int blake2b_done(hash_state *md, unsigned char *out)
{
unsigned char buffer[BLAKE2B_OUTBYTES] = { 0 };
unsigned long i;
LTC_ARGCHK(md != NULL);
LTC_ARGCHK(out != NULL);
/* if(md->blakebs.outlen != outlen) return CRYPT_INVALID_ARG; */
if (blake2b_is_lastblock(md))
return CRYPT_ERROR;
blake2b_increment_counter(md, md->blake2b.curlen);
blake2b_set_lastblock(md);
XMEMSET(md->blake2b.buf + md->blake2b.curlen, 0, BLAKE2B_BLOCKBYTES - md->blake2b.curlen); /* Padding */
blake2b_compress(md, md->blake2b.buf);
for (i = 0; i < 8; ++i) /* Output full hash to temp buffer */
STORE64L(md->blake2b.h[i], buffer + i * 8);
XMEMCPY(out, buffer, md->blake2b.outlen);
zeromem(md, sizeof(hash_state));
#ifdef LTC_CLEAN_STACK
zeromem(buffer, sizeof(buffer));
#endif
return CRYPT_OK;
}
/**
Terminate the hash to get the digest
@param md The hash state
@param out [out] The destination of the hash (length of the block size of the block cipher)
@return CRYPT_OK if successful
*/
int chc_done(hash_state *md, unsigned char *out)
{
int err;
LTC_ARGCHK(md != NULL);
LTC_ARGCHK(out != NULL);
/* is the cipher valid? */
if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) {
return err;
}
if (cipher_blocksize != cipher_descriptor[cipher_idx].block_length) {
return CRYPT_INVALID_CIPHER;
}
if (md->chc.curlen >= sizeof(md->chc.buf)) {
return CRYPT_INVALID_ARG;
}
/* increase the length of the message */
md->chc.length += md->chc.curlen * 8;
/* append the '1' bit */
md->chc.buf[md->chc.curlen++] = (unsigned char)0x80;
/* if the length is currently above l-8 bytes we append zeros
* then compress. Then we can fall back to padding zeros and length
* encoding like normal.
*/
if (md->chc.curlen > (unsigned long)(cipher_blocksize - 8)) {
while (md->chc.curlen < (unsigned long)cipher_blocksize) {
md->chc.buf[md->chc.curlen++] = (unsigned char)0;
}
chc_compress(md, md->chc.buf);
md->chc.curlen = 0;
}
/* pad upto l-8 bytes of zeroes */
while (md->chc.curlen < (unsigned long)(cipher_blocksize - 8)) {
md->chc.buf[md->chc.curlen++] = (unsigned char)0;
}
/* store length */
STORE64L(md->chc.length, md->chc.buf+(cipher_blocksize-8));
chc_compress(md, md->chc.buf);
/* copy output */
XMEMCPY(out, md->chc.state, cipher_blocksize);
#ifdef LTC_CLEAN_STACK
zeromem(md, sizeof(hash_state));
#endif
return CRYPT_OK;
}
/**
Terminate a ChaCha20Poly1305 stream
@param st The ChaCha20Poly1305 state
@param tag [out] The destination for the MAC tag
@param taglen [in/out] The length of the MAC tag
@return CRYPT_OK on success
*/
int chacha20poly1305_done(chacha20poly1305_state *st, unsigned char *tag, unsigned long *taglen)
{
unsigned char padzero[16] = { 0 };
unsigned long padlen;
unsigned char buf[16];
int err;
LTC_ARGCHK(st != NULL);
padlen = 16 - (unsigned long)(st->ctlen % 16);
if (padlen < 16) {
if ((err = poly1305_process(&st->poly, padzero, padlen)) != CRYPT_OK) return err;
}
STORE64L(st->aadlen, buf);
STORE64L(st->ctlen, buf + 8);
if ((err = poly1305_process(&st->poly, buf, 16)) != CRYPT_OK) return err;
if ((err = poly1305_done(&st->poly, tag, taglen)) != CRYPT_OK) return err;
if ((err = chacha_done(&st->chacha)) != CRYPT_OK) return err;
return CRYPT_OK;
}
/**
Set IV + counter data (with RFC7905-magic) to the ChaCha20Poly1305 state and reset the context
@param st The ChaCha20Poly1305 state
@param iv The IV data to add
@param ivlen The length of the IV (must be 12 or 8)
@param sequence_number 64bit sequence number which is incorporated into IV as described in RFC7905
@return CRYPT_OK on success
*/
int chacha20poly1305_setiv_rfc7905(chacha20poly1305_state *st, const unsigned char *iv, unsigned long ivlen, ulong64 sequence_number)
{
int i;
unsigned char combined_iv[12] = { 0 };
LTC_ARGCHK(st != NULL);
LTC_ARGCHK(iv != NULL);
LTC_ARGCHK(ivlen == 12);
STORE64L(sequence_number, combined_iv + 4);
for (i = 0; i < 12; i++) combined_iv[i] = iv[i] ^ combined_iv[i];
return chacha20poly1305_setiv(st, combined_iv, 12);
}
/**
Terminate the hash to get the digest
@param md The hash state
@param out [out] The destination of the hash (16 bytes)
@return CRYPT_OK if successful
*/
int rmd128_done(hash_state * md, unsigned char *out)
{
int i;
LTC_ARGCHK(md != NULL);
LTC_ARGCHK(out != NULL);
if (md->rmd128.curlen >= sizeof(md->rmd128.buf)) {
return CRYPT_INVALID_ARG;
}
/* increase the length of the message */
md->rmd128.length += md->rmd128.curlen * 8;
/* append the '1' bit */
md->rmd128.buf[md->rmd128.curlen++] = (unsigned char)0x80;
/* if the length is currently above 56 bytes we append zeros
* then compress. Then we can fall back to padding zeros and length
* encoding like normal.
