mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 08:50:49 +02:00
1426 lines
58 KiB
Rust
1426 lines
58 KiB
Rust
#![cfg(aes)]
|
|
|
|
use wolfssl_wolfcrypt::aes::*;
|
|
|
|
const BIG_MSG: [u8; 384] = [
|
|
0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
|
|
0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
|
|
0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
|
|
0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
|
|
0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
|
|
0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
|
|
0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
|
|
0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
|
|
0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
|
|
0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
|
|
0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
|
|
0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
|
|
0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
|
|
0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
|
|
0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
|
|
0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
|
|
0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
|
|
0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
|
|
0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
|
|
0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
|
|
0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
|
|
0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
|
|
0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
|
|
0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
|
|
0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
|
|
0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
|
|
0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
|
|
0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
|
|
0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
|
|
0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
|
|
0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
|
|
0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
|
|
0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
|
|
0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
|
|
0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
|
|
0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
|
|
0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
|
|
0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
|
|
0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
|
|
0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
|
|
0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
|
|
0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
|
|
0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
|
|
0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
|
|
0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
|
|
0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
|
|
0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
|
|
0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20
|
|
];
|
|
|
|
#[test]
|
|
#[cfg(aes_cbc)]
|
|
fn test_cbc_encrypt_decrypt() {
|
|
let mut cbc = CBC::new().expect("Failed to create CBC");
|
|
let key: &[u8; 16] = b"0123456789abcdef";
|
|
let iv: &[u8; 16] = b"1234567890abcdef";
|
|
let msg: [u8; 16] = [
|
|
0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
|
|
0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20,
|
|
];
|
|
let expected_cipher: [u8; 16] = [
|
|
0x95, 0x94, 0x92, 0x57, 0x5f, 0x42, 0x81, 0x53,
|
|
0x2c, 0xcc, 0x9d, 0x46, 0x77, 0xa2, 0x33, 0xcb
|
|
];
|
|
cbc.init_encrypt(key, iv).expect("Error with init_encrypt()");
|
|
let mut cipher: [u8; 16] = [0; 16];
|
|
cbc.encrypt(&msg, &mut cipher).expect("Error with encrypt()");
|
|
assert_eq!(&cipher, &expected_cipher);
|
|
let mut plain_out = [0; 16];
|
|
cbc.init_decrypt(key, iv).expect("Error with init_decrypt()");
|
|
cbc.decrypt(&cipher, &mut plain_out).expect("Error with decrypt()");
|
|
assert_eq!(&plain_out, &msg);
|
|
}
|
|
|
|
#[test]
|
|
#[cfg(aes_cbc)]
|
|
fn test_cbc_big_msg() {
|
|
let mut cbc = CBC::new().expect("Failed to create CBC");
|
|
let big_key = b"0123456789abcdeffedcba9876543210";
|
|
let iv: &[u8; 16] = b"1234567890abcdef";
|
|
let mut big_cipher: [u8; 384] = [0; 384];
|
|
let mut big_plain: [u8; 384] = [0; 384];
|
|
cbc.init_encrypt(big_key, iv).expect("Error with init_encrypt()");
|
|
for i in (0..384).step_by(16) {
|
|
cbc.encrypt(&BIG_MSG[i..(i + 16)], &mut big_cipher[i..(i + 16)]).expect("Error with encrypt()");
|
|
}
|
|
cbc.init_decrypt(big_key, iv).expect("Error with init_decrypt()");
|
|
for i in (0..384).step_by(16) {
|
|
cbc.decrypt(&big_cipher[i..(i + 16)], &mut big_plain[i..(i + 16)]).expect("Error with decrypt()");
|
|
}
|
|
assert_eq!(big_plain, BIG_MSG);
|
|
}
|
|
|
|
#[test]
|
|
#[cfg(aes_ccm)]
|
|
fn test_ccm_encrypt_decrypt() {
|
|
let key: [u8; 16] = [
|
|
0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
|
|
0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
|
|
];
|
|
let nonce: [u8; 13] = [
|
|
0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
|
|
0xa1, 0xa2, 0xa3, 0xa4, 0xa5
|
|
];
|
|
let plaintext: [u8; 23] = [
|
|
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
|
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
|
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
|
|
];
|
|
let plaintext_long: [u8; 73] = [
|
|
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
|
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
|
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
|
|
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
|
|
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
|
|
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
|
|
0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
|
|
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
|
|
0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
|
|
0x50
|
|
];
|
|
let auth_data: [u8; 8] = [
|
|
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
|
|
];
|
|
let expected_ciphertext: [u8; 23] = [
|
|
0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
|
|
0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
|
|
0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
|
|
];
|
|
let expected_auth_tag: [u8; 8] = [
|
|
0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
|
|
];
|
|
let expected_ciphertext_long: [u8; 73] = [
|
|
0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
|
|
0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
|
|
0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84, 0xe0,
|
|
0x44, 0x2d, 0xbe, 0x25, 0xfa, 0x48, 0x2b, 0xa8,
|
|
0x36, 0x0b, 0xbf, 0x01, 0xc0, 0x12, 0x45, 0xa4,
|
|
0x82, 0x9f, 0x20, 0x6c, 0xc3, 0xd6, 0xae, 0x5b,
|
|
0x54, 0x8d, 0xd0, 0xb1, 0x69, 0x2c, 0xec, 0x5e,
|
|
0x95, 0xa5, 0x6b, 0x48, 0xc3, 0xc6, 0xc8, 0x9e,
|
|
0xc7, 0x92, 0x98, 0x9d, 0x26, 0x7d, 0x2a, 0x10,
|
|
0x0b
|
|
];
|
|
let expected_auth_tag_long: [u8; 8] = [
|
|
0x89, 0xd8, 0xd2, 0x02, 0xc5, 0xcf, 0xae, 0xf4
|
|
];
|
|
|
|
let mut ccm = CCM::new().expect("Failed to create CCM");
|
|
ccm.init(&key).expect("Error with init()");
|
|
let mut auth_tag_out: [u8; 8] = [0; 8];
|
|
let mut cipher_out: [u8; 23] = [0; 23];
|
|
ccm.encrypt(&plaintext, &mut cipher_out,
|
|
&nonce, &auth_data, &mut auth_tag_out).expect("Error with encrypt()");
|
|
assert_eq!(cipher_out, expected_ciphertext);
|
|
assert_eq!(auth_tag_out, expected_auth_tag);
|
|
ccm.init(&key).expect("Error with init()");
|
|
let mut plain_out: [u8; 23] = [0; 23];
|
|
ccm.decrypt(&cipher_out, &mut plain_out,
|
|
&nonce, &auth_data, &auth_tag_out).expect("Error with decrypt()");
|
|
assert_eq!(plain_out, plaintext);
|
|
|
|
ccm.init(&key).expect("Error with init()");
|
|
let mut auth_tag_long_out: [u8; 8] = [0; 8];
|
|
let mut cipher_long_out: [u8; 73] = [0; 73];
|
|
ccm.encrypt(&plaintext_long, &mut cipher_long_out,
|
|
&nonce, &auth_data, &mut auth_tag_long_out).expect("Error with encrypt()");
|
|
assert_eq!(cipher_long_out, expected_ciphertext_long);
|
|
assert_eq!(auth_tag_long_out, expected_auth_tag_long);
|
|
ccm.init(&key).expect("Error with init()");
|
|
let mut plain_long_out: [u8; 73] = [0; 73];
|
|
ccm.decrypt(&cipher_long_out, &mut plain_long_out,
|
|
