3 This file is part of the AVR-Crypto-Lib.
4 Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
31 #include "nessie_bc_test.h"
33 #include "performance_test.h"
36 #include "bcal_aes128.h"
37 #include "bcal_aes192.h"
38 #include "bcal_aes256.h"
40 #include "bcal-cfb_byte.h"
41 #include "bcal-cfb_bit.h"
44 #include "bcal-cmac.h"
47 #include "bcal-performance.h"
52 #include <avr/pgmspace.h>
54 char* algo_name = "AES";
56 const bcdesc_t* algolist[] PROGMEM = {
57 (bcdesc_t*)&aes128_desc,
58 (bcdesc_t*)&aes192_desc,
59 (bcdesc_t*)&aes256_desc,
63 /*****************************************************************************
64 * additional validation-functions *
65 *****************************************************************************/
67 void testrun_nessie_aes(void){
68 nessie_bc_ctx.blocksize_B = 16;
69 nessie_bc_ctx.keysize_b = 128;
70 nessie_bc_ctx.name = algo_name;
71 nessie_bc_ctx.ctx_size_B = sizeof(aes128_ctx_t);
72 nessie_bc_ctx.cipher_enc = (nessie_bc_enc_fpt)aes128_enc;
73 nessie_bc_ctx.cipher_dec = (nessie_bc_dec_fpt)aes128_dec;
74 nessie_bc_ctx.cipher_genctx = (nessie_bc_gen_fpt)aes_init;
77 nessie_bc_ctx.keysize_b = 192;
78 nessie_bc_ctx.ctx_size_B = sizeof(aes192_ctx_t);
79 nessie_bc_ctx.cipher_enc = (nessie_bc_enc_fpt)aes192_enc;
80 nessie_bc_ctx.cipher_dec = (nessie_bc_dec_fpt)aes192_dec;
83 nessie_bc_ctx.keysize_b = 256;
84 nessie_bc_ctx.ctx_size_B = sizeof(aes256_ctx_t);
85 nessie_bc_ctx.cipher_enc = (nessie_bc_enc_fpt)aes256_enc;
86 nessie_bc_ctx.cipher_dec = (nessie_bc_dec_fpt)aes256_dec;
90 void testrun_test_aes(void){
91 uint8_t key[16] = { 0x2b, 0x7e, 0x15, 0x16,
92 0x28, 0xae, 0xd2, 0xa6,
93 0xab, 0xf7, 0x15, 0x88,
94 0x09, 0xcf, 0x4f, 0x3c };
95 uint8_t data[16] = { 0x32, 0x43, 0xf6, 0xa8,
96 0x88, 0x5a, 0x30, 0x8d,
97 0x31, 0x31, 0x98, 0xa2,
98 0xe0, 0x37, 0x07, 0x34 };
100 aes128_init(key, &ctx);
101 cli_putstr_P(PSTR("\r\n\r\n cipher test (FIPS 197):\r\n key: "));
102 cli_hexdump(key, 16);
103 cli_putstr_P(PSTR("\r\n plaintext: "));
104 cli_hexdump(data, 16);
105 aes128_enc(data, &ctx);
106 cli_putstr_P(PSTR("\r\n ciphertext: "));
107 cli_hexdump(data, 16);
108 aes128_dec(data, &ctx);
109 cli_putstr_P(PSTR("\r\n plaintext: "));
110 cli_hexdump(data, 16);
111 cli_putstr(PSTR("\r\n testing bcal:"));
112 bcgen_ctx_t bcal_ctx;
114 r = bcal_cipher_init(&aes128_desc, key, 128, &bcal_ctx);
115 cli_putstr_P(PSTR("\r\n init = 0x"));
118 bcal_cipher_enc(data, &bcal_ctx);
119 cli_putstr_P(PSTR("\r\n ciphertext: "));
120 cli_hexdump(data, 16);
121 bcal_cipher_dec(data, &bcal_ctx);
122 cli_putstr_P(PSTR("\r\n plaintext: "));
123 cli_hexdump(data, 16);
124 bcal_cipher_free(&bcal_ctx);
127 void testrun_testkey_aes128(void){
