ARIA test vectors for CBC CFB CTR modes

2025-01-22 05:40:59 +00:00 · 2017-11-30 15:48:37 +00:00 · 2017-11-30 15:48:37 +00:00 · 259fa60f6c
parent 41efbaabc9
commit 259fa60f6c
1 changed files with 257 additions and 55 deletions
--- a/library/aria.c
+++ b/library/aria.c
@ -19,7 +19,6 @@
 *  This file is part of mbed TLS (https://tls.mbed.org)
 */

-
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
 #else
@ -623,80 +622,283 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,

 #if defined(MBEDTLS_SELF_TEST)

+// Basic ARIA ECB test vectors from RFC 5794
+
+static const uint8_t aria_test1_ecb_key[32] =           // test key
+{
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,     // 128 bit
+    0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,     // 192 bit
+    0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F      // 256 bit
+};
+
+static const uint8_t aria_test1_ecb_pt[16] =            // plaintext
+{
+    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,     // same for all
+    0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF      // key sizes
+};
+
+static const uint8_t aria_test1_ecb_ct[3][16] =         // ciphertext
+{
+    { 0xD7, 0x18, 0xFB, 0xD6, 0xAB, 0x64, 0x4C, 0x73,   // 128 bit
+      0x9D, 0xA9, 0x5F, 0x3B, 0xE6, 0x45, 0x17, 0x78 },
+    { 0x26, 0x44, 0x9C, 0x18, 0x05, 0xDB, 0xE7, 0xAA,   // 192 bit
+      0x25, 0xA4, 0x68, 0xCE, 0x26, 0x3A, 0x9E, 0x79 },
+    { 0xF9, 0x2B, 0xD7, 0xC7, 0x9F, 0xB7, 0x2E, 0x2F,   // 256 bit
+      0x2B, 0x8F, 0x80, 0xC1, 0x97, 0x2D, 0x24, 0xFC }
+};
+
+// Mode tests from "Test Vectors for ARIA"  Version 1.0
+// http://210.104.33.10/ARIA/doc/ARIA-testvector-e.pdf
+
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) || \
+    defined(MBEDTLS_CIPHER_MODE_CFB) || \
+    defined(MBEDTLS_CIPHER_MODE_CTR))
+
+static const uint8_t aria_test2_key[32] =
+{
+    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,     // 128 bit
+    0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,     // 192 bit
+    0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff      // 256 bit
+};
+
+static const uint8_t aria_test2_iv[16] =
+{
+    0x0f, 0x1e, 0x2d, 0x3c, 0x4b, 0x5a, 0x69, 0x78,     // same for all
+    0x87, 0x96, 0xa5, 0xb4, 0xc3, 0xd2, 0xe1, 0xf0
+};
+
+static const uint8_t aria_test2_pt[48] =
+{
+    0x11, 0x11, 0x11, 0x11, 0xaa, 0xaa, 0xaa, 0xaa,     // same for all
+    0x11, 0x11, 0x11, 0x11, 0xbb, 0xbb, 0xbb, 0xbb,
+    0x11, 0x11, 0x11, 0x11, 0xcc, 0xcc, 0xcc, 0xcc,
+    0x11, 0x11, 0x11, 0x11, 0xdd, 0xdd, 0xdd, 0xdd,
+    0x22, 0x22, 0x22, 0x22, 0xaa, 0xaa, 0xaa, 0xaa,
+    0x22, 0x22, 0x22, 0x22, 0xbb, 0xbb, 0xbb, 0xbb,
+};
+
+#endif /* defined(MBEDTLS_CIPHER_MODE_CBC) || \
+        defined(MBEDTLS_CIPHER_MODE_CFB) || \
+        defined(MBEDTLS_CIPHER_MODE_CTR) */
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+static const uint8_t aria_test2_cbc_ct[3][48] =         // CBC ciphertxt
+{
+    { 0x49, 0xd6, 0x18, 0x60, 0xb1, 0x49, 0x09, 0x10,   // 128-bit key
+      0x9c, 0xef, 0x0d, 0x22, 0xa9, 0x26, 0x81, 0x34,
+      0xfa, 0xdf, 0x9f, 0xb2, 0x31, 0x51, 0xe9, 0x64,
+      0x5f, 0xba, 0x75, 0x01, 0x8b, 0xdb, 0x15, 0x38,
+      0xb5, 0x33, 0x34, 0x63, 0x4b, 0xbf, 0x7d, 0x4c,