&nonce, &auth_data, &auth_tag_long_out).expect("Error with decrypt()");
|
|
assert_eq!(plain_long_out, plaintext_long);
|
|
}
|
|
|
|
#[test]
|
|
#[cfg(aes_ccm)]
|
|
fn test_ccm_big_msg() {
|
|
let mut ccm = CCM::new().expect("Failed to create CCM");
|
|
let big_key = b"0123456789abcdeffedcba9876543210";
|
|
let nonce: [u8; 7] = [0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00];
|
|
let auth_data: [u8; 8] = [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07];
|
|
let mut big_cipher: [u8; 384] = [0; 384];
|
|
let mut big_plain: [u8; 384] = [0; 384];
|
|
let mut auth_tag: [u8; 8] = [0; 8];
|
|
ccm.init(big_key).expect("Error with init()");
|
|
ccm.encrypt(&BIG_MSG, &mut big_cipher,
|
|
&nonce, &auth_data, &mut auth_tag).expect("Error with encrypt()");
|
|
ccm.init(big_key).expect("Error with init()");
|
|
ccm.decrypt(&big_cipher, &mut big_plain,
|
|
&nonce, &auth_data, &auth_tag).expect("Error with decrypt()");
|
|
assert_eq!(big_plain, BIG_MSG);
|
|
}
|
|
|
|
#[test]
|
|
#[cfg(aes_cfb)]
|
|
fn test_cfb_encrypt_decrypt() {
|
|
let mut cfb = CFB::new().expect("Failed to create CFB");
|
|
let key: [u8; 16] = [
|
|
0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
|
|
0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
|
|
];
|
|
let iv: [u8; 16] = [
|
|
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
|
|
0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
|
|
];
|
|
let msg: [u8; 48] = [
|
|
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
|
|
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
|
|
0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
|
|
0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
|
|
0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
|
|
0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef
|
|
];
|
|
let cipher: [u8; 48] = [
|
|
0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
|
|
0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
|
|
0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
|
|
0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b,
|
|
0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40,
|
|
0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf
|
|
];
|
|
cfb.init(&key, &iv).expect("Error with init()");
|
|
let mut outbuf: [u8; 48] = [0; 48];
|
|
cfb.encrypt(&msg[0..32], &mut outbuf[0..32]).expect("Error with encrypt()");
|
|
/* Break up encrypt over two operations to test continuation. */
|
|
cfb.encrypt(&msg[32..48], &mut outbuf[32..48]).expect("Error with encrypt()");
|
|
assert_eq!(outbuf, cipher);
|
|
cfb.init(&key, &iv).expect("Error with init()");
|
|
let mut plain: [u8; 48] = [0; 48];
|
|
cfb.decrypt(&outbuf, &mut plain).expect("Error with decrypt()");
|
|
assert_eq!(plain, msg);
|
|
}
|
|
|
|
#[test]
|
|
#[cfg(aes_cfb)]
|
|
fn test_cfb_big_msg() {
|
|
let mut cfb = CFB::new().expect("Failed to create CFB");
|
|
let big_key = b"0123456789abcdeffedcba9876543210";
|
|
let iv: [u8; 16] = [
|
|
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
|
|
0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
|
|
];
|
|
let mut big_cipher: [u8; 384] = [0; 384];
|
|
let mut big_plain: [u8; 384] = [0; 384];
|
|
cfb.init(big_key, &iv).expect("Error with init()");
|
|
cfb.encrypt(&BIG_MSG, &mut big_cipher).expect("Error with encrypt()");
|
|
cfb.init(big_key, &iv).expect("Error with init()");
|
|
cfb.decrypt(&big_cipher, &mut big_plain).expect("Error with decrypt()");
|
|
assert_eq!(big_plain, BIG_MSG);
|
|
}
|
|
|
|
#[test]
|
|
#[cfg(aes_ctr)]
|
|
fn test_ctr_encrypt_decrypt() {
|
|
let iv: [u8; 16] = [
|
|
0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
|
|
0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
|
|
];
|
|
let msg: [u8; 64] = [
|
|
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
|
|
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
|
|
0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
|
|
0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
|
|
0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
|
|
0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
|
|
0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
|
|
0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
|
|
];
|
|
let key: [u8; 16] = [
|
|
0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
|
|
0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
|
|
];
|
|
let cipher: [u8; 64] = [
|
|
0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
|
|
0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
|
|
0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
|
|
0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
|
|
0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
|
|
0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
|
|
0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
|
|
0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
|
|
];
|
|
let mut ctr = CTR::new().expect("Failed to create CTR");
|
|
ctr.init(&key, &iv).expect("Error with init()");
|
|
let mut outbuf: [u8; 64] = [0; 64];
|
|
ctr.encrypt(&msg, &mut outbuf).expect("Error with encrypt()");
|
|
assert_eq!(outbuf, cipher);
|
|
ctr.init(&key, &iv).expect("Error with init()");
|
|
let mut plain: [u8; 64] = [0; 64];
|
|
ctr.decrypt(&outbuf, &mut plain).expect("Error with decrypt()");
|
|
assert_eq!(plain, msg);
|
|
}
|
|
|
|
#[test]
|
|
#[cfg(aes_ctr)]
|
|
fn test_ctr_big_msg() {
|
|
let mut ctr = CTR::new().expect("Failed to create CTR");
|
|
let big_key = b"0123456789abcdeffedcba9876543210";
|
|
let iv: [u8; 16] = [
|
|
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
|
|
0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
|
|
];
|
|
let mut big_cipher: [u8; 384] = [0; 384];
|
|
let mut big_plain: [u8; 384] = [0; 384];
|
|
ctr.init(big_key, &iv).expect("Error with init()");
|
|
ctr.encrypt(&BIG_MSG, &mut big_cipher).expect("Error with encrypt()");
|
|
ctr.init(big_key, &iv).expect("Error with init()");
|
|
ctr.decrypt(&big_cipher, &mut big_plain).expect("Error with decrypt()");
|
|
assert_eq!(big_plain, BIG_MSG);
|
|
}
|
|
|
|
#[test]
|
|
#[cfg(aes_eax)]
|
|
fn test_eax_one_shot_encrypt_decrypt() {
|
|
let key: [u8; 16] = [
|
|
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
|
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
|
|
];
|
|
let nonce: [u8; 16] = [
|
|
0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75,
|
|
0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2
|
|
];
|
|
let auth: &[u8] = &[];
|
|
let msg: [u8; 32] = [
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
|
|
0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11
|
|
];
|
|
let expected_cipher: [u8; 32] = [
|
|
0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23,
|
|
0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13,
|
|
0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93,
|
|
0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68
|
|
];
|
|
let expected_auth_tag: [u8; 16] = [
|
|
0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf,
|
|
0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e
|
|
];
|
|
let mut cipher: [u8; 32] = [0; 32];
|
|
let mut auth_tag: [u8; 16] = [0; 16];
|
|
EAX::encrypt(&msg, &mut cipher, &key, &nonce, auth, &mut auth_tag).expect("Error with encrypt()");
|
|
assert_eq!(cipher, expected_cipher);
|
|
assert_eq!(auth_tag, expected_auth_tag);
|
|
let mut plain: [u8; 32] = [0; 32];
|
|
EAX::decrypt(&cipher, &mut plain, &key, &nonce, auth, &auth_tag).expect("Error with decrypt()");
|
|
assert_eq!(plain, msg);
|
|
}
|
|
|
|
#[test]
|
|
#[cfg(aes_ecb)]
|
|
fn test_ecb_encrypt_decrypt() {
|
|
let mut ecb = ECB::new().expect("Failed to create ECB");
|
|
let key_128: &[u8; 16] = b"0123456789abcdef";
|
|
let msg: [u8; 16] = [
|
|
0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
|
|
0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20
|
|
];
|
|
let verify_ecb_128: [u8; 16] = [
|
|
0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6,
|
|
0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1
|
|
];
|
|
ecb.init_encrypt(key_128).expect("Error with init_encrypt()");
|
|
let mut outbuf: [u8; 16] = [0; 16];
|
|
ecb.encrypt(&msg, &mut outbuf).expect("Error with encrypt()");
|
|
assert_eq!(&outbuf, &verify_ecb_128);
|
|
outbuf = [0; 16];
|
|
