - if (ret != 0) { - ERROR_OUT(-5933, out); - } - if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain))) - ERROR_OUT(-5934, out); - - if (XMEMCMP(cipher, ctr128Cipher, sizeof(ctr128Cipher))) - ERROR_OUT(-5935, out); - - /* let's try with just 9 bytes, non block size test */ - ret = wc_AesSetKeyDirect(enc, ctr128Key, AES_BLOCK_SIZE, - ctrIv, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5936, out); - } - /* Ctr only uses encrypt, even on key setup */ - ret = wc_AesSetKeyDirect(dec, ctr128Key, AES_BLOCK_SIZE, - ctrIv, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5937, out); - } - - ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(oddCipher)); - if (ret != 0) { - ERROR_OUT(-5938, out); - } - ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(oddCipher)); - if (ret != 0) { - ERROR_OUT(-5939, out); - } - - if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher))) - ERROR_OUT(-5940, out); - - if (XMEMCMP(cipher, ctr128Cipher, sizeof(oddCipher))) - ERROR_OUT(-5941, out); - - /* and an additional 9 bytes to reuse tmp left buffer */ - ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(oddCipher)); - if (ret != 0) { - ERROR_OUT(-5942, out); - } - ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(oddCipher)); - if (ret != 0) { - ERROR_OUT(-5943, out); - } - - if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher))) - ERROR_OUT(-5944, out); - - if (XMEMCMP(cipher, oddCipher, sizeof(oddCipher))) - ERROR_OUT(-5945, out); - - /* When more than a block but less than two and wrapping ctr */ - ret = wc_AesSetKeyDirect(enc, ctr128Key, sizeof(ctr128Key), - ctrIvWrap, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5946, out); - } - /* Ctr only uses encrypt, even on key setup */ - ret = wc_AesSetKeyDirect(dec, ctr128Key, sizeof(ctr128Key), - ctrIvWrap, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5947, out); - } - - ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(ctr128WrapCipher)); - if (ret != 0) { - ERROR_OUT(-5948, out); - } - ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(ctr128WrapCipher)); - if (ret != 0) { - ERROR_OUT(-5949, out); - } - - if (XMEMCMP(plain, ctrPlain, sizeof(ctr128WrapCipher))) - ERROR_OUT(-5950, out); - - if (XMEMCMP(cipher, ctr128WrapCipher, sizeof(ctr128WrapCipher))) - ERROR_OUT(-5951, out); - - /* When more than a block but less than two and wrapping ctr */ - ret = wc_AesSetKeyDirect(enc, ctr128Key, sizeof(ctr128Key), - ctrIvWrap, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5952, out); - } - /* Ctr only uses encrypt, even on key setup */ - ret = wc_AesSetKeyDirect(dec, ctr128Key, sizeof(ctr128Key), - ctrIvWrap, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5953, out); - } - - ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, - sizeof(ctr128WrapCipherLong)); - if (ret != 0) { - ERROR_OUT(-5954, out); - } - ret = wc_AesCtrEncrypt(dec, plain, cipher, - sizeof(ctr128WrapCipherLong)); - if (ret != 0) { - ERROR_OUT(-5955, out); - } - - if (XMEMCMP(plain, ctrPlain, sizeof(ctr128WrapCipherLong))) - ERROR_OUT(-5956, out); - - if (XMEMCMP(cipher, ctr128WrapCipherLong, sizeof(ctr128WrapCipherLong))) - ERROR_OUT(-5957, out); -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - /* 192 bit key */ - ret = wc_AesSetKeyDirect(enc, ctr192Key, sizeof(ctr192Key), - ctrIv, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5958, out); - } - /* Ctr only uses encrypt, even on key setup */ - ret = wc_AesSetKeyDirect(dec, ctr192Key, sizeof(ctr192Key), - ctrIv, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5959, out); - } - - XMEMSET(plain, 0, sizeof(plain)); - ret = wc_AesCtrEncrypt(enc, plain, ctr192Cipher, sizeof(ctr192Cipher)); - if (ret != 0) { - ERROR_OUT(-5960, out); - } - - if (XMEMCMP(plain, ctrPlain, sizeof(ctr192Cipher))) - ERROR_OUT(-5961, out); - - ret = wc_AesCtrEncrypt(dec, cipher, ctrPlain, sizeof(ctrPlain)); - if (ret != 0) { - ERROR_OUT(-5962, out); - } - if (XMEMCMP(ctr192Cipher, cipher, sizeof(ctr192Cipher))) - ERROR_OUT(-5963, out); - - /* When more than a block but less than two and wrapping ctr */ - ret = wc_AesSetKeyDirect(enc, ctr192Key, sizeof(ctr192Key), - ctrIvWrap, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5964, out); - } - /* Ctr only uses encrypt, even on key setup */ - ret = wc_AesSetKeyDirect(dec, ctr192Key, sizeof(ctr192Key), - ctrIvWrap, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5965, out); - } - - ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(ctr192WrapCipher)); - if (ret != 0) { - ERROR_OUT(-5966, out); - } - ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(ctr192WrapCipher)); - if (ret != 0) { - ERROR_OUT(-5967, out); - } - - if (XMEMCMP(plain, ctrPlain, sizeof(ctr192WrapCipher))) - ERROR_OUT(-5968, out); - - if (XMEMCMP(cipher, ctr192WrapCipher, sizeof(ctr192WrapCipher))) - ERROR_OUT(-5969, out); - - /* When more than a block but less than two and wrapping ctr */ - ret = wc_AesSetKeyDirect(enc, ctr192Key, sizeof(ctr192Key), - ctrIvWrap, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5970, out); - } - /* Ctr only uses encrypt, even on key setup */ - ret = wc_AesSetKeyDirect(dec, ctr192Key, sizeof(ctr192Key), - ctrIvWrap, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5971, out); - } - - ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, - sizeof(ctr192WrapCipherLong)); - if (ret != 0) { - ERROR_OUT(-5972, out); - } - ret = wc_AesCtrEncrypt(dec, plain, cipher, - sizeof(ctr192WrapCipherLong)); - if (ret != 0) { - ERROR_OUT(-5973, out); - } - - if (XMEMCMP(plain, ctrPlain, sizeof(ctr192WrapCipherLong))) - ERROR_OUT(-5974, out); - - if (XMEMCMP(cipher, ctr192WrapCipherLong, sizeof(ctr192WrapCipherLong))) - ERROR_OUT(-5975, out); -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - /* 256 bit key */ - ret = wc_AesSetKeyDirect(enc, ctr256Key, sizeof(ctr256Key), - ctrIv, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5976, out); - } - /* Ctr only uses encrypt, even on key setup */ - ret = wc_AesSetKeyDirect(dec, ctr256Key, sizeof(ctr256Key), - ctrIv, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5977, out); - } - - XMEMSET(plain, 0, sizeof(plain)); - ret = wc_AesCtrEncrypt(enc, plain, ctr256Cipher, sizeof(ctr256Cipher)); - if (ret != 0) { - ERROR_OUT(-5978, out); - } - - if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain))) - ERROR_OUT(-5979, out); - - ret = wc_AesCtrEncrypt(dec, cipher, ctrPlain, sizeof(ctrPlain)); - if (ret != 0) { - ERROR_OUT(-5980, out); - } - if (XMEMCMP(ctr256Cipher, cipher, sizeof(ctr256Cipher))) - ERROR_OUT(-5981, out); - - /* When more than a block but less than two and wrapping ctr */ - ret = wc_AesSetKeyDirect(enc, ctr256Key, sizeof(ctr256Key), - ctrIvWrap, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5982, out); - } - /* Ctr only uses encrypt, even on key setup */ - ret = wc_AesSetKeyDirect(dec, ctr256Key, sizeof(ctr256Key), - ctrIvWrap, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5983, out); - } - - ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(ctr256WrapCipher)); - if (ret != 0) { - ERROR_OUT(-5984, out); - } - ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(ctr256WrapCipher)); - if (ret != 0) { - ERROR_OUT(-5985, out); - } - - if (XMEMCMP(plain, ctrPlain, sizeof(ctr256WrapCipher))) - ERROR_OUT(-5986, out); - - if (XMEMCMP(cipher, ctr256WrapCipher, sizeof(ctr256WrapCipher))) - ERROR_OUT(-5987, out); - - /* When more than a block but less than two and wrapping ctr */ - ret = wc_AesSetKeyDirect(enc, ctr256Key, sizeof(ctr256Key), - ctrIvWrap, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5888, out); - } - /* Ctr only uses encrypt, even on key setup */ - ret = wc_AesSetKeyDirect(dec, ctr256Key, sizeof(ctr256Key), - ctrIvWrap, AES_ENCRYPTION); - if (ret != 0) { - ERROR_OUT(-5989, out); - } - - ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, - sizeof(ctr256WrapCipherLong)); - if (ret != 0) { - ERROR_OUT(-5990, out); - } - ret = wc_AesCtrEncrypt(dec, plain, cipher, - sizeof(ctr256WrapCipherLong)); - if (ret != 0) { - ERROR_OUT(-5991, out); - } - - if (XMEMCMP(plain, ctrPlain, sizeof(ctr256WrapCipherLong))) - ERROR_OUT(-5992, out); - - if (XMEMCMP(cipher, ctr256WrapCipherLong, sizeof(ctr256WrapCipherLong))) - ERROR_OUT(-5993, out); -#endif /* WOLFSSL_AES_256 */ - } -#endif /* WOLFSSL_AES_COUNTER */ #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) { diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h index f030eecb9..1c4fe91e4 100644 --- a/wolfssl/wolfcrypt/sp_int.h +++ b/wolfssl/wolfcrypt/sp_int.h @@ -31,6 +31,7 @@ This library provides single precision (SP) integer math functions. #include #endif #include +#include #ifdef __cplusplus extern "C" {