*/
if (md->rmd128.curlen > 56) {
while (md->rmd128.curlen < 64) {
md->rmd128.buf[md->rmd128.curlen++] = (unsigned char)0;
}
rmd128_compress(md, md->rmd128.buf);
md->rmd128.curlen = 0;
}
/* pad upto 56 bytes of zeroes */
while (md->rmd128.curlen < 56) {
md->rmd128.buf[md->rmd128.curlen++] = (unsigned char)0;
}
/* store length */
STORE64L(md->rmd128.length, md->rmd128.buf+56);
rmd128_compress(md, md->rmd128.buf);
/* copy output */
for (i = 0; i < 4; i++) {
STORE32L(md->rmd128.state[i], out+(4*i));
}
#ifdef LTC_CLEAN_STACK
zeromem(md, sizeof(hash_state));
#endif
return CRYPT_OK;
}
/**
Terminate the hash to get the digest
@param sha1 The hash state
@param out [out] The destination of the hash (16 bytes)
*/
void md5_done(struct md5_state *md5, unsigned char *out)
{
int i;
assert(md5 != NULL);
assert(out != NULL);
assert(md5->curlen < sizeof(md5->buf));
/* increase the length of the message */
md5->length += md5->curlen * 8;
/* append the '1' bit */
md5->buf[md5->curlen++] = (unsigned char)0x80;
/* if the length is currently above 56 bytes we append zeros
* then compress. Then we can fall back to padding zeros and length
* encoding like normal.
*/
if (md5->curlen > 56) {
while (md5->curlen < 64) {
md5->buf[md5->curlen++] = (unsigned char)0;
}
md5_compress(md5, md5->buf);
md5->curlen = 0;
}
/* pad upto 56 bytes of zeroes */
while (md5->curlen < 56) {
md5->buf[md5->curlen++] = (unsigned char)0;
}
/* store length */
STORE64L(md5->length, md5->buf+56);
md5_compress(md5, md5->buf);
/* copy output */
for (i = 0; i < 4; i++) {
STORE32L(md5->state[i], out+(4*i));
}
}
static kripto_hash *skein256_recreate
(
kripto_hash *s,
unsigned int r,
size_t len
)
{
uint64_t t;
s->r = r;
s->i = 0;
s->f = 0;
memset(s->h, 0, 32);
memset(s->tweak, 0, 16);
t = len << 3;
/* CFG */
s->buf[0] = 'S';
s->buf[1] = 'H';
s->buf[2] = 'A';
s->buf[3] = '3';
s->buf[4] = 1;
s->buf[5] = 0;
s->buf[6] = 0;
s->buf[7] = 0;
STORE64L(t, s->buf + 8);
memset(s->buf + 16, 0, 16);
s->tweak[0] = 32;
s->tweak[15] = 0xC4; /* type CFG, first, final */
skein256_process(s);
/* MSG */
s->tweak[0] = 0;
s->tweak[15] = 0x70; /* type MSG, first */
return s;
}
/**
Source donated by Elliptic Semiconductor Inc (www.ellipticsemi.com) to the LibTom Projects
Returns CRYPT_OK upon success.
*/
int xts_test(void)
{
#ifdef LTC_NO_TEST
return CRYPT_NOP;
#else
static const struct {
int keylen;
unsigned char key1[32];
unsigned char key2[32];
ulong64 seqnum;
unsigned long PTLEN;
unsigned char PTX[512], CTX[512];
} tests[] = {
/* #1 32 byte key, 32 byte PTX */
{
32,
{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
0,
32,
{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
{ 0x91,0x7c,0xf6,0x9e,0xbd,0x68,0xb2,0xec,0x9b,0x9f,0xe9,0xa3,0xea,0xdd,0xa6,0x92,0xcd,0x43,0xd2,0xf5,0x95,0x98,0xed,0x85,0x8c,0x02,0xc2,0x65,0x2f,0xbf,0x92,0x2e },
},
/* #2, 32 byte key, 32 byte PTX */
{
32,
{ 0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11 },
{ 0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22 },
CONST64(0x3333333333),
32,
{ 0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44 },
{ 0xc4,0x54,0x18,0x5e,0x6a,0x16,0x93,0x6e,0x39,0x33,0x40,0x38,0xac,0xef,0x83,0x8b,0xfb,0x18,0x6f,0xff,0x74,0x80,0xad,0xc4,0x28,0x93,0x82,0xec,0xd6,0xd3,0x94,0xf0 },
},
/* #5 from xts.7, 32 byte key, 32 byte PTX */
{
32,
{ 0xff,0xfe,0xfd,0xfc,0xfb,0xfa,0xf9,0xf8,0xf7,0xf6,0xf5,0xf4,0xf3,0xf2,0xf1,0xf0 },
{ 0xbf,0xbe,0xbd,0xbc,0xbb,0xba,0xb9,0xb8,0xb7,0xb6,0xb5,0xb4,0xb3,0xb2,0xb1,0xb0 },
CONST64(0x123456789a),
32,
{ 0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44 },
{ 0xb0,0x1f,0x86,0xf8,0xed,0xc1,0x86,0x37,0x06,0xfa,0x8a,0x42,0x53,0xe3,0x4f,0x28,0xaf,0x31,0x9d,0xe3,0x83,0x34,0x87,0x0f,0x4d,0xd1,0xf9,0x4c,0xbe,0x98,0x32,0xf1 },
},
/* #4, 32 byte key, 512 byte PTX */
{
32,
{ 0x27,0x18,0x28,0x18,0x28,0x45,0x90,0x45,0x23,0x53,0x60,0x28,0x74,0x71,0x35,0x26 },
{ 0x31,0x41,0x59,0x26,0x53,0x58,0x97,0x93,0x23,0x84,0x62,0x64,0x33,0x83,0x27,0x95 },
0,
512,
{
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,