128 uint8_t key[16] = { 0x2b, 0x7e, 0x15, 0x16,
129 0x28, 0xae, 0xd2, 0xa6,
130 0xab, 0xf7, 0x15, 0x88,
131 0x09, 0xcf, 0x4f, 0x3c};
134 aes128_init(key, &ctx);
135 cli_putstr_P(PSTR("\r\n\r\n keyschedule test (FIPS 197):\r\n key: "));
136 cli_hexdump(key, 16);
138 cli_putstr_P(PSTR("\r\n index: "));
141 cli_putstr_P(PSTR(" roundkey "));
142 cli_hexdump(ctx.key[i].ks, 16);
146 void testrun_testkey_aes192(void){
147 uint8_t key[24] = { 0x8e, 0x73, 0xb0, 0xf7,
148 0xda, 0x0e, 0x64, 0x52,
149 0xc8, 0x10, 0xf3, 0x2b,
150 0x80, 0x90, 0x79, 0xe5,
151 0x62, 0xf8, 0xea, 0xd2,
152 0x52, 0x2c, 0x6b, 0x7b};
155 memset(&ctx, 0, sizeof(aes192_ctx_t));
156 aes192_init(key, &ctx);
157 cli_putstr_P(PSTR("\r\n\r\n keyschedule test (FIPS 197):\r\n key: "));
158 cli_hexdump(key, 24);
160 cli_putstr_P(PSTR("\r\n index: "));
163 cli_putstr_P(PSTR(" roundkey "));
164 cli_hexdump(ctx.key[i].ks, 16);
169 void testrun_testkey_aes256(void){
170 uint8_t key[32] = { 0x60, 0x3d, 0xeb, 0x10,
171 0x15, 0xca, 0x71, 0xbe,
172 0x2b, 0x73, 0xae, 0xf0,
173 0x85, 0x7d, 0x77, 0x81,
174 0x1f, 0x35, 0x2c, 0x07,
175 0x3b, 0x61, 0x08, 0xd7,
176 0x2d, 0x98, 0x10, 0xa3,
177 0x09, 0x14, 0xdf, 0xf4};
180 memset(&ctx, 0, sizeof(aes256_ctx_t));
181 aes256_init(key, &ctx);
182 cli_putstr_P(PSTR("\r\n\r\n keyschedule test (FIPS 197):\r\n key: "));
183 cli_hexdump(key, 32);
185 cli_putstr_P(PSTR("\r\n index: "));
188 cli_putstr_P(PSTR(" roundkey "));
189 cli_hexdump(ctx.key[i].ks, 16);
193 void testrun_testkey_aes(void){
194 testrun_testkey_aes128();
195 testrun_testkey_aes192();
196 testrun_testkey_aes256();
199 uint8_t modes_key[] PROGMEM = {
200 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
201 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
202 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
203 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
205 uint8_t modes_iv[] PROGMEM = {
206 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
207 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
210 uint8_t modes_ctriv[] PROGMEM = {
211 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
212 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
215 uint8_t modes_plain[] PROGMEM = {
216 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
217 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
219 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
220 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
222 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
223 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
225 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
226 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