ecb.init_decrypt(key_128).expect("Error with init_decrypt()");
|
|
ecb.decrypt(&verify_ecb_128, &mut outbuf).expect("Error with decrypt()");
|
|
assert_eq!(&outbuf, &msg);
|
|
}
|
|
|
|
#[test]
|
|
#[cfg(aes_gcm)]
|
|
fn test_gcm_encrypt_decrypt() {
|
|
let key: [u8; 16] = [
|
|
0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62,
|
|
0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc
|
|
];
|
|
let iv: [u8; 12] = [
|
|
0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa,
|
|
0xe4, 0xed, 0x2f, 0x6d
|
|
];
|
|
let plain: [u8; 32] = [
|
|
0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad,
|
|
0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01,
|
|
0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac,
|
|
0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01
|
|
];
|
|
let auth: [u8; 16] = [
|
|
0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73,
|
|
0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1
|
|
];
|
|
let expected_cipher: [u8; 32] = [
|
|
0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d,
|
|
0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d,
|
|
0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46,
|
|
0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb
|
|
];
|
|
let expected_auth_tag: [u8; 16] = [
|
|
0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7,
|
|
0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2
|
|
];
|
|
let mut gcm = GCM::new().expect("Failed to create GCM");
|
|
gcm.init(&key).expect("Error with init()");
|
|
let mut cipher: [u8; 32] = [0; 32];
|
|
let mut auth_tag: [u8; 16] = [0; 16];
|
|
gcm.encrypt(&plain, &mut cipher, &iv, &auth, &mut auth_tag).expect("Error with encrypt()");
|
|
assert_eq!(cipher, expected_cipher);
|
|
assert_eq!(auth_tag, expected_auth_tag);
|
|
let mut plain_out: [u8; 32] = [0; 32];
|
|
gcm.decrypt(&cipher, &mut plain_out, &iv, &auth, &auth_tag).expect("Error with decrypt()");
|
|
assert_eq!(plain_out, plain);
|
|
}
|
|
|
|
#[test]
|
|
#[cfg(aes_gcm_stream)]
|
|
fn test_gcmstream_encrypt_decrypt() {
|
|
let plain: [u8; 60] = [
|
|
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
|
|
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
|
|
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
|
|
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
|
|
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
|
|
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
|
|
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
|
|
0xba, 0x63, 0x7b, 0x39
|
|
];
|
|
let auth: [u8; 20] = [
|
|
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
|
|
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
|
|
0xab, 0xad, 0xda, 0xd2
|
|
];
|
|
let key: [u8; 32] = [
|
|
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
|
|
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
|
|
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
|
|
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
|
|
];
|
|
let iv: [u8; 12] = [
|
|
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
|
|
0xde, 0xca, 0xf8, 0x88
|
|
];
|
|
let expected_cipher: [u8; 60] = [
|
|
0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
|
|
0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
|
|
0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
|
|
0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
|
|
0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
|
|
0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
|
|
0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
|
|
0xbc, 0xc9, 0xf6, 0x62
|
|
];
|
|
let expected_auth_tag: [u8; 16] = [
|
|
0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
|
|
0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
|
|
];
|
|
let mut gcmstream = GCMStream::new().expect("Failed to create GCMStream");
|
|
for chunk_size in 1..=auth.len() {
|
|
gcmstream.init(&key, &iv).expect("Error with init()");
|
|
let mut cipher: [u8; 60] = [0; 60];
|
|
let mut i = 0;
|
|
while i < auth.len() {
|
|
let mut end = i + chunk_size;
|
|
if end > auth.len() {
|
|
end = auth.len()
|
|
}
|
|
gcmstream.encrypt_update(&plain[0..0], &mut cipher[0..0], &auth[i..end]).expect("Error with encrypt_update()");
|
|
i += chunk_size;
|
|
}
|
|
i = 0;
|
|
while i < plain.len() {
|
|
let mut end = i + chunk_size;
|
|
if end > plain.len() {
|
|
end = plain.len()
|
|
}
|
|
gcmstream.encrypt_update(&plain[i..end], &mut cipher[i..end], &auth[0..0]).expect("Error with encrypt_update()");
|
|
i += chunk_size;
|
|
}
|
|
let mut auth_tag: [u8; 16] = [0; 16];
|
|
gcmstream.encrypt_final(&mut auth_tag).expect("Error with encrypt_final()");
|
|
assert_eq!(cipher, expected_cipher);
|
|
assert_eq!(auth_tag, expected_auth_tag);
|
|
}
|
|
}
|
|
|
|
#[test]
|
|
#[cfg(aes_ofb)]
|
|
fn test_ofb_encrypt_decrypt() {
|
|
let key: [u8; 32] = [
|
|
0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71,
|
|
0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2,
|
|
0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a,
|
|
0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94
|
|
];
|
|
let iv: [u8; 16] = [
|
|
0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16,
|
|
0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f
|
|
];
|
|
let plain: [u8; 48] = [
|
|
0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9,
|
|
0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25,
|
|
0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6,
|
|
0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71,
|
|
0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef,
|
|
0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c
|
|
];
|
|
let expected_cipher: [u8; 48] = [
|
|
0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc,
|
|
0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00,
|
|
0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46,
|
|
0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b,
|
|
0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae,
|
|
0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0
|
|
];
|
|
let mut ofb = OFB::new().expect("Failed to create OFB");
|
|
ofb.init(&key, &iv).expect("Error with init()");
|
|
let mut cipher: [u8; 48] = [0; 48];
|
|
ofb.encrypt(&plain, &mut cipher).expect("Error with encrypt()");
|
|
assert_eq!(cipher, expected_cipher);
|
|
ofb.init(&key, &iv).expect("Error with init()");
|
|
let mut plain_out: [u8; 48] = [0; 48];
|
|
ofb.decrypt(&cipher, &mut plain_out).expect("Error with decrypt()");
|
|
assert_eq!(plain_out, plain);
|
|
}
|
|
|
|
#[test]
|
|
#[cfg(aes_xts)]
|
|
fn test_xts_one_shot() {
|
|
let key: [u8; 32] = [
|
|
0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
|
|
0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
|
|
0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
|
|
0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
|
|
];
|
|
let tweak: [u8; 16] = [
|
|
0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
|
|
0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
|
|
];
|
|
let plain: [u8; 16] = [
|
|
0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
|
|
0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
|
|
];
|
|
let expected_cipher: [u8; 16] = [
|
|
0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
|
|
0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63
|
|
];
|
|
let partial: [u8; 24] = [
|
|
0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
|
|
0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
|
|
0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
|
|
];
|
|
let expected_partial_cipher: [u8; 24] = [
|
|
0x2b, 0xf7, 0x2c, 0xf3, 0xeb, 0x85, 0xef, 0x7b,
|
|
0x0b, 0x76, 0xa0, 0xaa, 0xf3, 0x3f, 0x25, 0x8b,
|
|
0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a
|
|
];
|
|
|
|
let mut xts = XTS::new().expect("Failed to create XTS");
|
|
xts.init_encrypt(&key).expect("Error with init_encrypt()");
|
|
let mut cipher: [u8; 16] = [0; 16];
|
|
xts.encrypt(&plain, &mut cipher, &tweak).expect("Error with encrypt()");
|
|
assert_eq!(cipher, expected_cipher);
|
|
xts.init_decrypt(&key).expect("Error with init_decrypt()");
|
|
let mut plain_out: [u8; 16] = [0; 16];
|
|
xts.decrypt(&cipher, &mut plain_out, &tweak).expect("Error with decrypt()");
|
|
assert_eq!(plain_out, plain);
|
|
|