0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f,0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3a,0x3b,0x3c,0x3d,0x3e,0x3f,
0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f,0x50,0x51,0x52,0x53,0x54,0x55,0x56,0x57,0x58,0x59,0x5a,0x5b,0x5c,0x5d,0x5e,0x5f,
0x60,0x61,0x62,0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6a,0x6b,0x6c,0x6d,0x6e,0x6f,0x70,0x71,0x72,0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7a,0x7b,0x7c,0x7d,0x7e,0x7f,
0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87,0x88,0x89,0x8a,0x8b,0x8c,0x8d,0x8e,0x8f,0x90,0x91,0x92,0x93,0x94,0x95,0x96,0x97,0x98,0x99,0x9a,0x9b,0x9c,0x9d,0x9e,0x9f,
0xa0,0xa1,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7,0xa8,0xa9,0xaa,0xab,0xac,0xad,0xae,0xaf,0xb0,0xb1,0xb2,0xb3,0xb4,0xb5,0xb6,0xb7,0xb8,0xb9,0xba,0xbb,0xbc,0xbd,0xbe,0xbf,
0xc0,0xc1,0xc2,0xc3,0xc4,0xc5,0xc6,0xc7,0xc8,0xc9,0xca,0xcb,0xcc,0xcd,0xce,0xcf,0xd0,0xd1,0xd2,0xd3,0xd4,0xd5,0xd6,0xd7,0xd8,0xd9,0xda,0xdb,0xdc,0xdd,0xde,0xdf,
0xe0,0xe1,0xe2,0xe3,0xe4,0xe5,0xe6,0xe7,0xe8,0xe9,0xea,0xeb,0xec,0xed,0xee,0xef,0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff,
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,
0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f,0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3a,0x3b,0x3c,0x3d,0x3e,0x3f,
0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f,0x50,0x51,0x52,0x53,0x54,0x55,0x56,0x57,0x58,0x59,0x5a,0x5b,0x5c,0x5d,0x5e,0x5f,
0x60,0x61,0x62,0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6a,0x6b,0x6c,0x6d,0x6e,0x6f,0x70,0x71,0x72,0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7a,0x7b,0x7c,0x7d,0x7e,0x7f,
0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87,0x88,0x89,0x8a,0x8b,0x8c,0x8d,0x8e,0x8f,0x90,0x91,0x92,0x93,0x94,0x95,0x96,0x97,0x98,0x99,0x9a,0x9b,0x9c,0x9d,0x9e,0x9f,
0xa0,0xa1,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7,0xa8,0xa9,0xaa,0xab,0xac,0xad,0xae,0xaf,0xb0,0xb1,0xb2,0xb3,0xb4,0xb5,0xb6,0xb7,0xb8,0xb9,0xba,0xbb,0xbc,0xbd,0xbe,0xbf,
0xc0,0xc1,0xc2,0xc3,0xc4,0xc5,0xc6,0xc7,0xc8,0xc9,0xca,0xcb,0xcc,0xcd,0xce,0xcf,0xd0,0xd1,0xd2,0xd3,0xd4,0xd5,0xd6,0xd7,0xd8,0xd9,0xda,0xdb,0xdc,0xdd,0xde,0xdf,
0xe0,0xe1,0xe2,0xe3,0xe4,0xe5,0xe6,0xe7,0xe8,0xe9,0xea,0xeb,0xec,0xed,0xee,0xef,0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff,
},
{
0x27,0xa7,0x47,0x9b,0xef,0xa1,0xd4,0x76,0x48,0x9f,0x30,0x8c,0xd4,0xcf,0xa6,0xe2,0xa9,0x6e,0x4b,0xbe,0x32,0x08,0xff,0x25,0x28,0x7d,0xd3,0x81,0x96,0x16,0xe8,0x9c,
0xc7,0x8c,0xf7,0xf5,0xe5,0x43,0x44,0x5f,0x83,0x33,0xd8,0xfa,0x7f,0x56,0x00,0x00,0x05,0x27,0x9f,0xa5,0xd8,0xb5,0xe4,0xad,0x40,0xe7,0x36,0xdd,0xb4,0xd3,0x54,0x12,
0x32,0x80,0x63,0xfd,0x2a,0xab,0x53,0xe5,0xea,0x1e,0x0a,0x9f,0x33,0x25,0x00,0xa5,0xdf,0x94,0x87,0xd0,0x7a,0x5c,0x92,0xcc,0x51,0x2c,0x88,0x66,0xc7,0xe8,0x60,0xce,
0x93,0xfd,0xf1,0x66,0xa2,0x49,0x12,0xb4,0x22,0x97,0x61,0x46,0xae,0x20,0xce,0x84,0x6b,0xb7,0xdc,0x9b,0xa9,0x4a,0x76,0x7a,0xae,0xf2,0x0c,0x0d,0x61,0xad,0x02,0x65,
0x5e,0xa9,0x2d,0xc4,0xc4,0xe4,0x1a,0x89,0x52,0xc6,0x51,0xd3,0x31,0x74,0xbe,0x51,0xa1,0x0c,0x42,0x11,0x10,0xe6,0xd8,0x15,0x88,0xed,0xe8,0x21,0x03,0xa2,0x52,0xd8,
0xa7,0x50,0xe8,0x76,0x8d,0xef,0xff,0xed,0x91,0x22,0x81,0x0a,0xae,0xb9,0x9f,0x91,0x72,0xaf,0x82,0xb6,0x04,0xdc,0x4b,0x8e,0x51,0xbc,0xb0,0x82,0x35,0xa6,0xf4,0x34,
0x13,0x32,0xe4,0xca,0x60,0x48,0x2a,0x4b,0xa1,0xa0,0x3b,0x3e,0x65,0x00,0x8f,0xc5,0xda,0x76,0xb7,0x0b,0xf1,0x69,0x0d,0xb4,0xea,0xe2,0x9c,0x5f,0x1b,0xad,0xd0,0x3c,
0x5c,0xcf,0x2a,0x55,0xd7,0x05,0xdd,0xcd,0x86,0xd4,0x49,0x51,0x1c,0xeb,0x7e,0xc3,0x0b,0xf1,0x2b,0x1f,0xa3,0x5b,0x91,0x3f,0x9f,0x74,0x7a,0x8a,0xfd,0x1b,0x13,0x0e,
0x94,0xbf,0xf9,0x4e,0xff,0xd0,0x1a,0x91,0x73,0x5c,0xa1,0x72,0x6a,0xcd,0x0b,0x19,0x7c,0x4e,0x5b,0x03,0x39,0x36,0x97,0xe1,0x26,0x82,0x6f,0xb6,0xbb,0xde,0x8e,0xcc,
0x1e,0x08,0x29,0x85,0x16,0xe2,0xc9,0xed,0x03,0xff,0x3c,0x1b,0x78,0x60,0xf6,0xde,0x76,0xd4,0xce,0xcd,0x94,0xc8,0x11,0x98,0x55,0xef,0x52,0x97,0xca,0x67,0xe9,0xf3,
