From ab9159bf0458f583b3ed734d4adb4e1d3618d1a3 Mon Sep 17 00:00:00 2001 From: Olaf Bergmann Date: Wed, 7 Aug 2013 14:48:32 +0200 Subject: [PATCH 1/4] improved creation of .gitignore --- Makefile.in | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/Makefile.in b/Makefile.in index fa519f2..60445a5 100644 --- a/Makefile.in +++ b/Makefile.in @@ -56,6 +56,13 @@ LDFLAGS:=@LIBS@ ARFLAGS:=cru doc:=doc +# files that should be ignored by git +GITIGNOREDS:= core \*~ \*.[oa] \*.gz \*.cap \*.pcap Makefile \ + autom4te.cache/ config.h config.log config.status configure \ + doc/Doxyfile doc/doxygen.out doc/html/ $(LIB) tests/ccm-test \ + tests/dtls-client tests/dtls-server tests/prf-test $(package) \ + $(DISTDIR)/ TAGS \*.patch .gitignore + .PHONY: all dirs clean install dist distclean .gitignore doc TAGS .SUFFIXES: @@ -113,4 +120,5 @@ TAGS: mv $@.new $@ .gitignore: - echo "core\n*~\n*.[oa]\n*.gz\n*.cap\n$(PROGRAM)\n$(DISTDIR)\n.gitignore" >$@ + echo $(GITIGNOREDS) | sed 's/ /\n/g' > $@ + From 9541e7901ef07c3f94b6d59be777242688bf47cb Mon Sep 17 00:00:00 2001 From: Olaf Bergmann Date: Thu, 8 Aug 2013 19:51:26 +0200 Subject: [PATCH 2/4] increased minor version after merge with branch ecdh-merge --- configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index 921a4ee..3de0d62 100644 --- a/configure.in +++ b/configure.in @@ -1,7 +1,7 @@ # -*- Autoconf -*- # Process this file with autoconf to produce a configure script. # -# Copyright (C) 2011--2012 Olaf Bergmann +# Copyright (C) 2011--2013 Olaf Bergmann # # Permission is hereby granted, free of charge, to any person # obtaining a copy of this software and associated documentation @@ -24,7 +24,7 @@ # SOFTWARE. AC_PREREQ([2.65]) -AC_INIT([tinydtls], [0.4.0]) +AC_INIT([tinydtls], [0.5.0]) AC_CONFIG_SRCDIR([dtls.c]) dnl AC_CONFIG_HEADERS([config.h]) From 32d78705e1cc2532e4734443ff6767c30705f363 Mon Sep 17 00:00:00 2001 From: Olaf Bergmann Date: Tue, 5 Nov 2013 23:06:40 +0100 Subject: [PATCH 3/4] Bugfix: compare tags in constant time to prevent timing attacks (thanks to Klaus Hartke for pointing this out) --- ccm.c | 2 +- global.h | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/ccm.c b/ccm.c index c7dd252..d846113 100644 --- a/ccm.c +++ b/ccm.c @@ -298,7 +298,7 @@ dtls_ccm_decrypt_message(rijndael_ctx *ctx, size_t M, size_t L, memxor(msg, S, M); /* return length if MAC is valid, otherwise continue with error handling */ - if (memcmp(X, msg, M) == 0) + if (equals(X, msg, M)) return len - M; error: diff --git a/global.h b/global.h index 0082916..6dc3b1e 100644 --- a/global.h +++ b/global.h @@ -185,6 +185,25 @@ memxor(unsigned char *x, const unsigned char *y, size_t