|
xts.init_encrypt(&key).expect("Error with init_encrypt()");
|
|
let mut partial_cipher: [u8; 24] = [0; 24];
|
|
xts.encrypt(&partial, &mut partial_cipher, &tweak).expect("Error with encrypt()");
|
|
assert_eq!(partial_cipher, expected_partial_cipher);
|
|
xts.init_decrypt(&key).expect("Error with init_decrypt()");
|
|
let mut partial_out: [u8; 24] = [0; 24];
|
|
xts.decrypt(&partial_cipher, &mut partial_out, &tweak).expect("Error with decrypt()");
|
|
assert_eq!(partial_out, partial);
|
|
}
|
|
|
|
#[test]
|
|
#[cfg(aes_xts)]
|
|
fn test_xts_sector_128() {
|
|
let keys: [u8; 32] = [
|
|
0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
|
|
0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
|
|
0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
|
|
0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
|
|
];
|
|
let plain: [u8; 16] =[
|
|
0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
|
|
0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
|
|
];
|
|
let expected_cipher: [u8; 16] = [
|
|
0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
|
|
0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
|
|
];
|
|
let sector = 141;
|
|
|
|
let mut xts = XTS::new().expect("Failed to create XTS");
|
|
xts.init_encrypt(&keys).expect("Error with init_encrypt()");
|
|
let mut cipher: [u8; 16] = [0; 16];
|
|
xts.encrypt_sector(&plain, &mut cipher, sector).expect("Error with encrypt_sector()");
|
|
assert_eq!(cipher, expected_cipher);
|
|
|
|
xts.init_decrypt(&keys).expect("Error with init_decrypt()");
|
|
let mut plain_out: [u8; 16] = [0; 16];
|
|
xts.decrypt_sector(&cipher, &mut plain_out, sector).expect("Error with decrypt_sector()");
|
|
assert_eq!(plain_out, plain);
|
|
}
|
|
|
|
#[test]
|
|
#[cfg(aes_xts)]
|
|
fn test_xts_sector_256() {
|
|
let keys: [u8; 64] = [
|
|
0xef, 0x01, 0x0c, 0xa1, 0xa3, 0x66, 0x3e, 0x32,
|
|
0x53, 0x43, 0x49, 0xbc, 0x0b, 0xae, 0x62, 0x23,
|
|
0x2a, 0x15, 0x73, 0x34, 0x85, 0x68, 0xfb, 0x9e,
|
|
0xf4, 0x17, 0x68, 0xa7, 0x67, 0x4f, 0x50, 0x7a,
|
|
0x72, 0x7f, 0x98, 0x75, 0x53, 0x97, 0xd0, 0xe0,
|
|
0xaa, 0x32, 0xf8, 0x30, 0x33, 0x8c, 0xc7, 0xa9,
|
|
0x26, 0xc7, 0x73, 0xf0, 0x9e, 0x57, 0xb3, 0x57,
|
|
0xcd, 0x15, 0x6a, 0xfb, 0xca, 0x46, 0xe1, 0xa0
|
|
];
|
|
let plain: [u8; 32] =[
|
|
0xed, 0x98, 0xe0, 0x17, 0x70, 0xa8, 0x53, 0xb4,
|
|
0x9d, 0xb9, 0xe6, 0xaa, 0xf8, 0x8f, 0x0a, 0x41,
|
|
0xb9, 0xb5, 0x6e, 0x91, 0xa5, 0xa2, 0xb1, 0x1d,
|
|
0x40, 0x52, 0x92, 0x54, 0xf5, 0x52, 0x3e, 0x75
|
|
];
|
|
let expected_cipher: [u8; 32] = [
|
|
0xca, 0x20, 0xc5, 0x5e, 0x8d, 0xc1, 0x49, 0x68,
|
|
0x7d, 0x25, 0x41, 0xde, 0x39, 0xc3, 0xdf, 0x63,
|
|
0x00, 0xbb, 0x5a, 0x16, 0x3c, 0x10, 0xce, 0xd3,
|
|
0x66, 0x6b, 0x13, 0x57, 0xdb, 0x8b, 0xd3, 0x9d
|
|
];
|
|
let sector = 187;
|
|
|
|
let mut xts = XTS::new().expect("Failed to create XTS");
|
|
xts.init_encrypt(&keys).expect("Error with init_encrypt()");
|
|
let mut cipher: [u8; 32] = [0; 32];
|
|
xts.encrypt_sector(&plain, &mut cipher, sector).expect("Error with encrypt_sector()");
|
|
assert_eq!(cipher, expected_cipher);
|
|
|
|
xts.init_decrypt(&keys).expect("Error with init_decrypt()");
|
|
let mut plain_out: [u8; 32] = [0; 32];
|
|
xts.decrypt_sector(&cipher, &mut plain_out, sector).expect("Error with decrypt_sector()");
|
|
assert_eq!(plain_out, plain);
|
|
}
|
|
|
|
#[test]
|
|
#[cfg(aes_xts)]
|
|
fn test_xts_consecutive_sectors() {
|
|
let keys: [u8; 32] = [
|
|
0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
|
|
0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
|
|
0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
|
|
0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22
|
|
];
|
|
let plain: [u8; 544] =[
|
|
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
|
|
0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
|
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
|
|
0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
|
|
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
|
|
0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
|
|
0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53,
|
|
0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
|
|
0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
|
|
0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
|
|
0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
|
|
0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
|
|
0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b,
|
|
0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
|
|
0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3,
|
|
0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
|
|
0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb,
|
|
0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
|
|
0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3,
|
|
0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
|
|
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
|
|
0xfc, 0xfd, 0xfe, 0xff,
|
|
|
|
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
|
|
0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
|
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
|
|
0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
|
|
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
|
|
0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
|
|
0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53,
|
|
0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
|
|
0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
|
|
0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
|
|
0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
|
|
0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
|
|
0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b,
|
|
0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
|
|
0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3,
|
|
0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
|
|
0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb,
|
|
0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
|
|
0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3,
|
|
0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
|
|
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
|
|
0xfc, 0xfd, 0xfe, 0xff,
|
|
|
|
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
|
|
0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
|
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
|
|
];
|
|
let expected_cipher: [u8; 544] = [
|
|
0xb9, 0x6b, 0x2b, 0xfd, 0x61, 0x87, 0x84, 0xd5, 0x26, 0xd2, 0x8c, 0x62,
|
|
0x63, 0x01, 0xca, 0x46, 0xb1, 0x82, 0xfa, 0xdc, 0xbc, 0x32, 0x18, 0xe9,
|
|
0xda, 0xe6, 0xda, 0xd1, 0x1a, 0x52, 0x77, 0xca, 0xdb, 0x0e, 0xbe, 0x37,
|
|
0x88, 0x36, 0x1c, 0x87, 0x16, 0x60, 0xfe, 0xa8, 0x9e, 0xf6, 0x48, 0x64,
|
|
0x94, 0x34, 0x64, 0xed, 0xf6, 0x9a, 0xc5, 0x28, 0xc9, 0xed, 0x64, 0x80,
|
|
0x85, 0xd8, 0x93, 0xa7, 0x50, 0xb1, 0x9d, 0x2f, 0x1e, 0x34, 0xcc, 0xb4,
|
|
0x03, 0xfb, 0x6b, 0x43, 0x21, 0xa8, 0x5b, 0xc6, 0x59, 0x13, 0xd2, 0xb5,
|
|
0xf5, 0x7b, 0xf6, 0xb2, 0xa4, 0x7a, 0xd2, 0x50, 0x26, 0xcb, 0xa4, 0x83,
|
|
0xc3, 0x56, 0xb0, 0xb1, 0x14, 0x34, 0x12, 0x1b, 0xea, 0x26, 0x97, 0x24,
|
|
0x54, 0xcc, 0x32, 0x4c, 0xa4, 0xc2, 0xa3, 0x07, 0xfa, 0x30, 0xa9, 0xf0,
|
|
0x91, 0x17, 0x60, 0x68, 0x88, 0x7f, 0x34, 0x7e, 0xbd, 0x20, 0x33, 0x95,
|
|
0x6e, 0xc0, 0xb6, 0x2b, 0xff, 0x7e, 0x61, 0x35, 0x9a, 0x88, 0xff, 0xd9,
|
|
0x69, 0x21, 0xe7, 0x8f, 0x45, 0x02, 0xf9, 0xd7, 0xeb, 0xa6, 0x53, 0xf1,
|
|
0x73, 0x04, 0xf1, 0x0b, 0x85, 0xc6, 0x1f, 0x4a, 0x51, 0x2f, 0x95, 0x87,
|
|
0x5a, 0x67, 0x37, 0xb2, 0x87, 0xf7, 0xbe, 0x2a, 0x17, 0x57, 0xca, 0xfc,
|
|
0xdd, 0x5f, 0x37, 0x48, 0x78, 0xbd, 0xfa, 0x75, 0xc9, 0xfa, 0x86, 0x7e,
|
|
0xc4, 0x0f, 0x60, 0x85, 0xce, 0x12, 0x44, 0x7c, 0xd9, 0xb2, 0x50, 0xd9,
|
|
0x57, 0x85, 0xa5, 0xd7, 0x68, 0x59, 0x03, 0x09, 0x97, 0x2e, 0x8e, 0xa5,
|
|
0xe3, 0x98, 0xac, 0x16, 0xfb, 0x6d, 0x54, 0xc5, 0x5d, 0x7a, 0x33, 0x44,
|
|
0x0a, 0x39, 0x91, 0xcc, 0x9f, 0x67, 0xf9, 0x89, 0xbb, 0x62, 0x02, 0xc4,
|
|
0x22, 0xec, 0xcf, 0x97, 0x69, 0x81, 0x3d, 0x00, 0xfd, 0xeb, 0x55, 0x08,
|
|
0xa2, 0xff, 0x97, 0xaa, 0x79, 0xde, 0x3c, 0x8a, 0x78, 0x71, 0x73, 0xa2,
|
|
0x98, 0x2f, 0xd8, 0x5c, 0x62, 0x1c, 0x5c, 0x23, 0x0a, 0xd1, 0xf1, 0x81,
|
|
0x8a, 0x12, 0xe7, 0x4d, 0xdd, 0x4f, 0xd4, 0xf1, 0xe8, 0x0f, 0x25, 0x79,