230 void testrun_aes128_cbc(void){
238 memcpy_P(key, modes_key, 16);
239 memcpy_P(iv, modes_iv, 16);
240 memcpy_P(plain, modes_plain, 64);
242 cli_putstr_P(PSTR("\r\n** AES128-CBC-TEST **"));
243 r = bcal_cbc_init(&aes128_desc, key, 128, &ctx);
244 cli_putstr_P(PSTR("\r\n init = 0x"));
246 cli_putstr_P(PSTR("\r\n key: "));
247 cli_hexdump(key, 128/8);
248 cli_putstr_P(PSTR("\r\n IV: "));
249 cli_hexdump(iv, 128/8);
250 cli_putstr_P(PSTR("\r\n plaintext:"));
251 cli_hexdump_block(plain, 4*128/8, 4, 16);
254 bcal_cbc_encMsg(iv, plain, 4, &ctx);
255 cli_putstr_P(PSTR("\r\n ciphertext: "));
256 cli_hexdump_block(plain, 4*128/8, 4, 16);
257 bcal_cbc_decMsg(iv, plain, 4, &ctx);
258 cli_putstr_P(PSTR("\r\n plaintext: "));
259 cli_hexdump_block(plain, 4*128/8, 4, 16);
263 void testrun_aes128_cfb8(void){
268 bcal_cfb_B_ctx_t ctx;
271 memcpy_P(key, modes_key, 16);
272 memcpy_P(iv, modes_iv, 16);
273 memcpy_P(plain, modes_plain, 64);
275 cli_putstr_P(PSTR("\r\n** AES128-CFB8-TEST **"));
276 r = bcal_cfb_B_init(&aes128_desc, key, 128, 8, &ctx);
277 cli_putstr_P(PSTR("\r\n init = 0x"));
279 cli_putstr_P(PSTR("\r\n key: "));
280 cli_hexdump(key, 128/8);
281 cli_putstr_P(PSTR("\r\n IV: "));
282 cli_hexdump(iv, 128/8);
283 cli_putstr_P(PSTR("\r\n plaintext:"));
284 cli_hexdump_block(plain, 4*128/8, 4, 16);
287 bcal_cfb_B_encMsg(iv, plain, 64, &ctx);
288 cli_putstr_P(PSTR("\r\n ciphertext: "));
289 cli_hexdump_block(plain, 64, 4, 16);
291 bcal_cfb_B_decMsg(iv, plain, 64, &ctx);
292 cli_putstr_P(PSTR("\r\n plaintext: "));
293 cli_hexdump_block(plain, 64, 4, 16);
295 bcal_cfb_B_free(&ctx);
299 void testrun_aes128_cfb1(void){
304 bcal_cfb_b_ctx_t ctx;
307 memcpy_P(key, modes_key, 16);
308 memcpy_P(iv, modes_iv, 16);
309 memcpy_P(plain, modes_plain, 64);
311 cli_putstr_P(PSTR("\r\n** AES128-CFB1-TEST **"));
312 r = bcal_cfb_b_init(&aes128_desc, key, 128, 1, &ctx);
313 cli_putstr_P(PSTR("\r\n init = 0x"));
315 cli_putstr_P(PSTR("\r\n key: "));
316 cli_hexdump(key, 128/8);
317 cli_putstr_P(PSTR("\r\n IV: "));
318 cli_hexdump(iv, 128/8);
319 cli_putstr_P(PSTR("\r\n plaintext:"));
320 cli_hexdump_block(plain, 2, 4, 16);
323 uint8_t i, bit_offset, byte_offset;
324 bcal_cfb_b_loadIV(iv, &ctx);
328 cli_putstr_P(PSTR("\r\n plain bit: "));
329 cli_putc((plain[byte_offset]&(1<<(7-bit_offset)))?'1':'0');
330 bcal_cfb_b_encNext(plain+byte_offset, bit_offset, &ctx);
331 cli_putstr_P(PSTR("\r\n cipher bit: "));
332 cli_putc((plain[byte_offset]&(1<<(7-bit_offset)))?'1':'0');
334 cli_putstr_P(PSTR("\r\n ciphertext: "));
335 cli_hexdump_block(plain, 2, 4, 16);
337 bcal_cfb_b_loadIV(iv, &ctx);
341 cli_putstr_P(PSTR("\r\n plain bit: "));
342 cli_putc((plain[byte_offset]&(1<<(7-bit_offset)))?'1':'0');