n) { } } +/** + * Compares \p len bytes from @p a with @p b in constant time. This + * functions always traverses the entire length to prevent timing + * attacks. + * + * \param a Byte sequence to compare + * \param b Byte sequence to compare + * \param len Number of bytes to compare. + * \return \c 1 if \p a and \p b are equal, \c 0 otherwise. + */ +static inline int +equals(unsigned char *a, unsigned char *b, size_t len) { + int result = 1; + while (len--) { + result &= (*a++ == *b++); + } + return result; +} + #ifdef HAVE_FLS #define dtls_fls(i) fls(i) #else From fc22641d64b294810554190f2cf2f0605d50acb4 Mon Sep 17 00:00:00 2001 From: Olaf Bergmann Date: Wed, 6 Nov 2013 02:08:24 +0100 Subject: [PATCH 4/4] more CCM test vectors, including empty messages and different L values --- ccm.c | 2 +- global.h | 2 +- tests/ccm-test.c | 6 +- tests/ccm-testdata.c | 190 +++++++++++++++++++++++++++++++++++++------ 4 files changed, 169 insertions(+), 31 deletions(-) diff --git a/ccm.c b/ccm.c index d846113..5743d6f 100644 --- a/ccm.c +++ b/ccm.c @@ -1,6 +1,6 @@ /* dtls -- a very basic DTLS implementation * - * Copyright (C) 2011--2012 Olaf Bergmann + * Copyright (C) 2011--2013 Olaf Bergmann * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation diff --git a/global.h b/global.h index 6dc3b1e..10affb5 100644 --- a/global.h +++ b/global.h @@ -1,6 +1,6 @@ /* dtls -- a very basic DTLS implementation * - * Copyright (C) 2011--2012 Olaf Bergmann + * Copyright (C) 2011--2013 Olaf Bergmann * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation diff --git a/tests/ccm-test.c b/tests/ccm-test.c index 31bc9d3..cbb7d2a 100644 --- a/tests/ccm-test.c +++ b/tests/ccm-test.c @@ -48,7 +48,6 @@ PROCESS_THREAD(ccm_test_process, ev, d) int main(int argc, char **argv) { #endif /* WITH_CONTIKI */ long int len; - size_t L; /* max(2,(fls(lm) >> 3) + 1) */ int n; rijndael_ctx ctx; @@ -64,8 +63,7 @@ int main(int argc, char **argv) { return -1; } - L = 15 - 13; /* the Nonce in ccm-testdata.c is always 13 Bytes */ - len = dtls_ccm_encrypt_message(&ctx, data[n].M, L, data[n].nonce, + len = dtls_ccm_encrypt_message(&ctx, data[n].M, data[n].L, data[n].nonce, data[n].msg + data[n].la, data[n].lm - data[n].la, data[n].msg, data[n].la); @@ -80,7 +78,7 @@ int main(int argc, char **argv) { printf("result is (total length = %lu):\n\t", len); dump(data[n].msg, len); - len = dtls_ccm_decrypt_message(&ctx, data[n].M, L, data[n].nonce, + len = dtls_ccm_decrypt_message(&ctx, data[n].M, data[n].L, data[n].nonce, data[n].msg + data[n].la, len - data[n].la, data[n].msg, data[n].la); diff --git a/tests/ccm-testdata.c b/tests/ccm-testdata.c index 