|
|
0x45, 0x4a, 0x49, 0x49, 0x7e, 0x56, 0x91, 0x4e, 0xaa, 0xba, 0x18, 0xe1,
|
|
0xe4, 0xbe, 0x21, 0xdc, 0x58, 0x60, 0x6f, 0x6a, 0x7f, 0xdc, 0x5e, 0x74,
|
|
0x47, 0xbf, 0xeb, 0x84, 0xc4, 0x1e, 0x5a, 0x61, 0x64, 0xc8, 0x63, 0x68,
|
|
0xfa, 0x17, 0x9c, 0xac, 0x60, 0x1c, 0xa5, 0x6e, 0x00, 0x21, 0x93, 0x3c,
|
|
0xd7, 0xbb, 0x73, 0x45, 0xf7, 0x34, 0x81, 0x6c, 0xfa, 0xf2, 0x33, 0xfd,
|
|
0xb1, 0x40, 0x30, 0x6b, 0x30, 0xd1, 0x83, 0x5e, 0x2e, 0x7a, 0xce, 0xa6,
|
|
0x12, 0x2a, 0x15, 0x03, 0x78, 0x29, 0xb9, 0x07, 0xae, 0xe7, 0xc2, 0x78,
|
|
0x74, 0x72, 0xa5, 0x0e, 0x6b, 0x1f, 0x78, 0xf2, 0x5a, 0x69, 0xb6, 0x2b,
|
|
0x99, 0x94, 0x1f, 0x89, 0xd1, 0x21, 0x14, 0x4a, 0x54, 0xab, 0x5a, 0x9f,
|
|
0xaa, 0xa7, 0x96, 0x0a, 0x21, 0xce, 0x30, 0xb6, 0x70, 0x81, 0xe9, 0xd3,
|
|
0x71, 0xc0, 0xf1, 0x15, 0xe2, 0xf6, 0xd3, 0xcc, 0x41, 0x15, 0x9d, 0xd5,
|
|
0xa3, 0xa4, 0xe0, 0xf8, 0x62, 0xc4, 0x76, 0x65, 0x63, 0x89, 0xa7, 0xe2,
|
|
0xfb, 0xf5, 0xc9, 0x80, 0x15, 0x5b, 0xc1, 0x59, 0xb2, 0xd0, 0x01, 0x3a,
|
|
0xf9, 0xab, 0x5b, 0x79, 0x54, 0xed, 0x6b, 0xf9, 0x1d, 0x9d, 0x87, 0x63,
|
|
0x80, 0x4f, 0xec, 0x9c, 0x4f, 0xad, 0x97, 0x04, 0xff, 0x62, 0x4a, 0x17,
|
|
0xc0, 0x09, 0x2a, 0x2c, 0x23, 0x4b, 0xc3, 0xb6, 0x6d, 0xed, 0xdb, 0x1a,
|
|
0x6f, 0x56, 0x2b, 0x78, 0x92, 0x3a, 0x5c, 0x7f, 0xb2, 0x63, 0xd3, 0xd5,
|
|
0x1a, 0xbe, 0xc2, 0x34, 0xc8, 0xad, 0x36, 0xb7, 0x12, 0xb8, 0xe1, 0xb7,
|
|
0x52, 0x7f, 0x16, 0x84, 0x2c, 0x47, 0x7e, 0xf2, 0xa5, 0x36, 0x2e, 0xad,
|
|
0xe7, 0xbb, 0xc0, 0x6f, 0x27, 0x8e, 0x41, 0x08, 0x75, 0xe5, 0xff, 0xde,
|
|
0x08, 0x9f, 0x8c, 0x91, 0xba, 0xc9, 0x9d, 0x9f, 0x27, 0x90, 0x50, 0x44,
|
|
0x24, 0xe7, 0x3d, 0x6f
|
|
];
|
|
let sector = 0x000000ffffffffff;
|
|
let sector_size = 512;
|
|
|
|
let mut xts = XTS::new().expect("Failed to create XTS");
|
|
xts.init_encrypt(&keys).expect("Error with init_encrypt()");
|
|
let mut cipher: [u8; 544] = [0; 544];
|
|
xts.encrypt_consecutive_sectors(&plain, &mut cipher, sector, sector_size).expect("Error with encrypt_consecutive_sectors()");
|
|
assert_eq!(cipher, expected_cipher);
|
|
|
|
xts.init_decrypt(&keys).expect("Error with init_decrypt()");
|
|
let mut plain_out: [u8; 544] = [0; 544];
|
|
xts.decrypt_consecutive_sectors(&cipher, &mut plain_out, sector, sector_size).expect("Error with decrypt_consecutive_sectors()");
|
|
assert_eq!(plain_out, plain);
|
|
}
|
|
|
|
#[test]
|
|
#[cfg(aes_xts_stream)]
|
|
fn test_xtsstream() {
|
|
let keys: [u8; 32] = [
|
|
0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76,
|
|
0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0,
|
|
0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa,
|
|
0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16
|
|
];
|
|
let tweak: [u8; 16] = [
|
|
0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
|
|
0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
|
|
];
|
|
let plain: [u8; 32] = [
|
|
0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
|
|
0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
|
|
0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
|
|
0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
|
|
];
|
|
let expected_cipher: [u8; 32] = [
|
|
0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e,
|
|
0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23,
|
|
0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e,
|
|
0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
|
|
];
|
|
|
|
let mut xtsstream = XTSStream::new().expect("Failed to create XTSStream");
|
|
xtsstream.init_encrypt(&keys, &tweak).expect("Error with init_encrypt()");
|
|
let mut cipher: [u8; 32] = [0; 32];
|
|
xtsstream.encrypt_update(&plain[0..16], &mut cipher[0..16]).expect("Error with encrypt_update()");
|
|
xtsstream.encrypt_final(&plain[16..32], &mut cipher[16..32]).expect("Error with encrypt_final()");
|
|
assert_eq!(cipher, expected_cipher);
|
|
|
|
xtsstream.init_decrypt(&keys, &tweak).expect("Error with init_decrypt()");
|
|
let mut plain_out: [u8; 32] = [0; 32];
|
|
xtsstream.decrypt_update(&cipher[0..16], &mut plain_out[0..16]).expect("Error with decrypt_update()");
|
|
xtsstream.decrypt_final(&cipher[16..32], &mut plain_out[16..32]).expect("Error with decrypt_final()");
|
|
assert_eq!(plain_out, plain);
|
|
}
|
|
|
|
#[test]
|
|
#[cfg(aes_xts_stream)]
|
|
fn test_xtsstream_big_msg() {
|
|
let key: [u8; 32] = [
|
|
0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
|
|
0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
|
|
0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
|
|
0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
|
|
];
|
|
let tweak: [u8; 16] = [
|
|
0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
|
|
0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
|
|
];
|
|
|
|
let mut xtsstream = XTSStream::new().expect("Failed to create XTSStream");
|
|
xtsstream.init_encrypt(&key, &tweak).expect("Error with init_encrypt()");
|
|
let mut cipher: [u8; 384] = [0; 384];
|
|
let mut i = 0;
|
|
while i < BIG_MSG.len() {
|
|
let remaining = BIG_MSG.len() - i;
|
|
if remaining < 32 {
|
|
xtsstream.encrypt_final(&BIG_MSG[i..BIG_MSG.len()], &mut cipher[i..BIG_MSG.len()]).expect("Error with encrypt_final()");
|
|
i += remaining;
|
|
} else {
|
|
let end = i + 16;
|
|
xtsstream.encrypt_update(&BIG_MSG[i..end], &mut cipher[i..end]).expect("Error with encrypt_update()");
|
|
i += 16;
|
|
}
|
|
}
|
|
|
|
xtsstream.init_decrypt(&key, &tweak).expect("Error with init_decrypt()");
|
|
let mut plain_out: [u8; 384] = [0; 384];
|
|
let mut i = 0;
|
|
while i < BIG_MSG.len() {
|
|
let remaining = BIG_MSG.len() - i;
|
|
if remaining < 32 {
|
|
xtsstream.decrypt_final(&cipher[i..BIG_MSG.len()], &mut plain_out[i..BIG_MSG.len()]).expect("Error with decrypt_final()");
|
|
i += remaining;
|
|
} else {
|
|
let end = i + 16;
|
|
xtsstream.decrypt_update(&cipher[i..end], &mut plain_out[i..end]).expect("Error with decrypt_update()");
|
|
i += 16;
|
|
}
|
|
}
|
|
|
|
assert_eq!(plain_out, BIG_MSG);
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// AES aead trait implementations
|
|
// ---------------------------------------------------------------------------
|
|
|
|
#[cfg(feature = "aead")]
|
|
use aead::{Aead, AeadInPlace, KeyInit, Payload};
|
|
|
|
/// NIST SP 800-38D, Test Case 2:
|
|
/// Key = 00000000000000000000000000000000
|
|
/// IV = 000000000000000000000000
|
|
/// PT = 00000000000000000000000000000000
|
|
/// AAD = (empty)
|
|
/// CT = 0388dace60b6a392f328c2b971b2fe78
|
|
/// Tag = ab6e47d42cec13bdf53a67b21257bddf
|
|
#[test]
|
|
#[cfg(all(feature = "aead", aes_gcm))]
|
|
fn test_aes128gcm_nist_tc2_encrypt() {
|
|
let key = [0u8; 16];
|
|
let nonce = [0u8; 12];
|
|
let expected_ciphertext = [
|
|
0x03u8, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
|
|
0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78,
|
|
];
|
|
let expected_tag = [
|
|
0xabu8, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
|
|
0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf,
|
|
];
|
|
|
|
let cipher = Aes128Gcm::new_from_slice(&key).unwrap();
|
|
let nonce_arr: aead::Nonce<Aes128Gcm> = nonce.into();
|
|
let mut buffer = [0u8; 16];
|
|
let tag = cipher
|
|
.encrypt_in_place_detached(&nonce_arr, &[], &mut buffer)
|
|
.expect("AES-128-GCM encrypt failed");
|
|
|
|
assert_eq!(buffer, expected_ciphertext);
|
|
assert_eq!(&tag[..], &expected_tag);
|
|
}
|
|
|
|
#[test]
|
|
#[cfg(all(feature = "aead", aes_gcm))]
|
|
fn test_aes128gcm_nist_tc2_decrypt() {
|
|
let key = [0u8; 16];
|
|
let nonce = [0u8; 12];
|
|
let mut ciphertext = [
|
|
0x03u8, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
|
|
0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78,
|
|
];
|
|
let tag_bytes = [
|
|
0xabu8, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
|
|
0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf,
|
|
];
|
|
|
|
let cipher = Aes128Gcm::new_from_slice(&key).unwrap();
|
|
let nonce_arr: aead::Nonce<Aes128Gcm> = nonce.into();
|
|
let tag: aead::Tag<Aes128Gcm> = tag_bytes.into();
|
|
cipher
|
|
.decrypt_in_place_detached(&nonce_arr, &[], &mut ciphertext, &tag)
|
|
.expect("AES-128-GCM decrypt failed");
|
|
|
|
assert_eq!(ciphertext, [0u8; 16]);
|
|
}
|
|
|
|
/// Test AES-128-GCM roundtrip using the `aead::Aead` blanket impl.