+      0xd4, 0xb5, 0x37, 0x70, 0x33, 0x06, 0x0c, 0x15 },
+    { 0xaf, 0xe6, 0xcf, 0x23, 0x97, 0x4b, 0x53, 0x3c,   // 192-bit key
+      0x67, 0x2a, 0x82, 0x62, 0x64, 0xea, 0x78, 0x5f,
+      0x4e, 0x4f, 0x7f, 0x78, 0x0d, 0xc7, 0xf3, 0xf1,
+      0xe0, 0x96, 0x2b, 0x80, 0x90, 0x23, 0x86, 0xd5,
+      0x14, 0xe9, 0xc3, 0xe7, 0x72, 0x59, 0xde, 0x92,
+      0xdd, 0x11, 0x02, 0xff, 0xab, 0x08, 0x6c, 0x1e },
+    { 0x52, 0x3a, 0x8a, 0x80, 0x6a, 0xe6, 0x21, 0xf1,   // 256-bit key
+      0x55, 0xfd, 0xd2, 0x8d, 0xbc, 0x34, 0xe1, 0xab,
+      0x7b, 0x9b, 0x42, 0x43, 0x2a, 0xd8, 0xb2, 0xef,
+      0xb9, 0x6e, 0x23, 0xb1, 0x3f, 0x0a, 0x6e, 0x52,
+      0xf3, 0x61, 0x85, 0xd5, 0x0a, 0xd0, 0x02, 0xc5,
+      0xf6, 0x01, 0xbe, 0xe5, 0x49, 0x3f, 0x11, 0x8b }
+};
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+static const uint8_t aria_test2_cfb_ct[3][48] =         // CFB ciphertxt
+{
+    { 0x37, 0x20, 0xe5, 0x3b, 0xa7, 0xd6, 0x15, 0x38,   // 128-bit key
+      0x34, 0x06, 0xb0, 0x9f, 0x0a, 0x05, 0xa2, 0x00,
+      0xc0, 0x7c, 0x21, 0xe6, 0x37, 0x0f, 0x41, 0x3a,
+      0x5d, 0x13, 0x25, 0x00, 0xa6, 0x82, 0x85, 0x01,
+      0x7c, 0x61, 0xb4, 0x34, 0xc7, 0xb7, 0xca, 0x96,
+      0x85, 0xa5, 0x10, 0x71, 0x86, 0x1e, 0x4d, 0x4b },
+    { 0x41, 0x71, 0xf7, 0x19, 0x2b, 0xf4, 0x49, 0x54,   // 192-bit key
+      0x94, 0xd2, 0x73, 0x61, 0x29, 0x64, 0x0f, 0x5c,
+      0x4d, 0x87, 0xa9, 0xa2, 0x13, 0x66, 0x4c, 0x94,
+      0x48, 0x47, 0x7c, 0x6e, 0xcc, 0x20, 0x13, 0x59,
+      0x8d, 0x97, 0x66, 0x95, 0x2d, 0xd8, 0xc3, 0x86,
+      0x8f, 0x17, 0xe3, 0x6e, 0xf6, 0x6f, 0xd8, 0x4b },
+    { 0x26, 0x83, 0x47, 0x05, 0xb0, 0xf2, 0xc0, 0xe2,   // 256-bit key
+      0x58, 0x8d, 0x4a, 0x7f, 0x09, 0x00, 0x96, 0x35,
+      0xf2, 0x8b, 0xb9, 0x3d, 0x8c, 0x31, 0xf8, 0x70,
+      0xec, 0x1e, 0x0b, 0xdb, 0x08, 0x2b, 0x66, 0xfa,
+      0x40, 0x2d, 0xd9, 0xc2, 0x02, 0xbe, 0x30, 0x0c,
+      0x45, 0x17, 0xd1, 0x96, 0xb1, 0x4d, 0x4c, 0xe1 }
+};
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+static const uint8_t aria_test2_ctr_ct[3][48] =         // CTR ciphertxt
+{
+    { 0xac, 0x5d, 0x7d, 0xe8, 0x05, 0xa0, 0xbf, 0x1c,   // 128-bit key
+      0x57, 0xc8, 0x54, 0x50, 0x1a, 0xf6, 0x0f, 0xa1,
+      0x14, 0x97, 0xe2, 0xa3, 0x45, 0x19, 0xde, 0xa1,
+      0x56, 0x9e, 0x91, 0xe5, 0xb5, 0xcc, 0xae, 0x2f,
+      0xf3, 0xbf, 0xa1, 0xbf, 0x97, 0x5f, 0x45, 0x71,
+      0xf4, 0x8b, 0xe1, 0x91, 0x61, 0x35, 0x46, 0xc3 },
+    { 0x08, 0x62, 0x5c, 0xa8, 0xfe, 0x56, 0x9c, 0x19,   // 192-bit key
+      0xba, 0x7a, 0xf3, 0x76, 0x0a, 0x6e, 0xd1, 0xce,
+      0xf4, 0xd1, 0x99, 0x26, 0x3e, 0x99, 0x9d, 0xde,
+      0x14, 0x08, 0x2d, 0xbb, 0xa7, 0x56, 0x0b, 0x79,
+      0xa4, 0xc6, 0xb4, 0x56, 0xb8, 0x70, 0x7d, 0xce,
+      0x75, 0x1f, 0x98, 0x54, 0xf1, 0x88, 0x93, 0xdf },
+    { 0x30, 0x02, 0x6c, 0x32, 0x96, 0x66, 0x14, 0x17,   // 256-bit key
+      0x21, 0x17, 0x8b, 0x99, 0xc0, 0xa1, 0xf1, 0xb2,
+      0xf0, 0x69, 0x40, 0x25, 0x3f, 0x7b, 0x30, 0x89,
+      0xe2, 0xa3, 0x0e, 0xa8, 0x6a, 0xa3, 0xc8, 0x8f,
+      0x59, 0x40, 0xf0, 0x5a, 0xd7, 0xee, 0x41, 0xd7,
+      0x13, 0x47, 0xbb, 0x72, 0x61, 0xe3, 0x48, 0xf1 }
+};
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
 /*
 * Checkup routine
 */