0xe7,0xff,0x72,0xb1,0xe9,0x97,0x85,0xca,0x0a,0x7e,0x77,0x20,0xc5,0xb3,0x6d,0xc6,0xd7,0x2c,0xac,0x95,0x74,0xc8,0xcb,0xbc,0x2f,0x80,0x1e,0x23,0xe5,0x6f,0xd3,0x44,
0xb0,0x7f,0x22,0x15,0x4b,0xeb,0xa0,0xf0,0x8c,0xe8,0x89,0x1e,0x64,0x3e,0xd9,0x95,0xc9,0x4d,0x9a,0x69,0xc9,0xf1,0xb5,0xf4,0x99,0x02,0x7a,0x78,0x57,0x2a,0xee,0xbd,
0x74,0xd2,0x0c,0xc3,0x98,0x81,0xc2,0x13,0xee,0x77,0x0b,0x10,0x10,0xe4,0xbe,0xa7,0x18,0x84,0x69,0x77,0xae,0x11,0x9f,0x7a,0x02,0x3a,0xb5,0x8c,0xca,0x0a,0xd7,0x52,
0xaf,0xe6,0x56,0xbb,0x3c,0x17,0x25,0x6a,0x9f,0x6e,0x9b,0xf1,0x9f,0xdd,0x5a,0x38,0xfc,0x82,0xbb,0xe8,0x72,0xc5,0x53,0x9e,0xdb,0x60,0x9e,0xf4,0xf7,0x9c,0x20,0x3e,
0xbb,0x14,0x0f,0x2e,0x58,0x3c,0xb2,0xad,0x15,0xb4,0xaa,0x5b,0x65,0x50,0x16,0xa8,0x44,0x92,0x77,0xdb,0xd4,0x77,0xef,0x2c,0x8d,0x6c,0x01,0x7d,0xb7,0x38,0xb1,0x8d,
0xeb,0x4a,0x42,0x7d,0x19,0x23,0xce,0x3f,0xf2,0x62,0x73,0x57,0x79,0xa4,0x18,0xf2,0x0a,0x28,0x2d,0xf9,0x20,0x14,0x7b,0xea,0xbe,0x42,0x1e,0xe5,0x31,0x9d,0x05,0x68,
}
},
/* #7, 32 byte key, 17 byte PTX */
{
32,
{ 0xff,0xfe,0xfd,0xfc,0xfb,0xfa,0xf9,0xf8,0xf7,0xf6,0xf5,0xf4,0xf3,0xf2,0xf1,0xf0 },
{ 0xbf,0xbe,0xbd,0xbc,0xbb,0xba,0xb9,0xb8,0xb7,0xb6,0xb5,0xb4,0xb3,0xb2,0xb1,0xb0 },
CONST64(0x123456789a),
17,
{ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10 },
{ 0x6c,0x16,0x25,0xdb,0x46,0x71,0x52,0x2d,0x3d,0x75,0x99,0x60,0x1d,0xe7,0xca,0x09,0xed },
},
/* #15, 32 byte key, 25 byte PTX */
{
32,
{ 0xff,0xfe,0xfd,0xfc,0xfb,0xfa,0xf9,0xf8,0xf7,0xf6,0xf5,0xf4,0xf3,0xf2,0xf1,0xf0 },
{ 0xbf,0xbe,0xbd,0xbc,0xbb,0xba,0xb9,0xb8,0xb7,0xb6,0xb5,0xb4,0xb3,0xb2,0xb1,0xb0 },
CONST64(0x123456789a),
25,
{ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18 },
{ 0x8f,0x4d,0xcb,0xad,0x55,0x55,0x8d,0x7b,0x4e,0x01,0xd9,0x37,0x9c,0xd4,0xea,0x22,0xed,0xbf,0x9d,0xac,0xe4,0x5d,0x6f,0x6a,0x73 },
},
/* #21, 32 byte key, 31 byte PTX */
{
32,
{ 0xff,0xfe,0xfd,0xfc,0xfb,0xfa,0xf9,0xf8,0xf7,0xf6,0xf5,0xf4,0xf3,0xf2,0xf1,0xf0 },
{ 0xbf,0xbe,0xbd,0xbc,0xbb,0xba,0xb9,0xb8,0xb7,0xb6,0xb5,0xb4,0xb3,0xb2,0xb1,0xb0 },
CONST64(0x123456789a),
31,
{ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e },
{ 0xd0,0x5b,0xc0,0x90,0xa8,0xe0,0x4f,0x1b,0x3d,0x3e,0xcd,0xd5,0xba,0xec,0x0f,0xd4,0xed,0xbf,0x9d,0xac,0xe4,0x5d,0x6f,0x6a,0x73,0x06,0xe6,0x4b,0xe5,0xdd,0x82 },
},
};
unsigned char OUT[512], T[16];
ulong64 seq;
symmetric_xts xts;
int i, err, idx;
/* AES can be under rijndael or aes... try to find it */
if ((idx = find_cipher("aes")) == -1) {
if ((idx = find_cipher("rijndael")) == -1) {
return CRYPT_NOP;
}
}
for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) {
err = xts_start(idx, tests[i].key1, tests[i].key2, tests[i].keylen/2, 0, &xts);
if (err != CRYPT_OK) {
return err;
}
seq = tests[i].seqnum;
STORE64L(seq,T);
XMEMSET(T+8, 0, 8);
err = xts_encrypt(tests[i].PTX, tests[i].PTLEN, OUT, T, &xts);
if (err != CRYPT_OK) {
xts_done(&xts);
return err;
}
if (XMEMCMP(OUT, tests[i].CTX, tests[i].PTLEN)) {
xts_done(&xts);
return CRYPT_FAIL_TESTVECTOR;
}
err = xts_decrypt(tests[i].CTX, tests[i].PTLEN, OUT, T, &xts);
if (err != CRYPT_OK) {
xts_done(&xts);
return err;
}
if (XMEMCMP(OUT, tests[i].PTX, tests[i].PTLEN)) {
xts_done(&xts);
return CRYPT_FAIL_TESTVECTOR;
}
xts_done(&xts);
}
return CRYPT_OK;
#endif
}
int32 psMd4Final(psDigestContext_t * md, unsigned char *out)
{
int32 i;
#ifndef HAVE_NATIVE_INT64
uint32 n;
#endif
psAssert(md != NULL);
psAssert(out != NULL);
if (md->md4.curlen >= sizeof(md->md4.buf)) {
psTraceCrypto("psMd4Final error\n");
return PS_LIMIT_FAIL;
}
/* increase the length of the message */
#ifdef HAVE_NATIVE_INT64
md->md4.length += md->md4.curlen << 3;
#else
n = (md->md4.lengthLo + (md->md4.curlen << 3)) & 0xFFFFFFFFL;
if (n < md->md4.lengthLo) {
md->md4.lengthHi++;
}
md->md4.lengthHi += (md->md4.curlen >> 29);
md->md4.lengthLo = n;
#endif /* HAVE_NATIVE_INT64 */
/* append the '1' bit */
md->md4.buf[md->md4.curlen++] = (unsigned char)0x80;
/* if the length is currently above 56 bytes we append zeros
* then compress. Then we can fall back to padding zeros and length
* encoding like normal.