|
|
#[test]
|
|
#[cfg(all(feature = "aead", aes_gcm))]
|
|
fn test_aes128gcm_aead_roundtrip() {
|
|
let key = [0x42u8; 16];
|
|
let nonce_bytes = [0x11u8; 12];
|
|
let aad = b"associated data";
|
|
let plaintext = b"Hello, AEAD world!";
|
|
|
|
let cipher = Aes128Gcm::new_from_slice(&key).unwrap();
|
|
let nonce: aead::Nonce<Aes128Gcm> = nonce_bytes.into();
|
|
|
|
let ciphertext = cipher
|
|
.encrypt(&nonce, Payload { msg: plaintext, aad })
|
|
.expect("AES-128-GCM Aead::encrypt failed");
|
|
|
|
let recovered = cipher
|
|
.decrypt(&nonce, Payload { msg: &ciphertext, aad })
|
|
.expect("AES-128-GCM Aead::decrypt failed");
|
|
|
|
assert_eq!(recovered, plaintext);
|
|
}
|
|
|
|
/// Verify that decryption rejects a tampered tag.
|
|
#[test]
|
|
#[cfg(all(feature = "aead", aes_gcm))]
|
|
fn test_aes128gcm_reject_bad_tag() {
|
|
let key = [0u8; 16];
|
|
let nonce_bytes = [0u8; 12];
|
|
let plaintext = b"some plaintext!";
|
|
|
|
let cipher = Aes128Gcm::new_from_slice(&key).unwrap();
|
|
let nonce: aead::Nonce<Aes128Gcm> = nonce_bytes.into();
|
|
|
|
let mut ct = cipher.encrypt(&nonce, plaintext.as_ref()).expect("encrypt failed");
|
|
let last = ct.len() - 1;
|
|
ct[last] ^= 0xff;
|
|
assert!(cipher.decrypt(&nonce, ct.as_slice()).is_err());
|
|
}
|
|
|
|
/// NIST SP 800-38D, Test Case 14 (256-bit key):
|
|
/// Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
|
|
/// IV = cafebabefacedbaddecaf888
|
|
/// PT = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a7
|
|
/// 21c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 (60 B)
|
|
/// AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2
|
|
/// CT = 522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1a
|
|
/// a8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0a (60 B)
|
|
/// Tag = 76fc6ece0f4e1768cddf8853bb2d551b
|
|
#[test]
|
|
#[cfg(all(feature = "aead", aes_gcm))]
|
|
fn test_aes256gcm_nist_tc14_encrypt() {
|
|
let key = [
|
|
0xfeu8, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
|
|
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
|
|
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
|
|
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
|
|
];
|
|
let nonce = [
|
|
0xcau8, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
|
|
0xde, 0xca, 0xf8, 0x88,
|
|
];
|
|
let aad = [
|
|
0xfeu8, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
|
|
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
|
|
0xab, 0xad, 0xda, 0xd2,
|
|
];
|
|
let plaintext = [
|
|
0xd9u8, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
|
|
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
|
|
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
|
|
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
|
|
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
|
|
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
|
|
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
|
|
0xba, 0x63, 0x7b, 0x39,
|
|
];
|
|
let expected_ciphertext = [
|
|
0x52u8, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
|
|
0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
|
|
0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
|
|
0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
|
|
0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
|
|
0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
|
|
0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
|
|
0xbc, 0xc9, 0xf6, 0x62,
|
|
];
|
|
let expected_tag = [
|
|
0x76u8, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
|
|
0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b,
|
|
];
|
|
|
|
let cipher = Aes256Gcm::new_from_slice(&key).unwrap();
|
|
let nonce_arr: aead::Nonce<Aes256Gcm> = nonce.into();
|
|
let mut buffer = plaintext;
|
|
let tag = cipher
|
|
.encrypt_in_place_detached(&nonce_arr, &aad, &mut buffer)
|
|
.expect("AES-256-GCM encrypt failed");
|
|
|
|
assert_eq!(buffer, expected_ciphertext);
|
|
assert_eq!(&tag[..], &expected_tag);
|
|
}
|
|
|
|
/// Roundtrip test for AES-256-GCM using `aead::Aead`.
|
|
#[test]
|
|
#[cfg(all(feature = "aead", aes_gcm))]
|
|
fn test_aes256gcm_aead_roundtrip() {
|
|
let key = [0xabu8; 32];
|
|
let nonce_bytes = [0xbcu8; 12];
|
|
let aad = b"test aad";
|
|
let plaintext = b"AES-256-GCM roundtrip test";
|
|
|
|
let cipher = Aes256Gcm::new_from_slice(&key).unwrap();
|
|
let nonce: aead::Nonce<Aes256Gcm> = nonce_bytes.into();
|
|
|
|
let ciphertext = cipher
|
|
.encrypt(&nonce, Payload { msg: plaintext, aad })
|
|
.expect("encrypt failed");
|
|
|
|
let recovered = cipher
|
|
.decrypt(&nonce, Payload { msg: &ciphertext, aad })
|
|
.expect("decrypt failed");
|
|
|
|
assert_eq!(recovered, plaintext);
|
|
}
|
|
|
|
/// Roundtrip test for AES-128-CCM using `aead::Aead`.
|
|
#[test]
|
|
#[cfg(all(feature = "aead", aes_ccm))]
|
|
fn test_aes128ccm_aead_roundtrip() {
|
|
let key = [0x01u8; 16];
|
|
let nonce_bytes = [0x02u8; 12];
|
|
let aad = b"ccm aad";
|
|
let plaintext = b"AES-128-CCM plaintext!";
|
|
|
|
let cipher = Aes128Ccm::new_from_slice(&key).unwrap();
|
|
let nonce: aead::Nonce<Aes128Ccm> = nonce_bytes.into();
|
|
|
|
let ciphertext = cipher
|
|
.encrypt(&nonce, Payload { msg: plaintext, aad })
|
|
.expect("AES-128-CCM encrypt failed");
|
|
|
|
let recovered = cipher
|
|
.decrypt(&nonce, Payload { msg: &ciphertext, aad })
|
|
.expect("AES-128-CCM decrypt failed");
|
|
|
|
assert_eq!(recovered, plaintext);
|
|
}
|
|
|
|
/// Verify that AES-128-CCM decryption rejects a tampered ciphertext.
|
|
#[test]
|
|
#[cfg(all(feature = "aead", aes_ccm))]
|
|
fn test_aes128ccm_reject_tampered() {
|
|
let key = [0x01u8; 16];
|
|
let nonce_bytes = [0x02u8; 12];
|
|
let plaintext = b"AES-128-CCM tamper test!";
|
|
|
|
let cipher = Aes128Ccm::new_from_slice(&key).unwrap();
|
|
let nonce: aead::Nonce<Aes128Ccm> = nonce_bytes.into();
|
|
|
|
let mut ct = cipher.encrypt(&nonce, plaintext.as_ref()).expect("encrypt failed");
|
|
ct[0] ^= 0x01;
|
|
assert!(cipher.decrypt(&nonce, ct.as_slice()).is_err());
|
|
}
|
|
|
|
/// Roundtrip test for AES-256-CCM using `aead::Aead`.
|
|
#[test]
|
|
#[cfg(all(feature = "aead", aes_ccm))]
|
|
fn test_aes256ccm_aead_roundtrip() {
|
|
let key = [0xddu8; 32];
|
|
let nonce_bytes = [0xeeu8; 12];
|
|
let aad = b"aes-256-ccm test";
|
|
let plaintext = b"AES-256-CCM plaintext data";
|
|
|
|
let cipher = Aes256Ccm::new_from_slice(&key).unwrap();
|
|
let nonce: aead::Nonce<Aes256Ccm> = nonce_bytes.into();
|
|
|
|
let ciphertext = cipher
|
|
.encrypt(&nonce, Payload { msg: plaintext, aad })
|
|
.expect("AES-256-CCM encrypt failed");
|
|
|
|
let recovered = cipher
|
|
.decrypt(&nonce, Payload { msg: &ciphertext, aad })
|
|
.expect("AES-256-CCM decrypt failed");
|
|
|
|
assert_eq!(recovered, plaintext);
|
|
}
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// AES cipher crate trait tests
|
|
// ---------------------------------------------------------------------------
|
|
|
|
/// Test AES-128-ECB encryption against the known test vector used in the
|
|
/// existing `test_ecb_encrypt_decrypt` test.