343 bcal_cfb_b_decNext(plain+byte_offset, bit_offset, &ctx);
344 cli_putstr_P(PSTR("\r\n cipher bit: "));
345 cli_putc((plain[byte_offset]&(1<<(7-bit_offset)))?'1':'0');
347 cli_putstr_P(PSTR("\r\n plaintext: "));
348 cli_hexdump_block(plain, 2, 4, 16);
351 bcal_cfb_b_encMsg(iv, plain, 0, 64*8, &ctx);
352 cli_putstr_P(PSTR("\r\n ciphertext: "));
353 cli_hexdump_block(plain, 64, 4, 16);
355 bcal_cfb_b_decMsg(iv, plain, 0, 64*8, &ctx);
356 cli_putstr_P(PSTR("\r\n plaintext: "));
357 cli_hexdump_block(plain, 64, 4, 16);
359 bcal_cfb_b_free(&ctx);
362 void testrun_aes128_ofb(void){
370 memcpy_P(key, modes_key, 16);
371 memcpy_P(iv, modes_iv, 16);
372 memcpy_P(plain, modes_plain, 64);
374 cli_putstr_P(PSTR("\r\n** AES128-OFB-TEST **"));
375 r = bcal_ofb_init(&aes128_desc, key, 128, &ctx);
376 cli_putstr_P(PSTR("\r\n init = 0x"));
378 cli_putstr_P(PSTR("\r\n key: "));
379 cli_hexdump(key, 128/8);
380 cli_putstr_P(PSTR("\r\n IV: "));
381 cli_hexdump(iv, 128/8);
382 cli_putstr_P(PSTR("\r\n plaintext:"));
383 cli_hexdump_block(plain, 4*128/8, 4, 16);
386 bcal_ofb_encMsg(iv, plain, 4*128, &ctx);
387 cli_putstr_P(PSTR("\r\n ciphertext: "));
388 cli_hexdump_block(plain, 4*128/8, 4, 16);
389 bcal_ofb_decMsg(iv, plain, 4*128, &ctx);
390 cli_putstr_P(PSTR("\r\n plaintext: "));
391 cli_hexdump_block(plain, 4*128/8, 4, 16);
395 void testrun_aes128_ctr(void){
403 memcpy_P(key, modes_key, 16);
404 memcpy_P(iv, modes_ctriv, 16);
405 memcpy_P(plain, modes_plain, 64);
407 cli_putstr_P(PSTR("\r\n** AES128-CTR-TEST **"));
408 r = bcal_ctr_init(&aes128_desc, key, 128, NULL, &ctx);
409 cli_putstr_P(PSTR("\r\n init = 0x"));
411 cli_putstr_P(PSTR("\r\n key: "));
412 cli_hexdump(key, 128/8);
413 cli_putstr_P(PSTR("\r\n IV: "));
414 cli_hexdump(iv, 128/8);
415 cli_putstr_P(PSTR("\r\n plaintext:"));
416 cli_hexdump_block(plain, 4*128/8, 4, 16);
419 bcal_ctr_encMsg(iv, plain, 4*128, &ctx);
420 cli_putstr_P(PSTR("\r\n ciphertext: "));
421 cli_hexdump_block(plain, 4*128/8, 4, 16);
422 bcal_ctr_decMsg(iv, plain, 4*128, &ctx);
423 cli_putstr_P(PSTR("\r\n plaintext: "));
424 cli_hexdump_block(plain, 4*128/8, 4, 16);
428 void testrun_aes128_cmac(void){
432 uint16_t length[] = { 0, 128, 320, 512 };
436 memcpy_P(key, modes_key, 16);
437 memcpy_P(plain, modes_plain, 64);
439 cli_putstr_P(PSTR("\r\n** AES128-CMAC-TEST **"));
441 cli_putstr_P(PSTR("\r\n key: "));
442 cli_hexdump(key, 128/8);
444 r = bcal_cmac_init(&aes128_desc, key, 128, &ctx);
445 cli_putstr_P(PSTR("\r\n init = 0x"));
447 cli_putstr_P(PSTR("\r\n message: "));
448 cli_hexdump_block(plain, length[i]/8, 4, 16);
451 bcal_cmac(tag, 128, plain, length[i], &ctx);
452 cli_putstr_P(PSTR("\r\n tag: "));