*/
if (md->md4.curlen > 56) {
while (md->md4.curlen < 64) {
md->md4.buf[md->md4.curlen++] = (unsigned char)0;
}
md4_compress(md, md->md4.buf);
md->md4.curlen = 0;
}
/* pad upto 56 bytes of zeroes */
while (md->md4.curlen < 56) {
md->md4.buf[md->md4.curlen++] = (unsigned char)0;
}
/* store length */
#ifdef HAVE_NATIVE_INT64
STORE64L(md->md4.length, md->md4.buf+56);
#else
STORE32L(md->md4.lengthLo, md->md4.buf+56);
STORE32L(md->md4.lengthHi, md->md4.buf+60);
#endif /* HAVE_NATIVE_INT64 */
md4_compress(md, md->md4.buf);
/* copy output */
for (i = 0; i < 4; i++) {
STORE32L(md->md4.state[i], out+(4*i));
}
memset(md, 0x0, sizeof(psDigestContext_t));
return PS_SUCCESS;
}
/* Test store/load macros with offsets */
int store_test(void)
{
unsigned char buf[256];
int y;
ulong32 L, L1;
ulong64 LL, LL1;
#ifdef LTC_FAST
int x, z;
#endif
for (y = 0; y < 4; y++) {
L = 0x12345678UL;
L1 = 0;
STORE32L(L, buf + y);
LOAD32L(L1, buf + y);
if (L1 != L) {
fprintf(stderr, "\n32L failed at offset %d\n", y);
return 1;
}
STORE32H(L, buf + y);
LOAD32H(L1, buf + y);
if (L1 != L) {
fprintf(stderr, "\n32H failed at offset %d\n", y);
return 1;
}
}
for (y = 0; y < 8; y++) {
LL = CONST64 (0x01020304050607);
LL1 = 0;
STORE64L(LL, buf + y);
LOAD64L(LL1, buf + y);
if (LL1 != LL) {
fprintf(stderr, "\n64L failed at offset %d\n", y);
return 1;
}
STORE64H(LL, buf + y);
LOAD64H(LL1, buf + y);
if (LL1 != LL) {
fprintf(stderr, "\n64H failed at offset %d\n", y);
return 1;
}
}
/* test LTC_FAST */
#ifdef LTC_FAST
y = 16;
for (z = 0; z < y; z++) {
/* fill y bytes with random */
yarrow_read(buf+z, y, &yarrow_prng);
yarrow_read(buf+z+y, y, &yarrow_prng);
/* now XOR it byte for byte */
for (x = 0; x < y; x++) {
buf[2*y+z+x] = buf[z+x] ^ buf[z+y+x];
}
/* now XOR it word for word */
for (x = 0; x < y; x += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE*)(&buf[3*y+z+x])) = *((LTC_FAST_TYPE*)(&buf[z+x])) ^ *((LTC_FAST_TYPE*)(&buf[z+y+x]));
}
if (memcmp(&buf[2*y+z], &buf[3*y+z], y)) {
fprintf(stderr, "\nLTC_FAST failed at offset %d\n", z);
return 1;
}
}
#endif
return 0;
}
static kripto_mac *skein256_recreate
(
kripto_mac *s,
unsigned int r,
const void *key,
unsigned int key_len,
unsigned int tag_len
)
{
uint64_t t;
unsigned int block;
s->r = r;
s->i = 0;
s->f = 0;
memset(s->h, 0, 32);
memset(s->tweak, 0, 16);
t = tag_len << 3;
/* KEY */
s->tweak[15] = 0x40; /* type KEY, first */
while(key_len)
{
if(key_len > 32) block = 32;
else block = key_len;
memcpy(s->buf, key, block);
memset(s->buf, 0, 32 - block);
POS_ADD(s->tweak, block);
key_len -= block;
if(!key_len) s->tweak[15] |= 0x80; /* add final */
skein256_process(s);
s->tweak[15] &= 0xBF; /* remove first */
}
/* CFG */
s->buf[0] = 'S';
s->buf[1] = 'H';
s->buf[2] = 'A';
s->buf[3] = '3';
s->buf[4] = 1;
s->buf[5] = 0;
s->buf[6] = 0;
s->buf[7] = 0;
STORE64L(t, s->buf + 8);
memset(s->buf + 16, 0, 16);
s->tweak[0] = 32;
s->tweak[15] = 0xC4; /* type CFG, first, final */
skein256_process(s);
/* MSG */
s->tweak[0] = 0;
s->tweak[15] = 0x70; /* type MSG, first */
return s;
}
/**
Source donated by Elliptic Semiconductor Inc (www.ellipticsemi.com) to the LibTom Projects
Returns CRYPT_OK upon success.