+#define ARIA_SELF_TEST_IF_FAIL              \
+        {                                   \
+            if( verbose )                   \
+                printf( "failed\n" );       \
+            return( 1 );                    \
+        } else {                            \
+            if( verbose )                   \
+                printf( "passed\n" );       \
+        }
+
 int mbedtls_aria_self_test( int verbose )
 {
-    // ECB test vectors from RFC 5794
-
-    const uint8_t aria_ecb_test_key[32] =                       // test key
-    {
-        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,         // 128 bit
-        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,         // 192 bit
-        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F          // 256 bit
-    };
-    const uint8_t aria_ecb_test_pt[16] =                        // plaintext
-    {
-        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,         // same for all
-        0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF          // key sizes
-    };
-    const uint8_t aria_ecb_test_ct[3][16] =                     // ciphertext
-    {
-        {   0xD7, 0x18, 0xFB, 0xD6, 0xAB, 0x64, 0x4C, 0x73,     // 128 bit
-            0x9D, 0xA9, 0x5F, 0x3B, 0xE6, 0x45, 0x17, 0x78  }
-        ,
-        {   0x26, 0x44, 0x9C, 0x18, 0x05, 0xDB, 0xE7, 0xAA,     // 192 bit
-            0x25, 0xA4, 0x68, 0xCE, 0x26, 0x3A, 0x9E, 0x79 }
-        ,
-        {   0xF9, 0x2B, 0xD7, 0xC7, 0x9F, 0xB7, 0x2E, 0x2F,     // 256 bit
-            0x2B, 0x8F, 0x80, 0xC1, 0x97, 0x2D, 0x24, 0xFC  }
-    };
-
    int i;
    uint8_t blk[16];
    mbedtls_aria_context ctx;
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) || \
+     defined(MBEDTLS_CIPHER_MODE_CFB) || \
+     defined(MBEDTLS_CIPHER_MODE_CTR))
+    size_t j;
+    uint8_t buf[48], iv[16];
+#endif
+
+    // Test set 1

    for( i = 0; i < 3; i++ )
    {
-        // test encryption
+        // test ECB encryption
        if( verbose )
            printf( "  ARIA-ECB-%d (enc): ", 128 + 64 * i);
-
-        mbedtls_aria_setkey_enc( &ctx, aria_ecb_test_key, 128 + 64 * i );
+        mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i );
        mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_ENCRYPT,
-            aria_ecb_test_pt, blk );
-
-        if( memcmp( blk, aria_ecb_test_ct[i], 16 ) != 0 )
-        {
-            if( verbose )
-                printf( "failed\n" );
-            return( 1 );
-        }
-        if( verbose )
-            printf( "passed\n" );
-
-        // test decryption
+            aria_test1_ecb_pt, blk );
+        if( memcmp( blk, aria_test1_ecb_ct[i], 16 ) != 0 )
+            ARIA_SELF_TEST_IF_FAIL;