613c100..f0da4ae 100644 --- a/tests/ccm-testdata.c +++ b/tests/ccm-testdata.c @@ -26,7 +26,7 @@ /* test vectors from RFC 3610 */ struct test_vector { - size_t M; + size_t M, L; size_t lm; /* overall message length */ size_t la; /* number of bytes additional data */ unsigned char key[DTLS_CCM_BLOCKSIZE]; @@ -38,7 +38,7 @@ struct test_vector { struct test_vector data[] = { /* #1 */ - { 8, 31, 8, + { 8, 2, 31, 8, { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF}, /* AES key */ { 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5}, /* Nonce */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E}, /* msg */ @@ -47,7 +47,7 @@ struct test_vector data[] = { }, /* #2 */ - { 8, 32, 8, + { 8, 2, 32, 8, { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF}, /* AES key */ { 0x00, 0x00, 0x00, 0x04, 0x03, 0x02, 0x01, 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5}, /* Nonce */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}, /* msg */ @@ -56,7 +56,7 @@ struct test_vector data[] = { }, /* #3 */ - { 8, 33, 8, + { 8, 2, 33, 8, { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF}, /* AES key */ { 0x00, 0x00, 0x00, 0x05, 0x04, 0x03, 0x02, 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5}, /* Nonce */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20}, /* msg */ @@ -65,7 +65,7 @@ struct test_vector data[] = { }, /* #4 */ - { 8, 31, 12, + { 8, 2, 31, 12, { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF}, /* AES key */ { 0x00, 0x00, 0x00, 0x06, 0x05, 0x04, 0x03, 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5}, /* Nonce */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E}, /* msg */ @@ -74,7 +74,7 @@ struct test_vector data[] = { }, /* #5 */ - { 8, 32, 12, + { 8, 2, 32, 12, { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF}, /* AES key */ { 0x00, 0x00, 0x00, 0x07, 0x06, 0x05, 0x04, 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5}, /* Nonce */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}, /* msg */ @@ -83,7 +83,7 @@ struct test_vector data[] = { }, /* #6 */ - { 8, 33, 12, + { 8, 2, 33, 12, { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF}, /* AES key */ { 0x00, 0x00, 0x00, 0x08, 0x07, 0x06, 0x05, 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5}, /* Nonce */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20}, /* msg */ @@ -92,7 +92,7 @@ struct test_vector data[] = { }, /* #7 */ - { 10, 31, 8, + { 10, 2, 31, 8, { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF}, /* AES key */ { 0x00, 0x00, 0x00, 0x09, 0x08, 0x07, 0x06, 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5}, /* Nonce */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E}, /* msg */ @@ -101,7 +101,7 @@ struct test_vector data[] = { }, /* #8 */ - { 10, 32, 8, + { 10, 2, 32, 8, { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF}, /* AES key */ { 0x00, 0x00, 0x00, 0x0A, 0x09, 0x08, 0x07, 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5}, /* Nonce */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}, /* msg */ @@ -110,7 +110,7 @@ struct test_vector data[] = { }, /* #9 */ - { 10, 33, 8, + { 10, 2, 33, 8, { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF}, /* AES key */ { 0x00, 0x00, 0x00, 0x0B, 0x0A, 0x09, 0x08, 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5}, /* Nonce */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20}, /* msg */ @@ -119,7 +119,7 @@ struct test_vector data[] = { }, /* #10 */ - { 10, 31, 12, + { 10, 2, 31, 12, { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF}, /* AES key */ { 0x00, 0x00, 0x00, 0x0C, 0x0B, 0x0A, 0x09, 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5}, /* Nonce */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E}, /* msg */ @@ -128,7 +128,7 @@ struct test_vector data[] = { }, /* #11 */ - { 10, 32, 12, + { 10, 2, 32, 12, { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF}, /* AES key */ { 0x00, 0x00, 0x00, 0x0D, 0x0C, 0x0B, 0x0A, 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5}, /* Nonce */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}, /* msg */ @@ -137,7 +137,7 @@ struct test_vector data[] = { }, /* #12 */ - { 10, 33, 12, + { 10, 2, 33, 12, { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF}, /* AES key */ { 0x00, 0x00, 0x00, 0x0E, 0x0D, 0x0C, 0x0B, 0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5}, /* Nonce */ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20}, /* msg */ @@ -146,7 +146,7 @@ struct test_vector data[] = { }, /* #13 */ - { 8, 31, 8, + { 8, 2, 31, 8, { 0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF, 0x93, 0xCC, 0x6B}, /* AES key */ { 0x00, 0x41, 0x2B, 0x4E, 0xA9, 0xCD, 0xBE, 0x3C, 0x96, 0x96, 0x76, 0x6C, 0xFA}, /* Nonce */ { 0x0B, 0xE1, 0xA8, 0x8B, 0xAC, 0xE0, 0x18, 0xB1, 0x08, 0xE8, 0xCF, 0x97, 0xD8, 0x20, 0xEA, 0x25, 0x84, 0x60, 0xE9, 0x6A, 0xD9, 0xCF, 0x52, 0x89, 0x05, 0x4D, 0x89, 0x5C, 0xEA, 0xC4, 0x7C}, /* msg */ @@ -155,7 +155,7 @@ struct test_vector data[] = { }, /* #14 */ - { 8, 32, 8, + { 8, 2, 32, 8, { 0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF, 0x93, 0xCC, 0x6B}, /* AES key */ { 0x00, 0x33, 0x56, 0x8E, 0xF7, 0xB2, 0x63, 0x3C, 0x96, 0x96, 0x76, 0x6C, 0xFA}, /* Nonce */ { 0x63, 0x01, 0x8F, 0x76, 0xDC, 0x8A, 0x1B, 0xCB, 0x90, 0x20, 0xEA, 0x6F, 0x91, 0xBD, 0xD8, 0x5A, 0xFA, 0x00, 0x39, 0xBA, 0x4B, 