*/
int xts_test(void)
{
#ifdef LTC_NO_TEST
return CRYPT_NOP;
#else
static const struct
{
int keylen;
unsigned char key1[32];
unsigned char key2[32];
ulong64 seqnum;
unsigned long PTLEN;
unsigned char PTX[512], CTX[512];
} tests[] = {
/* #1 32 byte key, 32 byte PTX */
{
32,
{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
0,
32,
{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
{ 0x91,0x7c,0xf6,0x9e,0xbd,0x68,0xb2,0xec,0x9b,0x9f,0xe9,0xa3,0xea,0xdd,0xa6,0x92,0xcd,0x43,0xd2,0xf5,0x95,0x98,0xed,0x85,0x8c,0x02,0xc2,0x65,0x2f,0xbf,0x92,0x2e },
},
/* #2, 32 byte key, 32 byte PTX */
{
32,
{ 0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11 },
{ 0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22 },
CONST64(0x3333333333),
32,
{ 0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44 },
{ 0xc4,0x54,0x18,0x5e,0x6a,0x16,0x93,0x6e,0x39,0x33,0x40,0x38,0xac,0xef,0x83,0x8b,0xfb,0x18,0x6f,0xff,0x74,0x80,0xad,0xc4,0x28,0x93,0x82,0xec,0xd6,0xd3,0x94,0xf0 },
},
/* #5 from xts.7, 32 byte key, 32 byte PTX */
{
32,
{ 0xff,0xfe,0xfd,0xfc,0xfb,0xfa,0xf9,0xf8,0xf7,0xf6,0xf5,0xf4,0xf3,0xf2,0xf1,0xf0 },
{ 0xbf,0xbe,0xbd,0xbc,0xbb,0xba,0xb9,0xb8,0xb7,0xb6,0xb5,0xb4,0xb3,0xb2,0xb1,0xb0 },
CONST64(0x123456789a),
32,
{ 0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44,0x44 },
{ 0xb0,0x1f,0x86,0xf8,0xed,0xc1,0x86,0x37,0x06,0xfa,0x8a,0x42,0x53,0xe3,0x4f,0x28,0xaf,0x31,0x9d,0xe3,0x83,0x34,0x87,0x0f,0x4d,0xd1,0xf9,0x4c,0xbe,0x98,0x32,0xf1 },
},
/* #4, 32 byte key, 512 byte PTX */
{
32,
{ 0x27,0x18,0x28,0x18,0x28,0x45,0x90,0x45,0x23,0x53,0x60,0x28,0x74,0x71,0x35,0x26 },
{ 0x31,0x41,0x59,0x26,0x53,0x58,0x97,0x93,0x23,0x84,0x62,0x64,0x33,0x83,0x27,0x95 },
0,
512,
{
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,
0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f,0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3a,0x3b,0x3c,0x3d,0x3e,0x3f,
0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f,0x50,0x51,0x52,0x53,0x54,0x55,0x56,0x57,0x58,0x59,0x5a,0x5b,0x5c,0x5d,0x5e,0x5f,
0x60,0x61,0x62,0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6a,0x6b,0x6c,0x6d,0x6e,0x6f,0x70,0x71,0x72,0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7a,0x7b,0x7c,0x7d,0x7e,0x7f,
0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87,0x88,0x89,0x8a,0x8b,0x8c,0x8d,0x8e,0x8f,0x90,0x91,0x92,0x93,0x94,0x95,0x96,0x97,0x98,0x99,0x9a,0x9b,0x9c,0x9d,0x9e,0x9f,
0xa0,0xa1,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7,0xa8,0xa9,0xaa,0xab,0xac,0xad,0xae,0xaf,0xb0,0xb1,0xb2,0xb3,0xb4,0xb5,0xb6,0xb7,0xb8,0xb9,0xba,0xbb,0xbc,0xbd,0xbe,0xbf,
0xc0,0xc1,0xc2,0xc3,0xc4,0xc5,0xc6,0xc7,0xc8,0xc9,0xca,0xcb,0xcc,0xcd,0xce,0xcf,0xd0,0xd1,0xd2,0xd3,0xd4,0xd5,0xd6,0xd7,0xd8,0xd9,0xda,0xdb,0xdc,0xdd,0xde,0xdf,
0xe0,0xe1,0xe2,0xe3,0xe4,0xe5,0xe6,0xe7,0xe8,0xe9,0xea,0xeb,0xec,0xed,0xee,0xef,0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff,
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,
0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f,0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3a,0x3b,0x3c,0x3d,0x3e,0x3f,
0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f,0x50,0x51,0x52,0x53,0x54,0x55,0x56,0x57,0x58,0x59,0x5a,0x5b,0x5c,0x5d,0x5e,0x5f,
0x60,0x61,0x62,0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6a,0x6b,0x6c,0x6d,0x6e,0x6f,0x70,0x71,0x72,0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7a,0x7b,0x7c,0x7d,0x7e,0x7f,
0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87,0x88,0x89,0x8a,0x8b,0x8c,0x8d,0x8e,0x8f,0x90,0x91,0x92,0x93,0x94,0x95,0x96,0x97,0x98,0x99,0x9a,0x9b,0x9c,0x9d,0x9e,0x9f,
0xa0,0xa1,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7,0xa8,0xa9,0xaa,0xab,0xac,0xad,0xae,0xaf,0xb0,0xb1,0xb2,0xb3,0xb4,0xb5,0xb6,0xb7,0xb8,0xb9,0xba,0xbb,0xbc,0xbd,0xbe,0xbf,
0xc0,0xc1,0xc2,0xc3,0xc4,0xc5,0xc6,0xc7,0xc8,0xc9,0xca,0xcb,0xcc,0xcd,0xce,0xcf,0xd0,0xd1,0xd2,0xd3,0xd4,0xd5,0xd6,0xd7,0xd8,0xd9,0xda,0xdb,0xdc,0xdd,0xde,0xdf,