+        // test ECB decryption
        if( verbose )
            printf( "  ARIA-ECB-%d (dec): ", 128 + 64 * i);
-
-        mbedtls_aria_setkey_dec( &ctx, aria_ecb_test_key, 128 + 64 * i );
+        mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i );
        mbedtls_aria_crypt_ecb( &ctx, MBEDTLS_ARIA_DECRYPT,
-            aria_ecb_test_ct[i], blk );
-
-        if (memcmp( blk, aria_ecb_test_pt, 16 ) != 0)
-        {
-            if( verbose )
-                printf( "failed\n" );
-            return( 1 );
-        }
-        if( verbose )
-            printf( "passed\n" );
+            aria_test1_ecb_ct[i], blk );
+        if (memcmp( blk, aria_test1_ecb_pt, 16 ) != 0)
+            ARIA_SELF_TEST_IF_FAIL;
    }
-    printf("\n");
+    if( verbose )
+        printf("\n");
+
+    // Test set 2
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    for( i = 0; i < 3; i++ )
+    {
+        // Test CBC encryption
+        if( verbose )
+            printf( "  ARIA-CBC-%d (enc): ", 128 + 64 * i);
+        mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
+        memcpy( iv, aria_test2_iv, 16 );
+        memset( buf, 0x55, sizeof(buf) );
+        mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv,
+            aria_test2_pt, buf );
+        if( memcmp( buf, aria_test2_cbc_ct[i], 48 ) != 0 )
+            ARIA_SELF_TEST_IF_FAIL;
+
+        // Test CBC decryption
+        if( verbose )
+            printf( "  ARIA-CBC-%d (dec): ", 128 + 64 * i);
+        mbedtls_aria_setkey_dec( &ctx, aria_test2_key, 128 + 64 * i );
+        memcpy( iv, aria_test2_iv, 16 );
+        memset( buf, 0xAA, sizeof(buf) );
+        mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, 48, iv,
+            aria_test2_cbc_ct[i], buf );
+        if( memcmp( buf, aria_test2_pt, 48 ) != 0 )
+            ARIA_SELF_TEST_IF_FAIL;
+    }
+    if( verbose )
+        printf("\n");
+
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    for( i = 0; i < 3; i++ )
+    {
+        // Test CFB encryption
+        if( verbose )
+            printf( "  ARIA-CFB-%d (enc): ", 128 + 64 * i);
+        mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
+        memcpy( iv, aria_test2_iv, 16 );
+        memset( buf, 0x55, sizeof(buf) );
+        j = 0;
+        mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv,
+            aria_test2_pt, buf );
+        if( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 )
+            ARIA_SELF_TEST_IF_FAIL;
+
+        // Test CFB decryption
+        if( verbose )
+            printf( "  ARIA-CFB-%d (dec): ", 128 + 64 * i);
+        mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
+        memcpy( iv, aria_test2_iv, 16 );
+        memset( buf, 0xAA, sizeof(buf) );
+        j = 0;
+        mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, 48, &j,
+            iv, aria_test2_cfb_ct[i], buf );
+        if( memcmp( buf, aria_test2_pt, 48 ) != 0 )
+            ARIA_SELF_TEST_IF_FAIL;
+    }
+    if( verbose )
+        printf("\n");
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    for( i = 0; i < 3; i++ )
+    {
+        // Test CTR encryption
+        if( verbose )
+            printf( "  ARIA-CTR-%d (enc): ", 128 + 64 * i);
+        mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
+        memset( iv, 0, 16 );                    // IV = 0
+        memset( buf, 0x55, sizeof(buf) );
+        j = 0;
+        mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
+            aria_test2_pt, buf );
+        if( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 )
+            ARIA_SELF_TEST_IF_FAIL;
+
+        // Test CTR decryption
+        if( verbose )
+            printf( "  ARIA-CTR-%d (dec): ", 128 + 64 * i);
+        mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
+        memset( iv, 0, 16 );                    // IV = 0
+        memset( buf, 0xAA, sizeof(buf) );
+        j = 0;
+        mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
+            aria_test2_ctr_ct[i], buf );
+        if( memcmp( buf, aria_test2_pt, 48 ) != 0 )
+            ARIA_SELF_TEST_IF_FAIL;
+    }
+    if( verbose )
+        printf("\n");
+#endif /* MBEDTLS_CIPHER_MODE_CTR */

    return( 0 );
 }