0xAF, 0xF9, 0xBF, 0xB7, 0x9C, 0x70, 0x28, 0x94, 0x9C, 0xD0, 0xEC}, /* msg */ @@ -164,7 +164,7 @@ struct test_vector data[] = { }, /* #15 */ - { 8, 33, 8, + { 8, 2, 33, 8, { 0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF, 0x93, 0xCC, 0x6B}, /* AES key */ { 0x00, 0x10, 0x3F, 0xE4, 0x13, 0x36, 0x71, 0x3C, 0x96, 0x96, 0x76, 0x6C, 0xFA}, /* Nonce */ { 0xAA, 0x6C, 0xFA, 0x36, 0xCA, 0xE8, 0x6B, 0x40, 0xB9, 0x16, 0xE0, 0xEA, 0xCC, 0x1C, 0x00, 0xD7, 0xDC, 0xEC, 0x68, 0xEC, 0x0B, 0x3B, 0xBB, 0x1A, 0x02, 0xDE, 0x8A, 0x2D, 0x1A, 0xA3, 0x46, 0x13, 0x2E}, /* msg */ @@ -173,7 +173,7 @@ struct test_vector data[] = { }, /* #16 */ - { 8, 31, 12, + { 8, 2, 31, 12, { 0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF, 0x93, 0xCC, 0x6B}, /* AES key */ { 0x00, 0x76, 0x4C, 0x63, 0xB8, 0x05, 0x8E, 0x3C, 0x96, 0x96, 0x76, 0x6C, 0xFA}, /* Nonce */ { 0xD0, 0xD0, 0x73, 0x5C, 0x53, 0x1E, 0x1B, 0xEC, 0xF0, 0x49, 0xC2, 0x44, 0x12, 0xDA, 0xAC, 0x56, 0x30, 0xEF, 0xA5, 0x39, 0x6F, 0x77, 0x0C, 0xE1, 0xA6, 0x6B, 0x21, 0xF7, 0xB2, 0x10, 0x1C}, /* msg */ @@ -182,7 +182,7 @@ struct test_vector data[] = { }, /* #17 */ - { 8, 32, 12, + { 8, 2, 32, 12, { 0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF, 0x93, 0xCC, 0x6B}, /* AES key */ { 0x00, 0xF8, 0xB6, 0x78, 0x09, 0x4E, 0x3B, 0x3C, 0x96, 0x96, 0x76, 0x6C, 0xFA}, /* Nonce */ { 0x77, 0xB6, 0x0F, 0x01, 0x1C, 0x03, 0xE1, 0x52, 0x58, 0x99, 0xBC, 0xAE, 0xE8, 0x8B, 0x6A, 0x46, 0xC7, 0x8D, 0x63, 0xE5, 0x2E, 0xB8, 0xC5, 0x46, 0xEF, 0xB5, 0xDE, 0x6F, 0x75, 0xE9, 0xCC, 0x0D}, /* msg */ @@ -191,7 +191,7 @@ struct test_vector data[] = { }, /* #18 */ - { 8, 33, 12, + { 8, 2, 33, 12, { 0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF, 0x93, 0xCC, 0x6B}, /* AES key */ { 0x00, 0xD5, 0x60, 0x91, 0x2D, 0x3F, 0x70, 0x3C, 0x96, 0x96, 0x76, 0x6C, 0xFA}, /* Nonce */ { 0xCD, 0x90, 0x44, 0xD2, 0xB7, 0x1F, 0xDB, 0x81, 0x20, 0xEA, 0x60, 0xC0, 0x64, 0x35, 0xAC, 0xBA, 0xFB, 0x11, 0xA8, 0x2E, 0x2F, 0x07, 0x1D, 0x7C, 0xA4, 0xA5, 0xEB, 0xD9, 0x3A, 0x80, 0x3B, 0xA8, 0x7F}, /* msg */ @@ -200,7 +200,7 @@ struct test_vector data[] = { }, /* #19 */ - { 10, 31, 8, + { 10, 2, 31, 8, { 0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF, 0x93, 0xCC, 0x6B}, /* AES key */ { 0x00, 0x42, 0xFF, 0xF8, 0xF1, 0x95, 0x1C, 0x3C, 0x96, 0x96, 0x76, 0x6C, 0xFA}, /* Nonce */ { 0xD8, 0x5B, 0xC7, 0xE6, 0x9F, 0x94, 0x4F, 0xB8, 0x8A, 0x19, 0xB9, 0x50, 0xBC, 0xF7, 0x1A, 0x01, 0x8E, 0x5E, 0x67, 0x01, 0xC9, 0x17, 0x87, 0x65, 0x98, 0x09, 0xD6, 0x7D, 0xBE, 0xDD, 0x18}, /* msg */ @@ -209,7 +209,7 @@ struct test_vector data[] = { }, /* #20 */ - { 10, 32, 8, + { 10, 2, 32, 8, { 0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF, 