Sync usage with man page.
[netbsd-mini2440.git] / dist / wpa / wpa_supplicant / tests / test_aes.c
blob38a9cf58d4309cadbe19e059524b649b94a4507a
1 /*
2 * Test program for AES
3 * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
12 * See README and COPYING for more details.
15 #include "includes.h"
17 #include "common.h"
18 #include "crypto.h"
19 #include "aes_wrap.h"
21 #define BLOCK_SIZE 16
23 static void test_aes_perf(void)
25 #if 0 /* this did not seem to work with new compiler?! */
26 #ifdef __i386__
27 #define rdtscll(val) \
28 __asm__ __volatile__("rdtsc" : "=A" (val))
29 const int num_iters = 10;
30 int i;
31 unsigned int start, end;
32 u8 key[16], pt[16], ct[16];
33 void *ctx;
35 printf("keySetupEnc:");
36 for (i = 0; i < num_iters; i++) {
37 rdtscll(start);
38 ctx = aes_encrypt_init(key, 16);
39 rdtscll(end);
40 aes_encrypt_deinit(ctx);
41 printf(" %d", end - start);
43 printf("\n");
45 printf("Encrypt:");
46 ctx = aes_encrypt_init(key, 16);
47 for (i = 0; i < num_iters; i++) {
48 rdtscll(start);
49 aes_encrypt(ctx, pt, ct);
50 rdtscll(end);
51 printf(" %d", end - start);
53 aes_encrypt_deinit(ctx);
54 printf("\n");
55 #endif /* __i386__ */
56 #endif
60 static int test_eax(void)
62 u8 msg[] = { 0xF7, 0xFB };
63 u8 key[] = { 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B,
64 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4 };
65 u8 nonce[] = { 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84,
66 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD };
67 u8 hdr[] = { 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA };
68 u8 cipher[] = { 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D,
69 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79,
70 0x67, 0xE5 };
71 u8 data[sizeof(msg)], tag[BLOCK_SIZE];
73 memcpy(data, msg, sizeof(msg));
74 if (aes_128_eax_encrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
75 data, sizeof(data), tag)) {
76 printf("AES-128 EAX mode encryption failed\n");
77 return 1;
79 if (memcmp(data, cipher, sizeof(data)) != 0) {
80 printf("AES-128 EAX mode encryption returned invalid cipher "
81 "text\n");
82 return 1;
84 if (memcmp(tag, cipher + sizeof(data), BLOCK_SIZE) != 0) {
85 printf("AES-128 EAX mode encryption returned invalid tag\n");
86 return 1;
89 if (aes_128_eax_decrypt(key, nonce, sizeof(nonce), hdr, sizeof(hdr),
90 data, sizeof(data), tag)) {
91 printf("AES-128 EAX mode decryption failed\n");
92 return 1;
94 if (memcmp(data, msg, sizeof(data)) != 0) {
95 printf("AES-128 EAX mode decryption returned invalid plain "
96 "text\n");
97 return 1;
100 return 0;
104 static int test_cbc(void)
106 struct cbc_test_vector {
107 u8 key[16];
108 u8 iv[16];
109 u8 plain[32];
110 u8 cipher[32];
111 size_t len;
112 } vectors[] = {
114 { 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
115 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06 },
116 { 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
117 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41 },
118 "Single block msg",
119 { 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
120 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a },
124 { 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
125 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a },
126 { 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
127 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 },
128 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
129 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
130 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
131 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
132 { 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
133 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
134 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
135 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1 },
139 int ret = 0;
140 u8 *buf;
141 unsigned int i;
143 for (i = 0; i < sizeof(vectors) / sizeof(vectors[0]); i++) {
144 struct cbc_test_vector *tv = &vectors[i];
145 buf = malloc(tv->len);
146 if (buf == NULL) {
147 ret++;
148 break;
150 memcpy(buf, tv->plain, tv->len);
151 aes_128_cbc_encrypt(tv->key, tv->iv, buf, tv->len);
152 if (memcmp(buf, tv->cipher, tv->len) != 0) {
153 printf("AES-CBC encrypt %d failed\n", i);
154 ret++;
156 memcpy(buf, tv->cipher, tv->len);
157 aes_128_cbc_decrypt(tv->key, tv->iv, buf, tv->len);
158 if (memcmp(buf, tv->plain, tv->len) != 0) {
159 printf("AES-CBC decrypt %d failed\n", i);
160 ret++;
162 free(buf);
165 return ret;
169 /* OMAC1 AES-128 test vectors from
170 * http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf
171 * which are same as the examples from NIST SP800-38B
172 * http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf
175 struct omac1_test_vector {
176 u8 k[16];
177 u8 msg[64];
178 int msg_len;
179 u8 tag[16];
182 static struct omac1_test_vector test_vectors[] =
185 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
186 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
187 { },
189 { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
190 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }
193 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
194 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
195 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
196 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a},
198 { 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
199 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }
202 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
203 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
204 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
205 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
206 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
207 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
208 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 },
210 { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
211 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 }
214 { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
215 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
216 { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
217 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
218 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
219 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
220 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
221 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
222 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
223 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
225 { 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
226 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe }
231 int main(int argc, char *argv[])
233 u8 kek[] = {
234 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
235 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
237 u8 plain[] = {
238 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
239 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
241 u8 crypt[] = {
242 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
243 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
244 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
246 u8 result[24];
247 int ret = 0;
248 unsigned int i;
249 struct omac1_test_vector *tv;
251 if (aes_wrap(kek, 2, plain, result)) {
252 printf("AES-WRAP-128-128 reported failure\n");
253 ret++;
255 if (memcmp(result, crypt, 24) != 0) {
256 printf("AES-WRAP-128-128 failed\n");
257 ret++;
259 if (aes_unwrap(kek, 2, crypt, result)) {
260 printf("AES-UNWRAP-128-128 reported failure\n");
261 ret++;
263 if (memcmp(result, plain, 16) != 0) {
264 printf("AES-UNWRAP-128-128 failed\n");
265 ret++;
266 for (i = 0; i < 16; i++)
267 printf(" %02x", result[i]);
268 printf("\n");
271 test_aes_perf();
273 for (i = 0; i < sizeof(test_vectors) / sizeof(test_vectors[0]); i++) {
274 tv = &test_vectors[i];
275 omac1_aes_128(tv->k, tv->msg, tv->msg_len, result);
276 if (memcmp(result, tv->tag, 16) != 0) {
277 printf("OMAC1-AES-128 test vector %d failed\n", i);
278 ret++;
281 if (tv->msg_len > 1) {
282 const u8 *addr[2];
283 size_t len[2];
285 addr[0] = tv->msg;
286 len[0] = 1;
287 addr[1] = tv->msg + 1;
288 len[1] = tv->msg_len - 1;
290 omac1_aes_128_vector(tv->k, 2, addr, len, result);
291 if (memcmp(result, tv->tag, 16) != 0) {
292 printf("OMAC1-AES-128(vector) test vector %d "
293 "failed\n", i);
294 ret++;
299 ret += test_eax();
301 ret += test_cbc();
303 if (ret)
304 printf("FAILED!\n");
306 return ret;