|
|
#[test]
|
|
#[cfg(all(feature = "cipher", aes_ecb))]
|
|
fn test_aes128_ecb_enc_block_encrypt() {
|
|
use cipher::{BlockModeEncrypt, KeyInit};
|
|
use wolfssl_wolfcrypt::aes::Aes128EcbEnc;
|
|
|
|
let key: [u8; 16] = *b"0123456789abcdef";
|
|
let plaintext: [u8; 16] = [
|
|
0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
|
|
0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20,
|
|
];
|
|
let expected: [u8; 16] = [
|
|
0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6,
|
|
0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1,
|
|
];
|
|
|
|
let mut enc = Aes128EcbEnc::new_from_slice(&key).expect("key init failed");
|
|
let mut block = cipher::Block::<Aes128EcbEnc>::try_from(&plaintext[..]).unwrap();
|
|
enc.encrypt_block(&mut block);
|
|
assert_eq!(block.as_slice(), &expected);
|
|
}
|
|
|
|
/// Test AES-128-ECB decryption matches the plaintext after encryption.
|
|
#[test]
|
|
#[cfg(all(feature = "cipher", aes_ecb))]
|
|
fn test_aes128_ecb_dec_block_decrypt() {
|
|
use cipher::{BlockModeDecrypt, BlockModeEncrypt, KeyInit};
|
|
use wolfssl_wolfcrypt::aes::{Aes128EcbDec, Aes128EcbEnc};
|
|
|
|
let key: [u8; 16] = *b"0123456789abcdef";
|
|
let plaintext: [u8; 16] = [
|
|
0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
|
|
0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20,
|
|
];
|
|
|
|
let mut enc = Aes128EcbEnc::new_from_slice(&key).expect("enc init failed");
|
|
let mut dec = Aes128EcbDec::new_from_slice(&key).expect("dec init failed");
|
|
|
|
let mut block = cipher::Block::<Aes128EcbEnc>::try_from(&plaintext[..]).unwrap();
|
|
enc.encrypt_block(&mut block);
|
|
|
|
let mut block2 = cipher::Block::<Aes128EcbDec>::try_from(block.as_slice()).unwrap();
|
|
dec.decrypt_block(&mut block2);
|
|
|
|
assert_eq!(block2.as_slice(), &plaintext);
|
|
}
|
|
|
|
/// Test AES-256-ECB encryption and decryption roundtrip.
|
|
#[test]
|
|
#[cfg(all(feature = "cipher", aes_ecb))]
|
|
fn test_aes256_ecb_roundtrip() {
|
|
use cipher::{BlockModeDecrypt, BlockModeEncrypt, KeyInit};
|
|
use wolfssl_wolfcrypt::aes::{Aes256EcbDec, Aes256EcbEnc};
|
|
|
|
let key = [0xabu8; 32];
|
|
let plaintext = [0x5cu8; 16];
|
|
|
|
let mut enc = Aes256EcbEnc::new_from_slice(&key).expect("enc init failed");
|
|
let mut dec = Aes256EcbDec::new_from_slice(&key).expect("dec init failed");
|
|
|
|
let mut block = cipher::Block::<Aes256EcbEnc>::try_from(&plaintext[..]).unwrap();
|
|
enc.encrypt_block(&mut block);
|
|
assert_ne!(block.as_slice(), &plaintext, "encrypted block should differ from plaintext");
|
|
|
|
let mut block2 = cipher::Block::<Aes256EcbDec>::try_from(block.as_slice()).unwrap();
|
|
dec.decrypt_block(&mut block2);
|
|
assert_eq!(block2.as_slice(), &plaintext);
|
|
}
|
|
|
|
/// Test AES-128-CTR `apply_keystream` against the NIST CTR test vector.
|
|
#[test]
|
|
#[cfg(all(feature = "cipher", aes_ctr))]
|
|
fn test_aes128_ctr_apply_keystream() {
|
|
use cipher::{KeyIvInit, StreamCipher};
|
|
use wolfssl_wolfcrypt::aes::Aes128Ctr;
|
|
|
|
let key: [u8; 16] = [
|
|
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
|
|
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
|
|
];
|
|
let iv: [u8; 16] = [
|
|
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
|
|
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
|
|
];
|
|
let plaintext: [u8; 64] = [
|
|
0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
|
|
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
|
|
0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
|
|
0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
|
|
0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
|
|
0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
|
|
0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
|
|
0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
|
|
];
|
|
let expected_ciphertext: [u8; 64] = [
|
|
0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26,
|
|
0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce,
|
|
0x98, 0x06, 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff,
|
|
0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff,
|
|
0x5a, 0xe4, 0xdf, 0x3e, 0xdb, 0xd5, 0xd3, 0x5e,
|
|
0x5b, 0x4f, 0x09, 0x02, 0x0d, 0xb0, 0x3e, 0xab,
|
|
0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe, 0x03, 0xd1,
|
|
0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee,
|
|
];
|
|
|
|
let key_arr = cipher::Key::<Aes128Ctr>::try_from(&key[..]).unwrap();
|
|
let iv_arr = cipher::Iv::<Aes128Ctr>::try_from(&iv[..]).unwrap();
|
|
let mut enc = Aes128Ctr::new(&key_arr, &iv_arr);
|
|
let mut data = plaintext;
|
|
enc.apply_keystream(&mut data);
|
|
assert_eq!(data, expected_ciphertext);
|
|
|
|
// apply_keystream is self-inverse: applying again must recover plaintext.
|
|
let mut dec = Aes128Ctr::new(&key_arr, &iv_arr);
|
|
dec.apply_keystream(&mut data);
|
|
assert_eq!(data, plaintext);
|
|
}
|
|
|
|
/// Test AES-256-CTR roundtrip via `apply_keystream`.
|
|
#[test]
|
|
#[cfg(all(feature = "cipher", aes_ctr))]
|
|
fn test_aes256_ctr_roundtrip() {
|
|
use cipher::{KeyIvInit, StreamCipher};
|
|
use wolfssl_wolfcrypt::aes::Aes256Ctr;
|
|
|
|
let key = [0x01u8; 32];
|
|
let iv = [0x02u8; 16];
|
|
let plaintext = [0x55u8; 48];
|
|
|
|
let key_arr = cipher::Key::<Aes256Ctr>::try_from(&key[..]).unwrap();
|
|
let iv_arr = cipher::Iv::<Aes256Ctr>::try_from(&iv[..]).unwrap();
|
|
|
|
let mut enc = Aes256Ctr::new(&key_arr, &iv_arr);
|
|
let mut data = plaintext;
|
|
enc.apply_keystream(&mut data);
|
|
assert_ne!(data, plaintext);
|
|
|
|
let mut dec = Aes256Ctr::new(&key_arr, &iv_arr);
|
|
dec.apply_keystream(&mut data);
|
|
assert_eq!(data, plaintext);
|
|
}
|
|
|
|
/// Test AES-256-OFB `apply_keystream` against the known OFB test vector.