0x93, 0xCC, 0x6B}, /* AES key */ { 0x00, 0x92, 0x0F, 0x40, 0xE5, 0x6C, 0xDC, 0x3C, 0x96, 0x96, 0x76, 0x6C, 0xFA}, /* Nonce */ { 0x74, 0xA0, 0xEB, 0xC9, 0x06, 0x9F, 0x5B, 0x37, 0x17, 0x61, 0x43, 0x3C, 0x37, 0xC5, 0xA3, 0x5F, 0xC1, 0xF3, 0x9F, 0x40, 0x63, 0x02, 0xEB, 0x90, 0x7C, 0x61, 0x63, 0xBE, 0x38, 0xC9, 0x84, 0x37}, /* msg */ @@ -218,7 +218,7 @@ struct test_vector data[] = { }, /* #21 */ - { 10, 33, 8, + { 10, 2, 33, 8, { 0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF, 0x93, 0xCC, 0x6B}, /* AES key */ { 0x00, 0x27, 0xCA, 0x0C, 0x71, 0x20, 0xBC, 0x3C, 0x96, 0x96, 0x76, 0x6C, 0xFA}, /* Nonce */ { 0x44, 0xA3, 0xAA, 0x3A, 0xAE, 0x64, 0x75, 0xCA, 0xA4, 0x34, 0xA8, 0xE5, 0x85, 0x00, 0xC6, 0xE4, 0x15, 0x30, 0x53, 0x88, 0x62, 0xD6, 0x86, 0xEA, 0x9E, 0x81, 0x30, 0x1B, 0x5A, 0xE4, 0x22, 0x6B, 0xFA}, /* msg */ @@ -227,7 +227,7 @@ struct test_vector data[] = { }, /* #22 */ - { 10, 31, 12, + { 10, 2, 31, 12, { 0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF, 0x93, 0xCC, 0x6B}, /* AES key */ { 0x00, 0x5B, 0x8C, 0xCB, 0xCD, 0x9A, 0xF8, 0x3C, 0x96, 0x96, 0x76, 0x6C, 0xFA}, /* Nonce */ { 0xEC, 0x46, 0xBB, 0x63, 0xB0, 0x25, 0x20, 0xC3, 0x3C, 0x49, 0xFD, 0x70, 0xB9, 0x6B, 0x49, 0xE2, 0x1D, 0x62, 0x17, 0x41, 0x63, 0x28, 0x75, 0xDB, 0x7F, 0x6C, 0x92, 0x43, 0xD2, 0xD7, 0xC2}, /* msg */ @@ -236,7 +236,7 @@ struct test_vector data[] = { }, /* #23 */ - { 10, 32, 12, + { 10, 2, 32, 12, { 0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF, 0x93, 0xCC, 0x6B}, /* AES key */ { 0x00, 0x3E, 0xBE, 0x94, 0x04, 0x4B, 0x9A, 0x3C, 0x96, 0x96, 0x76, 0x6C, 0xFA}, /* Nonce */ { 0x47, 0xA6, 0x5A, 0xC7, 0x8B, 0x3D, 0x59, 0x42, 0x27, 0xE8, 0x5E, 0x71, 0xE2, 0xFC, 0xFB, 0xB8, 0x80, 0x44, 0x2C, 0x73, 0x1B, 0xF9, 0x51, 0x67, 0xC8, 0xFF, 0xD7, 0x89, 0x5E, 0x33, 0x70, 0x76}, /* msg */ @@ -245,11 +245,151 @@ struct test_vector data[] = { }, /* #24 */ - { 10, 33, 12, + { 10, 2, 33, 12, { 0xD7, 0x82, 0x8D, 0x13, 0xB2, 0xB0, 0xBD, 0xC3, 0x25, 0xA7, 0x62, 0x36, 0xDF, 0x93, 0xCC, 0x6B}, /* AES key */ { 0x00, 0x8D, 0x49, 0x3B, 0x30, 0xAE, 0x8B, 0x3C, 0x96, 0x96, 0x76, 0x6C, 0xFA}, /* Nonce */ { 0x6E, 0x37, 0xA6, 0xEF, 0x54, 0x6D, 0x95, 0x5D, 0x34, 0xAB, 0x60, 0x59, 0xAB, 0xF2, 0x1C, 0x0B, 0x02, 0xFE, 0xB8, 0x8F, 0x85, 0x6D, 0xF4, 0xA3, 0x73, 0x81, 0xBC, 0xE3, 0xCC, 0x12, 0x85, 0x17, 0xD4}, /* msg */ 43, /* length of result */ { 0x6E, 0x37, 0xA6, 0xEF, 0x54, 0x6D, 0x95, 0x5D, 0x34, 0xAB, 0x60, 0x59, 0xF3, 0x29, 0x05, 0xB8, 0x8A, 0x64, 0x1B, 0x04, 0xB9, 0xC9, 0xFF, 0xB5, 0x8C, 0xC3, 0x90, 0x90, 0x0F, 0x3D, 0xA1, 0x2A, 0xB1, 0x6D, 0xCE, 0x9E, 0x82, 0xEF, 0xA1, 0x6D, 0xA6, 0x20, 0x59} /* result */ + }, + + /* #25 */ + /* Cipher: AES-128 M=16 L=2 K_LEN=1 N_LEN=13 K=0x00 N=0x00000000000000000000000000 */ + { 16, 2, 0, 0, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* AES key */ + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* Nonce */ + { }, /* msg */ + 16, /* length of result */ + { 0x8b, 0x60, 0xab, 0xcd, 0x60, 0x43, 0x81, 0x0b, + 0xa3, 0x78, 0xa0, 0x1d, 0x4a, 0x29, 0x83, 0x0b + } /* result */ + }, + + /* #26 */ + /* Cipher: AES-128 M=16 L=2 K_LEN=1 N_LEN=13 K=0x00 N=0x00000000000000000000000000 */ + { 16, 2, 37, 0, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* AES key */ + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 }, /* Nonce */ + { 0x45, 0x69, 0x6e, 0x20, 0x6b, 0x6c, 0x65, 0x69, + 0x6e, 0x65, 0x72, 0x20, 0x54, 0x65, 0x78, 0x74, + 0x0a, 0x7a, 0x75, 0x6d, 0x20, 0x54, 0x65, 0x73, + 0x74, 0x65, 0x6e, 0x20, 0x76, 0x6f, 0x6e, 0x20, + 0x43, 0x43, 0x4d, 0x2e, 0x0a + }, /* msg */ + 53, /* length of result */ + { 0x90, 0x11, 0x9c, 0x2d, 0x6b, 0xf9, 0xe9, 0x05, + 0x3e, 0x0b, 0x44, 0x56, 0xca, 0xc8, 0xb6, 0x1a, + 0x00, 0x57, 0xa9, 0x8b, 0x6b, 0x69, 0x09, 0x7e, + 0x8e, 0x50, 0x50, 0x63, 0x50, 0x58, 0x0f, 0x78, + 0x75, 0x69, 0x6e, 0x9f, 0x3d, 0x63, 0x93, 0xe7, + 0x7a, 0x84, 0xe9, 0x9f, 0x11, 0x93, 0x95, 0xa0, + 0x9a, 0xef, 0x0d, 0xa0, 0xed + } /* result */ + }, + + /* #27 */ + /* Cipher: AES-128 M=8 L=5 K_LEN=16 N_LEN=10 K=0x001234567890abcdefdcaffeed3921ee N=0x00112233445566778899 */ + { 8, 5, 0, 0, + { 0x00, 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, + 0xef, 0xdc, 0xaf, 0xfe, 0xed, 0x39, 0x21, 0xee }, /* AES key */ + { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99 }, /* Nonce */ + { }, /* msg */ + 8, /* length of result */ + { 0xb1, 0x33, 0x51, 0xc8, 0xb3, 0xd5, 0x10, 0xa7 } /* result */ + }, + + /* #28 */ + /* Cipher: AES-128 M=8 L=5 K_LEN=16 N_LEN=10 K=0x001234567890abcdefdcaffeed3921ee N=0x00112233445566778899 */ + { 8, 5, 37, 0, + { 0x00, 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, + 0xef, 0xdc, 0xaf, 0xfe, 0xed, 0x39, 0x21, 0xee }, /* AES key */ + { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99 }, /* Nonce */ + { 0x45, 0x69, 0x6e, 0x20, 0x6b, 0x6c, 0x65, 0x69, + 0x6e, 0x65, 0x72, 0x20, 0x54, 0x65, 0x78, 0x74, + 0x0a, 0x7a, 0x75, 0x6d, 0x20, 0x54, 0x65, 0x73, + 0x74, 0x65, 0x6e, 0x20, 0x76, 0x6f, 0x6e, 0x20, + 0x43, 0x43, 0x4d, 0x2e, 0x0a + }, /* msg */ + 45, /* length of result */ + { 0x44, 0x7a, 0x82, 0x70, 0x1d, 0xd0, 0x35, 0x7b, + 0x68, 0xf7, 0x35, 0x4d, 0xbf, 0xd9, 0x16, 0x15, + 0x97, 0x41, 0x3d, 0x1e, 0x89, 0xc1, 0x25, 0xe7, + 0xd6, 0xa7, 0xde, 0x90, 0x1e, 0xf1, 0x69, 0x69, + 0x9f, 0xce, 0x40, 0xdc, 0xf0, 0xd1, 0x74, 0x53, + 0x2c, 0xa3, 0xb0, 0xcf, 0xb9 + } /* result */ + }, + + /* #29 */ + /* Cipher: AES-128 M=14 L=3 K_LEN=16 N_LEN=12 K=0x001234567890abcdefdcaffeed3921ee N=0x001122334455667788990000 */ + { 14, 3, 0, 0, + { 0x00, 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, + 0xef, 0xdc, 0xaf, 0xfe, 0xed, 0x39, 0x21, 0xee }, /* AES key */ + { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0x00, 0x00 }, /* Nonce */ + { }, /* msg */ + 14, /* length of result */ + { 0xa4, 0x06, 0xa4, 0x23, 0x93, 0x3d, 0xa0, 0xca, + 0xb5, 0x90, 0xdb, 0x69, 0x69, 0x33 } /* result */ + }, + + /* #30 */ + /* Cipher: AES-128 M=14 L=3 K_LEN=16 N_LEN=12 K=0x001234567890abcdefdcaffeed3921ee N=0x001122334455667788990000 */ + { 14, 3, 37, 0, + { 0x00, 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, + 0xef, 0xdc, 0xaf, 0xfe, 0xed, 0x39, 0x21, 0xee }, /* AES key */ + { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0x00, 0x00 }, /* Nonce */ + { 0x45, 0x69, 0x6e, 0x20, 0x6b, 0x6c, 0x65, 0x69, + 0x6e, 0x65, 0x72, 0x20, 0x54, 0x65, 0x78, 0x74, + 0x0a, 0x7a, 0x75, 0x6d, 0x20, 0x54, 0x65, 0x73, + 0x74, 0x65, 0x6e, 0x20, 0x76, 0x6f, 0x6e, 0x20, + 0x43, 0x43, 0x4d, 0x2e, 0x0a + }, /* msg */ + 51, + { 0x60, 0xaf, 0x87, 0x67, 0x4d, 0x9d, 0x54, 0x17, + 0x16, 0xc0, 0x29, 0x10, 0x7e, 0x3e, 0x34, 0x93, + 0x78, 0xe8, 0xd3, 0xc8, 0xc1, 0x03, 0x4f, 0xd6, + 0xf5, 0x3b, 0xaf, 0xd3, 0xf0, 0xd7, 0x0b, 0xdd, + 0x63, 0x93, 0xed, 0xf2, 0xb2, 0x72, 0xdc, 0xae, + 0x7c, 0xa0, 0x01, 0xdb, 0x56, 0x2a, 0x06, 0xb6, + 0xe9, 0xcf, 0x3c } /* result */ + }, + + /* #31 */ + /* Cipher: AES-128 M=8 L=5 K_LEN=6 N_LEN=10 K=0x11223344aabb N=0x00112233445566778899 */ + { 8, 5, 0, 0, + { 0x11, 0x22, 0x33, 0x44, 0xaa, 0xbb }, /* AES key */ + { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99 }, /* Nonce */ + { }, /* msg */ + 8, + { 0x28, 0x15, 0xfe, 0x81, 0xdd, 0xc3, 0x79, 0x04 } /* result */ + }, + + /* #32 */ + /* Cipher: AES-128 M=8 L=5 K_LEN=6 N_LEN=10 K=0x11223344aabb N=0x00112233445566778899 */ + + { 8, 5, 37, 0, + { 0x11, 0x22, 0x33, 0x44, 0xaa, 0xbb }, /* AES key */ + { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99 }, /* Nonce */ + { 0x45, 0x69, 0x6e, 0x20, 0x6b, 0x6c, 0x65, 0x69, + 0x6e, 0x65, 0x72, 0x20, 0x54, 0x65, 0x78, 0x74, + 0x0a, 0x7a, 0x75, 0x6d, 0x20, 0x54, 0x65, 0x73, + 0x74, 0x65, 0x6e, 0x20, 0x76, 0x6f, 0x6e, 0x20, + 0x43, 0x43, 0x4d, 0x2e, 0x0a + }, /* msg */ + 45, + { 0xdb, 0x31, 0x55, 0x9d, 0xab, 0x70, 0xdc, 0x62, + 0xd7, 0x76, 0x41, 0xb2, 0x14, 0x9e, 0x9c, 0x26, + 0x70, 0x61, 0xea, 0x36, 0xf8, 0x0e, 0xdf, 0x19, + 0xa6, 0xc7, 0x46, 0x3d, 0x5a, 0xc3, 0x0a, 0x73, + 0x14, 0x96, 0xa4, 0x84, 0x7f, 0x37, 0x55, 0x42, + 0xce, 0x7e, 0xf9, 0x3b, 0xe5 } /* result */ } };