453 cli_hexdump_block(tag, 128/8, 4, 16);
454 bcal_cmac_free(&ctx);
461 Key = 3250974e306b4b678f914b514d1e90f6
462 Msg = cf132fd4ebc25fd3866f1a95a6193a1a9cdf
464 void testrun_aes128_cmac72(void){
466 0x32, 0x50, 0x97, 0x4e, 0x30, 0x6b, 0x4b, 0x67,
467 0x8f, 0x91, 0x4b, 0x51, 0x4d, 0x1e, 0x90, 0xf6
470 uint8_t plain[18] = {
471 0xcf, 0x13, 0x2f, 0xd4, 0xeb, 0xc2, 0x5f, 0xd3,
472 0x86, 0x6f, 0x1a, 0x95, 0xa6, 0x19, 0x3a, 0x1a,
479 cli_putstr_P(PSTR("\r\n** AES128-CMAC-72-TEST **"));
481 cli_putstr_P(PSTR("\r\n key: "));
482 cli_hexdump(key, 128/8);
483 r = bcal_cmac_init(&aes128_desc, key, 128, &ctx);
484 cli_putstr_P(PSTR("\r\n init = 0x"));
486 cli_putstr_P(PSTR("\r\n message: "));
487 cli_hexdump_block(plain, 18, 4, 16);
490 bcal_cmac(tag, 16, plain, 18*8, &ctx);
491 cli_putstr_P(PSTR("\r\n tag: "));
492 cli_hexdump_block(tag, 2, 4, 16);
493 bcal_cmac_free(&ctx);
500 Key = 2b2aaa666be161ed16648e862ac9bd1e317f71bc69e268b5
503 void testrun_aes192_cmac0(void){
505 0x2b, 0x2a, 0xaa, 0x66, 0x6b, 0xe1, 0x61, 0xed,
506 0x16, 0x64, 0x8e, 0x86, 0x2a, 0xc9, 0xbd, 0x1e,
507 0x31, 0x7f, 0x71, 0xbc, 0x69, 0xe2, 0x68, 0xb5
517 cli_putstr_P(PSTR("\r\n** AES192-CMAC-0-TEST **"));
519 cli_putstr_P(PSTR("\r\n key: "));
520 cli_hexdump(key, 192/8);
521 r = bcal_cmac_init(&aes192_desc, key, 192, &ctx);
522 cli_putstr_P(PSTR("\r\n init = 0x"));
526 bcal_cmac(tag, 16, plain, 0*8, &ctx);
527 cli_putstr_P(PSTR("\r\n tag: "));
528 cli_hexdump_block(tag, 2, 4, 16);
529 bcal_cmac_free(&ctx);
532 uint8_t eax_msg[] PROGMEM = {
534 0x1A, 0x47, 0xCB, 0x49, 0x33,
535 0x48, 0x1C, 0x9E, 0x39, 0xB1,
536 0x40, 0xD0, 0xC0, 0x7D, 0xA5, 0xE4,
537 0x4D, 0xE3, 0xB3, 0x5C, 0x3F, 0xC0, 0x39, 0x24, 0x5B, 0xD1, 0xFB, 0x7D,
538 0x8B, 0x0A, 0x79, 0x30, 0x6C, 0x9C, 0xE7, 0xED, 0x99, 0xDA, 0xE4, 0xF8, 0x7F, 0x8D, 0xD6, 0x16, 0x36,
539 0x1B, 0xDA, 0x12, 0x2B, 0xCE, 0x8A, 0x8D, 0xBA, 0xF1, 0x87, 0x7D, 0x96, 0x2B, 0x85, 0x92, 0xDD, 0x2D, 0x56,
540 0x6C, 0xF3, 0x67, 0x20, 0x87, 0x2B, 0x85, 0x13, 0xF6, 0xEA, 0xB1, 0xA8, 0xA4, 0x44, 0x38, 0xD5, 0xEF, 0x11,
541 0xCA, 0x40, 0xD7, 0x44, 0x6E, 0x54, 0x5F, 0xFA, 0xED, 0x3B, 0xD1, 0x2A, 0x74, 0x0A, 0x65, 0x9F, 0xFB, 0xBB, 0x3C, 0xEA, 0xB7
544 uint8_t eax_msg_len[] PROGMEM = {0, 2, 5, 5, 6, 12, 17, 18, 18, 21};
546 uint8_t eax_key[] PROGMEM = {
547 0x23, 0x39, 0x52, 0xDE, 0xE4, 0xD5, 0xED, 0x5F, 0x9B, 0x9C, 0x6D, 0x6F, 0xF8, 0x0F, 0xF4, 0x78,
548 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B, 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4,
549 0x01, 0xF7, 0x4A, 0xD6, 0x40, 0x77, 0xF2, 0xE7, 0x04, 0xC0, 0xF6, 0x0A, 0xDA, 0x3D, 0xD5, 0x23,
550 0xD0, 0x7C, 0xF6, 0xCB, 0xB7, 0xF3, 0x13, 0xBD, 0xDE, 0x66, 0xB7, 0x27, 0xAF, 0xD3, 0xC5, 0xE8,