0xe0,0xe1,0xe2,0xe3,0xe4,0xe5,0xe6,0xe7,0xe8,0xe9,0xea,0xeb,0xec,0xed,0xee,0xef,0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff,
},
{
0x27,0xa7,0x47,0x9b,0xef,0xa1,0xd4,0x76,0x48,0x9f,0x30,0x8c,0xd4,0xcf,0xa6,0xe2,0xa9,0x6e,0x4b,0xbe,0x32,0x08,0xff,0x25,0x28,0x7d,0xd3,0x81,0x96,0x16,0xe8,0x9c,
0xc7,0x8c,0xf7,0xf5,0xe5,0x43,0x44,0x5f,0x83,0x33,0xd8,0xfa,0x7f,0x56,0x00,0x00,0x05,0x27,0x9f,0xa5,0xd8,0xb5,0xe4,0xad,0x40,0xe7,0x36,0xdd,0xb4,0xd3,0x54,0x12,
0x32,0x80,0x63,0xfd,0x2a,0xab,0x53,0xe5,0xea,0x1e,0x0a,0x9f,0x33,0x25,0x00,0xa5,0xdf,0x94,0x87,0xd0,0x7a,0x5c,0x92,0xcc,0x51,0x2c,0x88,0x66,0xc7,0xe8,0x60,0xce,
0x93,0xfd,0xf1,0x66,0xa2,0x49,0x12,0xb4,0x22,0x97,0x61,0x46,0xae,0x20,0xce,0x84,0x6b,0xb7,0xdc,0x9b,0xa9,0x4a,0x76,0x7a,0xae,0xf2,0x0c,0x0d,0x61,0xad,0x02,0x65,
0x5e,0xa9,0x2d,0xc4,0xc4,0xe4,0x1a,0x89,0x52,0xc6,0x51,0xd3,0x31,0x74,0xbe,0x51,0xa1,0x0c,0x42,0x11,0x10,0xe6,0xd8,0x15,0x88,0xed,0xe8,0x21,0x03,0xa2,0x52,0xd8,
0xa7,0x50,0xe8,0x76,0x8d,0xef,0xff,0xed,0x91,0x22,0x81,0x0a,0xae,0xb9,0x9f,0x91,0x72,0xaf,0x82,0xb6,0x04,0xdc,0x4b,0x8e,0x51,0xbc,0xb0,0x82,0x35,0xa6,0xf4,0x34,
0x13,0x32,0xe4,0xca,0x60,0x48,0x2a,0x4b,0xa1,0xa0,0x3b,0x3e,0x65,0x00,0x8f,0xc5,0xda,0x76,0xb7,0x0b,0xf1,0x69,0x0d,0xb4,0xea,0xe2,0x9c,0x5f,0x1b,0xad,0xd0,0x3c,
0x5c,0xcf,0x2a,0x55,0xd7,0x05,0xdd,0xcd,0x86,0xd4,0x49,0x51,0x1c,0xeb,0x7e,0xc3,0x0b,0xf1,0x2b,0x1f,0xa3,0x5b,0x91,0x3f,0x9f,0x74,0x7a,0x8a,0xfd,0x1b,0x13,0x0e,
0x94,0xbf,0xf9,0x4e,0xff,0xd0,0x1a,0x91,0x73,0x5c,0xa1,0x72,0x6a,0xcd,0x0b,0x19,0x7c,0x4e,0x5b,0x03,0x39,0x36,0x97,0xe1,0x26,0x82,0x6f,0xb6,0xbb,0xde,0x8e,0xcc,
0x1e,0x08,0x29,0x85,0x16,0xe2,0xc9,0xed,0x03,0xff,0x3c,0x1b,0x78,0x60,0xf6,0xde,0x76,0xd4,0xce,0xcd,0x94,0xc8,0x11,0x98,0x55,0xef,0x52,0x97,0xca,0x67,0xe9,0xf3,
0xe7,0xff,0x72,0xb1,0xe9,0x97,0x85,0xca,0x0a,0x7e,0x77,0x20,0xc5,0xb3,0x6d,0xc6,0xd7,0x2c,0xac,0x95,0x74,0xc8,0xcb,0xbc,0x2f,0x80,0x1e,0x23,0xe5,0x6f,0xd3,0x44,
0xb0,0x7f,0x22,0x15,0x4b,0xeb,0xa0,0xf0,0x8c,0xe8,0x89,0x1e,0x64,0x3e,0xd9,0x95,0xc9,0x4d,0x9a,0x69,0xc9,0xf1,0xb5,0xf4,0x99,0x02,0x7a,0x78,0x57,0x2a,0xee,0xbd,
0x74,0xd2,0x0c,0xc3,0x98,0x81,0xc2,0x13,0xee,0x77,0x0b,0x10,0x10,0xe4,0xbe,0xa7,0x18,0x84,0x69,0x77,0xae,0x11,0x9f,0x7a,0x02,0x3a,0xb5,0x8c,0xca,0x0a,0xd7,0x52,
0xaf,0xe6,0x56,0xbb,0x3c,0x17,0x25,0x6a,0x9f,0x6e,0x9b,0xf1,0x9f,0xdd,0x5a,0x38,0xfc,0x82,0xbb,0xe8,0x72,0xc5,0x53,0x9e,0xdb,0x60,0x9e,0xf4,0xf7,0x9c,0x20,0x3e,
0xbb,0x14,0x0f,0x2e,0x58,0x3c,0xb2,0xad,0x15,0xb4,0xaa,0x5b,0x65,0x50,0x16,0xa8,0x44,0x92,0x77,0xdb,0xd4,0x77,0xef,0x2c,0x8d,0x6c,0x01,0x7d,0xb7,0x38,0xb1,0x8d,
0xeb,0x4a,0x42,0x7d,0x19,0x23,0xce,0x3f,0xf2,0x62,0x73,0x57,0x79,0xa4,0x18,0xf2,0x0a,0x28,0x2d,0xf9,0x20,0x14,0x7b,0xea,0xbe,0x42,0x1e,0xe5,0x31,0x9d,0x05,0x68,
}
},
/* #7, 32 byte key, 17 byte PTX */
{
32,
{ 0xff,0xfe,0xfd,0xfc,0xfb,0xfa,0xf9,0xf8,0xf7,0xf6,0xf5,0xf4,0xf3,0xf2,0xf1,0xf0 },
{ 0xbf,0xbe,0xbd,0xbc,0xbb,0xba,0xb9,0xb8,0xb7,0xb6,0xb5,0xb4,0xb3,0xb2,0xb1,0xb0 },
CONST64(0x123456789a),
17,
{ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10 },
{ 0x6c,0x16,0x25,0xdb,0x46,0x71,0x52,0x2d,0x3d,0x75,0x99,0x60,0x1d,0xe7,0xca,0x09,0xed },
},
/* #15, 32 byte key, 25 byte PTX */
{
32,
{ 0xff,0xfe,0xfd,0xfc,0xfb,0xfa,0xf9,0xf8,0xf7,0xf6,0xf5,0xf4,0xf3,0xf2,0xf1,0xf0 },
{ 0xbf,0xbe,0xbd,0xbc,0xbb,0xba,0xb9,0xb8,0xb7,0xb6,0xb5,0xb4,0xb3,0xb2,0xb1,0xb0 },
CONST64(0x123456789a),
25,
{ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18 },
{ 0x8f,0x4d,0xcb,0xad,0x55,0x55,0x8d,0x7b,0x4e,0x01,0xd9,0x37,0x9c,0xd4,0xea,0x22,0xed,0xbf,0x9d,0xac,0xe4,0x5d,0x6f,0x6a,0x73 },
},
/* #21, 32 byte key, 31 byte PTX */
{
32,
{ 0xff,0xfe,0xfd,0xfc,0xfb,0xfa,0xf9,0xf8,0xf7,0xf6,0xf5,0xf4,0xf3,0xf2,0xf1,0xf0 },
{ 0xbf,0xbe,0xbd,0xbc,0xbb,0xba,0xb9,0xb8,0xb7,0xb6,0xb5,0xb4,0xb3,0xb2,0xb1,0xb0 },
CONST64(0x123456789a),
31,
{ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e },
{ 0xd0,0x5b,0xc0,0x90,0xa8,0xe0,0x4f,0x1b,0x3d,0x3e,0xcd,0xd5,0xba,0xec,0x0f,0xd4,0xed,0xbf,0x9d,0xac,0xe4,0x5d,0x6f,0x6a,0x73,0x06,0xe6,0x4b,0xe5,0xdd,0x82 },