|
|
#[test]
|
|
#[cfg(all(feature = "cipher", aes_ofb))]
|
|
fn test_aes256_ofb_apply_keystream() {
|
|
use cipher::{KeyIvInit, StreamCipher};
|
|
use wolfssl_wolfcrypt::aes::Aes256Ofb;
|
|
|
|
let key: [u8; 32] = [
|
|
0xc4, 0xc7, 0xfa, 0xd6, 0x53, 0x5c, 0xb8, 0x71,
|
|
0x4a, 0x5c, 0x40, 0x77, 0x9a, 0x8b, 0xa1, 0xd2,
|
|
0x53, 0x3e, 0x23, 0xb4, 0xb2, 0x58, 0x73, 0x2a,
|
|
0x5b, 0x78, 0x01, 0xf4, 0xe3, 0x71, 0xa7, 0x94,
|
|
];
|
|
let iv: [u8; 16] = [
|
|
0x5e, 0xb9, 0x33, 0x13, 0xb8, 0x71, 0xff, 0x16,
|
|
0xb9, 0x8a, 0x9b, 0xcb, 0x43, 0x33, 0x0d, 0x6f,
|
|
];
|
|
let plaintext: [u8; 48] = [
|
|
0x6d, 0x0b, 0xb0, 0x79, 0x63, 0x84, 0x71, 0xe9,
|
|
0x39, 0xd4, 0x53, 0x14, 0x86, 0xc1, 0x4c, 0x25,
|
|
0x9a, 0xee, 0xc6, 0xf3, 0xc0, 0x0d, 0xfd, 0xd6,
|
|
0xc0, 0x50, 0xa8, 0xba, 0xa8, 0x20, 0xdb, 0x71,
|
|
0xcc, 0x12, 0x2c, 0x4e, 0x0c, 0x17, 0x15, 0xef,
|
|
0x55, 0xf3, 0x99, 0x5a, 0x6b, 0xf0, 0x2a, 0x4c,
|
|
];
|
|
let expected_ciphertext: [u8; 48] = [
|
|
0x0f, 0x54, 0x61, 0x71, 0x59, 0xd0, 0x3f, 0xfc,
|
|
0x1b, 0xfa, 0xfb, 0x60, 0x29, 0x30, 0xd7, 0x00,
|
|
0xf4, 0xa4, 0xa8, 0xe6, 0xdd, 0x93, 0x94, 0x46,
|
|
0x64, 0xd2, 0x19, 0xc4, 0xc5, 0x4d, 0xde, 0x1b,
|
|
0x04, 0x53, 0xe1, 0x73, 0xf5, 0x18, 0x74, 0xae,
|
|
0xfd, 0x64, 0xa2, 0xe1, 0xe2, 0x76, 0x13, 0xb0,
|
|
];
|
|
|
|
let key_arr = cipher::Key::<Aes256Ofb>::try_from(&key[..]).unwrap();
|
|
let iv_arr = cipher::Iv::<Aes256Ofb>::try_from(&iv[..]).unwrap();
|
|
let mut enc = Aes256Ofb::new(&key_arr, &iv_arr);
|
|
let mut data = plaintext;
|
|
enc.apply_keystream(&mut data);
|
|
assert_eq!(data, expected_ciphertext);
|
|
|
|
// apply_keystream is self-inverse for OFB (same keystream for enc/dec).
|
|
let mut dec = Aes256Ofb::new(&key_arr, &iv_arr);
|
|
dec.apply_keystream(&mut data);
|
|
assert_eq!(data, plaintext);
|
|
}
|
|
|
|
/// Test AES-128-OFB roundtrip via `apply_keystream`.
|
|
#[test]
|
|
#[cfg(all(feature = "cipher", aes_ofb))]
|
|
fn test_aes128_ofb_roundtrip() {
|
|
use cipher::{KeyIvInit, StreamCipher};
|
|
use wolfssl_wolfcrypt::aes::Aes128Ofb;
|
|
|
|
let key = [0xddu8; 16];
|
|
let iv = [0xeeu8; 16];
|
|
let plaintext = [0x42u8; 32];
|
|
|
|
let key_arr = cipher::Key::<Aes128Ofb>::try_from(&key[..]).unwrap();
|
|
let iv_arr = cipher::Iv::<Aes128Ofb>::try_from(&iv[..]).unwrap();
|
|
|
|
let mut enc = Aes128Ofb::new(&key_arr, &iv_arr);
|
|
let mut data = plaintext;
|
|
enc.apply_keystream(&mut data);
|
|
assert_ne!(data, plaintext);
|
|
|
|
let mut dec = Aes128Ofb::new(&key_arr, &iv_arr);
|
|
dec.apply_keystream(&mut data);
|
|
assert_eq!(data, plaintext);
|
|
}
|
|
|
|
/// Test AES-128-CBC encryption against a known vector (same as test_cbc_encrypt_decrypt).
|
|
#[test]
|
|
#[cfg(all(feature = "cipher", aes_cbc))]
|
|
fn test_aes128_cbc_enc_block_mode() {
|
|
use cipher::{BlockModeEncrypt, KeyIvInit};
|
|
use wolfssl_wolfcrypt::aes::Aes128CbcEnc;
|
|
|
|
let key: [u8; 16] = *b"0123456789abcdef";
|
|
let iv: [u8; 16] = *b"1234567890abcdef";
|
|
let plaintext: [u8; 16] = [
|
|
0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
|
|
0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20,
|
|
];
|
|
let expected: [u8; 16] = [
|
|
0x95, 0x94, 0x92, 0x57, 0x5f, 0x42, 0x81, 0x53,
|
|
0x2c, 0xcc, 0x9d, 0x46, 0x77, 0xa2, 0x33, 0xcb,
|
|
];
|
|
|
|
let key_arr = cipher::Key::<Aes128CbcEnc>::try_from(&key[..]).unwrap();
|
|
let iv_arr = cipher::Iv::<Aes128CbcEnc>::try_from(&iv[..]).unwrap();
|
|
let mut enc = Aes128CbcEnc::new(&key_arr, &iv_arr);
|
|
let mut block = cipher::Block::<Aes128CbcEnc>::try_from(&plaintext[..]).unwrap();
|
|
enc.encrypt_block(&mut block);
|
|
assert_eq!(block.as_slice(), &expected);
|
|
}
|
|
|
|
/// Test AES-128-CBC decryption roundtrip.
|
|
#[test]
|
|
#[cfg(all(feature = "cipher", aes_cbc))]
|
|
fn test_aes128_cbc_dec_block_mode() {
|
|
use cipher::{BlockModeDecrypt, BlockModeEncrypt, KeyIvInit};
|
|
use wolfssl_wolfcrypt::aes::{Aes128CbcDec, Aes128CbcEnc};
|
|
|
|
let key: [u8; 16] = *b"0123456789abcdef";
|
|
let iv: [u8; 16] = *b"1234567890abcdef";
|
|
let plaintext: [u8; 16] = [
|
|
0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
|
|
0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20,
|
|
];
|
|
|
|
let key_arr = cipher::Key::<Aes128CbcEnc>::try_from(&key[..]).unwrap();
|
|
let iv_arr = cipher::Iv::<Aes128CbcEnc>::try_from(&iv[..]).unwrap();
|
|
let mut enc = Aes128CbcEnc::new(&key_arr, &iv_arr);
|
|
let mut block = cipher::Block::<Aes128CbcEnc>::try_from(&plaintext[..]).unwrap();
|
|
enc.encrypt_block(&mut block);
|
|
|
|
let key_arr = cipher::Key::<Aes128CbcDec>::try_from(&key[..]).unwrap();
|
|
let iv_arr = cipher::Iv::<Aes128CbcDec>::try_from(&iv[..]).unwrap();
|
|
let mut dec = Aes128CbcDec::new(&key_arr, &iv_arr);
|
|
dec.decrypt_block(&mut block);
|
|
assert_eq!(block.as_slice(), &plaintext);
|
|
}
|
|
|
|
/// Test AES-256-CBC encryption/decryption roundtrip across multiple blocks.
|
|
#[test]
|
|
#[cfg(all(feature = "cipher", aes_cbc))]
|
|
fn test_aes256_cbc_roundtrip() {
|
|
use cipher::{BlockModeDecrypt, BlockModeEncrypt, KeyIvInit};
|
|
use wolfssl_wolfcrypt::aes::{Aes256CbcDec, Aes256CbcEnc};
|
|
|
|
let key = [0xabu8; 32];
|
|
let iv = [0xcdu8; 16];
|
|
let plaintext = [[0x5cu8; 16], [0x3au8; 16], [0x1eu8; 16]];
|
|
|
|
let key_arr = cipher::Key::<Aes256CbcEnc>::try_from(&key[..]).unwrap();
|
|
let iv_arr = cipher::Iv::<Aes256CbcEnc>::try_from(&iv[..]).unwrap();
|
|
let mut enc = Aes256CbcEnc::new(&key_arr, &iv_arr);
|
|
let mut blocks: [cipher::Block<Aes256CbcEnc>; 3] = plaintext
|
|
.iter()
|
|
.map(|b| cipher::Block::<Aes256CbcEnc>::try_from(b.as_ref()).unwrap())
|
|
.collect::<Vec<_>>()
|
|
.try_into()
|
|
.unwrap();
|
|
for block in blocks.iter_mut() {
|
|
enc.encrypt_block(block);
|
|
}
|
|
// Ciphertext must differ from plaintext due to key and IV mixing.
|
|
assert!(blocks.iter().zip(plaintext.iter()).any(|(c, p)| c.as_slice() != p));
|
|
|
|
let key_arr = cipher::Key::<Aes256CbcDec>::try_from(&key[..]).unwrap();
|
|
let iv_arr = cipher::Iv::<Aes256CbcDec>::try_from(&iv[..]).unwrap();
|
|
let mut dec = Aes256CbcDec::new(&key_arr, &iv_arr);
|
|
for block in blocks.iter_mut() {
|
|
dec.decrypt_block(block);
|
|
}
|
|
for (block, expected) in blocks.iter().zip(plaintext.iter()) {
|
|
assert_eq!(block.as_slice(), expected);
|
|
}
|
|
}
|