551 0x35, 0xB6, 0xD0, 0x58, 0x00, 0x05, 0xBB, 0xC1, 0x2B, 0x05, 0x87, 0x12, 0x45, 0x57, 0xD2, 0xC2,
552 0xBD, 0x8E, 0x6E, 0x11, 0x47, 0x5E, 0x60, 0xB2, 0x68, 0x78, 0x4C, 0x38, 0xC6, 0x2F, 0xEB, 0x22,
553 0x7C, 0x77, 0xD6, 0xE8, 0x13, 0xBE, 0xD5, 0xAC, 0x98, 0xBA, 0xA4, 0x17, 0x47, 0x7A, 0x2E, 0x7D,
554 0x5F, 0xFF, 0x20, 0xCA, 0xFA, 0xB1, 0x19, 0xCA, 0x2F, 0xC7, 0x35, 0x49, 0xE2, 0x0F, 0x5B, 0x0D,
555 0xA4, 0xA4, 0x78, 0x2B, 0xCF, 0xFD, 0x3E, 0xC5, 0xE7, 0xEF, 0x6D, 0x8C, 0x34, 0xA5, 0x61, 0x23,
556 0x83, 0x95, 0xFC, 0xF1, 0xE9, 0x5B, 0xEB, 0xD6, 0x97, 0xBD, 0x01, 0x0B, 0xC7, 0x66, 0xAA, 0xC3
559 uint8_t eax_nonce[] PROGMEM = {
560 0x62, 0xEC, 0x67, 0xF9, 0xC3, 0xA4, 0xA4, 0x07, 0xFC, 0xB2, 0xA8, 0xC4, 0x90, 0x31, 0xA8, 0xB3,
561 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84, 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD,
562 0x70, 0xC3, 0xDB, 0x4F, 0x0D, 0x26, 0x36, 0x84, 0x00, 0xA1, 0x0E, 0xD0, 0x5D, 0x2B, 0xFF, 0x5E,
563 0x84, 0x08, 0xDF, 0xFF, 0x3C, 0x1A, 0x2B, 0x12, 0x92, 0xDC, 0x19, 0x9E, 0x46, 0xB7, 0xD6, 0x17,
564 0xFD, 0xB6, 0xB0, 0x66, 0x76, 0xEE, 0xDC, 0x5C, 0x61, 0xD7, 0x42, 0x76, 0xE1, 0xF8, 0xE8, 0x16,
565 0x6E, 0xAC, 0x5C, 0x93, 0x07, 0x2D, 0x8E, 0x85, 0x13, 0xF7, 0x50, 0x93, 0x5E, 0x46, 0xDA, 0x1B,
566 0x1A, 0x8C, 0x98, 0xDC, 0xD7, 0x3D, 0x38, 0x39, 0x3B, 0x2B, 0xF1, 0x56, 0x9D, 0xEE, 0xFC, 0x19,
567 0xDD, 0xE5, 0x9B, 0x97, 0xD7, 0x22, 0x15, 0x6D, 0x4D, 0x9A, 0xFF, 0x2B, 0xC7, 0x55, 0x98, 0x26,
568 0xB7, 0x81, 0xFC, 0xF2, 0xF7, 0x5F, 0xA5, 0xA8, 0xDE, 0x97, 0xA9, 0xCA, 0x48, 0xE5, 0x22, 0xEC,
569 0x22, 0xE7, 0xAD, 0xD9, 0x3C, 0xFC, 0x63, 0x93, 0xC5, 0x7E, 0xC0, 0xB3, 0xC1, 0x7D, 0x6B, 0x44
572 uint8_t eax_header[] PROGMEM = {
573 0x6B, 0xFB, 0x91, 0x4F, 0xD0, 0x7E, 0xAE, 0x6B,
574 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA,
575 0x23, 0x4A, 0x34, 0x63, 0xC1, 0x26, 0x4A, 0xC6,
576 0x33, 0xCC, 0xE2, 0xEA, 0xBF, 0xF5, 0xA7, 0x9D,
577 0xAE, 0xB9, 0x6E, 0xAE, 0xBE, 0x29, 0x70, 0xE9,
578 0xD4, 0x48, 0x2D, 0x1C, 0xA7, 0x8D, 0xCE, 0x0F,
579 0x65, 0xD2, 0x01, 0x79, 0x90, 0xD6, 0x25, 0x28,
580 0x54, 0xB9, 0xF0, 0x4E, 0x6A, 0x09, 0x18, 0x9A,
581 0x89, 0x9A, 0x17, 0x58, 0x97, 0x56, 0x1D, 0x7E,
582 0x12, 0x67, 0x35, 0xFC, 0xC3, 0x20, 0xD2, 0x5A
585 uint8_t eax_cipher[] PROGMEM = {
586 0xE0, 0x37, 0x83, 0x0E, 0x83, 0x89, 0xF2, 0x7B, 0x02, 0x5A, 0x2D, 0x65, 0x27, 0xE7, 0x9D, 0x01,
587 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D, 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79, 0x67, 0xE5,
588 0xD8, 0x51, 0xD5, 0xBA, 0xE0, 0x3A, 0x59, 0xF2, 0x38, 0xA2, 0x3E, 0x39, 0x19, 0x9D, 0xC9, 0x26, 0x66, 0x26, 0xC4, 0x0F, 0x80,