},
};
unsigned char OUT[512], Torg[16], T[16];
ulong64 seq;
symmetric_xts xts;
int i, j, k, err, idx;
unsigned long len;
/* AES can be under rijndael or aes... try to find it */
if ((idx = find_cipher("aes")) == -1) {
if ((idx = find_cipher("rijndael")) == -1) {
return CRYPT_NOP;
}
}
for (k = 0; k < 4; ++k) {
cipher_descriptor[idx].accel_xts_encrypt = NULL;
cipher_descriptor[idx].accel_xts_decrypt = NULL;
if (k & 0x1) {
cipher_descriptor[idx].accel_xts_encrypt = _xts_test_accel_xts_encrypt;
}
if (k & 0x2) {
cipher_descriptor[idx].accel_xts_decrypt = _xts_test_accel_xts_decrypt;
}
for (j = 0; j < 2; j++) {
for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
/* skip the cases where
* the length is smaller than 2*blocklen
* or the length is not a multiple of 32
*/
if ((j == 1) && ((tests[i].PTLEN < 32) || (tests[i].PTLEN % 32))) {
continue;
}
if ((k > 0) && (j == 1)) {
continue;
}
len = tests[i].PTLEN / 2;
err = xts_start(idx, tests[i].key1, tests[i].key2, tests[i].keylen / 2, 0, &xts);
if (err != CRYPT_OK) {
return err;
}
seq = tests[i].seqnum;
STORE64L(seq, Torg);
XMEMSET(Torg + 8, 0, 8);
XMEMCPY(T, Torg, sizeof(T));
if (j == 0) {
err = xts_encrypt(tests[i].PTX, tests[i].PTLEN, OUT, T, &xts);
if (err != CRYPT_OK) {
xts_done(&xts);
return err;
}
} else {
err = xts_encrypt(tests[i].PTX, len, OUT, T, &xts);
if (err != CRYPT_OK) {
xts_done(&xts);
return err;
}
err = xts_encrypt(&tests[i].PTX[len], len, &OUT[len], T, &xts);
if (err != CRYPT_OK) {
xts_done(&xts);
return err;
}
}
if (compare_testvector(OUT, tests[i].PTLEN, tests[i].CTX, tests[i].PTLEN, "XTS encrypt", i)) {
xts_done(&xts);
return CRYPT_FAIL_TESTVECTOR;
}
XMEMCPY(T, Torg, sizeof(T));
if (j == 0) {
err = xts_decrypt(tests[i].CTX, tests[i].PTLEN, OUT, T, &xts);
if (err != CRYPT_OK) {
xts_done(&xts);
return err;
}
} else {
err = xts_decrypt(tests[i].CTX, len, OUT, T, &xts);
if (err != CRYPT_OK) {
xts_done(&xts);
return err;
}
err = xts_decrypt(&tests[i].CTX[len], len, &OUT[len], T, &xts);
if (err != CRYPT_OK) {
xts_done(&xts);
return err;
}
}
if (compare_testvector(OUT, tests[i].PTLEN, tests[i].PTX, tests[i].PTLEN, "XTS decrypt", i)) {
xts_done(&xts);
return CRYPT_FAIL_TESTVECTOR;
}
xts_done(&xts);
}
}
}
return CRYPT_OK;
#endif
}
static void test_xts(const void *opaque)
{
const QCryptoXTSTestData *data = opaque;
unsigned char out[512], Torg[16], T[16];
uint64_t seq;
int j;
unsigned long len;
struct TestAES aesdata;
struct TestAES aestweak;
for (j = 0; j < 2; j++) {
/* skip the cases where
* the length is smaller than 2*blocklen
* or the length is not a multiple of 32
*/
if ((j == 1) && ((data->PTLEN < 32) || (data->PTLEN % 32))) {
continue;
}
len = data->PTLEN / 2;
AES_set_encrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.enc);
AES_set_decrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.dec);
AES_set_encrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.enc);
AES_set_decrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.dec);
seq = data->seqnum;
STORE64L(seq, Torg);
memset(Torg + 8, 0, 8);
memcpy(T, Torg, sizeof(T));
if (j == 0) {
xts_encrypt(&aesdata, &aestweak,
test_xts_aes_encrypt,
test_xts_aes_decrypt,
T, data->PTLEN, out, data->PTX);
} else {
xts_encrypt(&aesdata, &aestweak,
test_xts_aes_encrypt,
test_xts_aes_decrypt,
T, len, out, data->PTX);
xts_encrypt(&aesdata, &aestweak,
test_xts_aes_encrypt,
test_xts_aes_decrypt,
T, len, &out[len], &data->PTX[len]);
}
g_assert(memcmp(out, data->CTX, data->PTLEN) == 0);
memcpy(T, Torg, sizeof(T));
if (j == 0) {
xts_decrypt(&aesdata, &aestweak,
test_xts_aes_encrypt,
test_xts_aes_decrypt,
T, data->PTLEN, out, data->CTX);
} else {
xts_decrypt(&aesdata, &aestweak,
test_xts_aes_encrypt,
test_xts_aes_decrypt,
T, len, out, data->CTX);
xts_decrypt(&aesdata, &aestweak,
test_xts_aes_encrypt,
test_xts_aes_decrypt,
T, len, &out[len], &data->CTX[len]);
}
g_assert(memcmp(out, data->PTX, data->PTLEN) == 0);
}
}