589 0x63, 0x2A, 0x9D, 0x13, 0x1A, 0xD4, 0xC1, 0x68, 0xA4, 0x22, 0x5D, 0x8E, 0x1F, 0xF7, 0x55, 0x93, 0x99, 0x74, 0xA7, 0xBE, 0xDE,
590 0x07, 0x1D, 0xFE, 0x16, 0xC6, 0x75, 0xCB, 0x06, 0x77, 0xE5, 0x36, 0xF7, 0x3A, 0xFE, 0x6A, 0x14, 0xB7, 0x4E, 0xE4, 0x98, 0x44, 0xDD,
591 0x83, 0x5B, 0xB4, 0xF1, 0x5D, 0x74, 0x3E, 0x35, 0x0E, 0x72, 0x84, 0x14, 0xAB, 0xB8, 0x64, 0x4F, 0xD6, 0xCC, 0xB8, 0x69, 0x47, 0xC5, 0xE1, 0x05, 0x90, 0x21, 0x0A, 0x4F,
592 0x02, 0x08, 0x3E, 0x39, 0x79, 0xDA, 0x01, 0x48, 0x12, 0xF5, 0x9F, 0x11, 0xD5, 0x26, 0x30, 0xDA, 0x30, 0x13, 0x73, 0x27, 0xD1, 0x06, 0x49, 0xB0, 0xAA, 0x6E, 0x1C, 0x18, 0x1D, 0xB6, 0x17, 0xD7, 0xF2,
593 0x2E, 0xC4, 0x7B, 0x2C, 0x49, 0x54, 0xA4, 0x89, 0xAF, 0xC7, 0xBA, 0x48, 0x97, 0xED, 0xCD, 0xAE, 0x8C, 0xC3, 0x3B, 0x60, 0x45, 0x05, 0x99, 0xBD, 0x02, 0xC9, 0x63, 0x82, 0x90, 0x2A, 0xEF, 0x7F, 0x83, 0x2A,
594 0x0D, 0xE1, 0x8F, 0xD0, 0xFD, 0xD9, 0x1E, 0x7A, 0xF1, 0x9F, 0x1D, 0x8E, 0xE8, 0x73, 0x39, 0x38, 0xB1, 0xE8, 0xE7, 0xF6, 0xD2, 0x23, 0x16, 0x18, 0x10, 0x2F, 0xDB, 0x7F, 0xE5, 0x5F, 0xF1, 0x99, 0x17, 0x00,
595 0xCB, 0x89, 0x20, 0xF8, 0x7A, 0x6C, 0x75, 0xCF, 0xF3, 0x96, 0x27, 0xB5, 0x6E, 0x3E, 0xD1, 0x97, 0xC5, 0x52, 0xD2, 0x95, 0xA7, 0xCF, 0xC4, 0x6A, 0xFC, 0x25, 0x3B, 0x46, 0x52, 0xB1, 0xAF, 0x37, 0x95, 0xB1, 0x24, 0xAB, 0x6E
598 void testrun_aes128_eax(void){
612 cipher_p = eax_cipher;
614 cli_putstr_P(PSTR("\r\n\r\n** AES128-EAX-TEST #"));
616 cli_putstr_P(PSTR(" **"));
618 msg_len = pgm_read_byte(eax_msg_len+i);
619 memcpy_P(key, eax_key+16*i, 16);
620 memcpy_P(nonce, eax_nonce+16*i, 16);
621 memcpy_P(header, eax_header+8*i, 8);
622 memcpy_P(msg, msg_p, msg_len);
623 msg_p = (uint8_t*)msg_p+msg_len;
625 cli_putstr_P(PSTR("\r\n key: "));
626 cli_hexdump(key, 16);
627 cli_putstr_P(PSTR("\r\n msg: "));
629 cli_hexdump(msg, msg_len);
631 cli_putstr_P(PSTR("\r\n nonce: "));
632 cli_hexdump(nonce, 16);
633 cli_putstr_P(PSTR("\r\n header: "));
634 cli_hexdump(header, 8);
636 r = bcal_eax_init(&aes128_desc, key, 128, &ctx);
637 cli_putstr_P(PSTR("\r\n init = 0x"));
641 bcal_eax_loadNonce(nonce, 16*8, &ctx);
642 bcal_eax_addLastHeader(header, 8*8, &ctx);
643 bcal_eax_encLastBlock(msg, msg_len*8, &ctx);
644 bcal_eax_ctx2tag(tag, 128, &ctx);
646 cli_putstr_P(PSTR("\r\n cipher: "));
647 cli_hexdump_block(msg, msg_len, 4, 16);
649 cli_putstr_P(PSTR("\r\n tag: "));
650 cli_hexdump_block(tag, 16, 4, 16);
652 if(memcmp_P(msg, cipher_p, msg_len)){
653 cli_putstr_P(PSTR("\r\n cipher: [fail]\r\n should: "));
654 memcpy_P(msg, cipher_p, msg_len);
655 cli_hexdump_block(msg, msg_len, 4, 16);
657 cli_putstr_P(PSTR("\r\n cipher: [pass]"));
659 cipher_p = ((uint8_t*)cipher_p)+msg_len;
661 if(memcmp_P(tag, cipher_p, 16)){
662 cli_putstr_P(PSTR("\r\n tag: [fail]"));
664 cli_putstr_P(PSTR("\r\n tag: [pass]"));
667 cipher_p = ((uint8_t*)cipher_p)+16;
672 /*****************************************************************************/
674 void testrun_performance_aes(void){
675 bcal_performance_multiple(algolist);
678 /*****************************************************************************
680 *****************************************************************************/
682 const char nessie_str[] PROGMEM = "nessie";
683 const char test_str[] PROGMEM = "test";
684 const char testkey_str[] PROGMEM = "testkey";
685 const char testcbc_str[] PROGMEM = "testcbc";
686 const char testcfb8_str[] PROGMEM = "testcfb8";
687 const char testcfb1_str[] PROGMEM = "testcfb1";
688 const char testofb_str[] PROGMEM = "testofb";
689 const char testctr_str[] PROGMEM = "testctr";
690 const char testcmac_str[] PROGMEM = "testcmac";
691 const char testcmac72_str[] PROGMEM = "testcmac72";
692 const char testcmac0_str[] PROGMEM = "testcmac0";
693 const char testeax_str[] PROGMEM = "testeax";
694 const char cmacvs_list_str[] PROGMEM = "cmacvs_list";
695 const char cmacvs_set_str[] PROGMEM = "cmacvs_set";
696 const char cmacvs_test1_str[] PROGMEM = "cmacvs_test1";
697 const char cmacvs_test2_str[] PROGMEM = "cmacvs_test2";
698 const char performance_str[] PROGMEM = "performance";
699 const char dump_str[] PROGMEM = "dump";
700 const char echo_str[] PROGMEM = "echo";
702 cmdlist_entry_t cmdlist[] PROGMEM = {
703 { nessie_str, NULL, testrun_nessie_aes },
704 { test_str, NULL, testrun_test_aes },
705 { testkey_str, NULL, testrun_testkey_aes },
706 { testcbc_str, NULL, testrun_aes128_cbc },
707 { testcfb8_str, NULL, testrun_aes128_cfb8 },
708 { testcfb1_str, NULL, testrun_aes128_cfb1 },
709 { testofb_str, NULL, testrun_aes128_ofb },
710 { testctr_str, NULL, testrun_aes128_ctr },
711 { testcmac_str, NULL, testrun_aes128_cmac },
712 { testcmac72_str, NULL, testrun_aes128_cmac72 },
713 { testcmac0_str, NULL, testrun_aes192_cmac0 },
714 { testeax_str, NULL, testrun_aes128_eax },
715 { cmacvs_list_str, NULL, cmacvs_listalgos },
716 { cmacvs_set_str, (void*)1, (void_fpt)cmacvs_setalgo },
717 { cmacvs_test1_str, NULL, cmacvs_test1 },
718 { cmacvs_test2_str, NULL, cmacvs_test2 },
719 { performance_str, NULL, testrun_performance_aes },
720 { dump_str, (void*)1, (void_fpt)dump },
721 { echo_str, (void*)1, (void_fpt)echo_ctrl },
729 cli_rx = (cli_rx_fpt)uart0_getc;
730 cli_tx = (cli_tx_fpt)uart0_putc;
731 cmacvs_algolist=(bcdesc_t**)algolist;
732 cmacvs_algo=(bcdesc_t*)&aes128_desc;
734 cli_putstr_P(PSTR("\r\n\r\nCrypto-VS ("));
735 cli_putstr(algo_name);
736 cli_putstr_P(PSTR(")\r\nloaded and running\r\n"));
737 cmd_interface(cmdlist);