Update CMAC test vectors.

This commit is contained in:
Janos Follath 2016-12-13 11:51:04 +00:00 committed by Simon Butcher
parent c0db511820
commit 5da3a6f92f
2 changed files with 139 additions and 92 deletions

View file

@ -12,6 +12,13 @@ Bugfix
the input string in PEM format to extract the different components. Found the input string in PEM format to extract the different components. Found
by Eyal Itkin. by Eyal Itkin.
= mbed TLS 2.4.x branch released 2016-xx-xx
Changes
* Update to CMAC test data, taken from - NIST Special Publication 800-38B -
Recommendation for Block Cipher Modes of Operation: The CMAC Mode for
Authentication October 2016
= mbed TLS 2.4.0 branch released 2016-10-17 = mbed TLS 2.4.0 branch released 2016-10-17
Security Security

View file

@ -26,7 +26,7 @@
* *
* - NIST SP 800-38B Recommendation for Block Cipher Modes of Operation: The * - NIST SP 800-38B Recommendation for Block Cipher Modes of Operation: The
* CMAC Mode for Authentication * CMAC Mode for Authentication
* http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38b.pdf * http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf
* *
* - RFC 4493 - The AES-CMAC Algorithm * - RFC 4493 - The AES-CMAC Algorithm
* https://tools.ietf.org/html/rfc4493 * https://tools.ietf.org/html/rfc4493
@ -470,8 +470,9 @@ exit:
#if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_SELF_TEST)
/* /*
* CMAC test data from SP800-38B Appendix D.1 (corrected) * CMAC test data for SP800-38B
* http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/AES_CMAC.pdf
* http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/TDES_CMAC.pdf
* *
* AES-CMAC-PRF-128 test data from RFC 4615 * AES-CMAC-PRF-128 test data from RFC 4615
* https://tools.ietf.org/html/rfc4615#page-4 * https://tools.ietf.org/html/rfc4615#page-4
@ -483,6 +484,7 @@ exit:
#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) #if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C)
/* All CMAC test inputs are truncated from the same 64 byte buffer. */ /* All CMAC test inputs are truncated from the same 64 byte buffer. */
static const unsigned char test_message[] = { static const unsigned char test_message[] = {
/* PT */
0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
@ -497,47 +499,54 @@ static const unsigned char test_message[] = {
#if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_AES_C)
/* Truncation point of message for AES CMAC tests */ /* Truncation point of message for AES CMAC tests */
static const unsigned int aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = { static const unsigned int aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = {
/* Mlen */
0, 0,
16, 16,
40, 20,
64 64
}; };
/* AES 128 CMAC Test Data */ /* CMAC-AES128 Test Data */
static const unsigned char aes_128_key[16] = { static const unsigned char aes_128_key[16] = {
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
}; };
static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
{ {
/* K1 */
0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66, 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66,
0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde
}, },
{ {
/* K2 */
0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc, 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc,
0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b
} }
}; };
static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
{ {
/* Example #1 */
0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
}, },
{ {
/* Example #2 */
0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
}, },
{ {
0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, /* Example #3 */
0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 0x7d, 0x85, 0x44, 0x9e, 0xa6, 0xea, 0x19, 0xc8,
0x23, 0xa7, 0xbf, 0x78, 0x83, 0x7d, 0xfa, 0xde
}, },
{ {
/* Example #4 */
0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
} }
}; };
/* AES 192 CMAC Test Data */ /* CMAC-AES192 Test Data */
static const unsigned char aes_192_key[24] = { static const unsigned char aes_192_key[24] = {
0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
@ -545,34 +554,40 @@ static const unsigned char aes_192_key[24] = {
}; };
static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
{ {
/* K1 */
0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27, 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27,
0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96
}, },
{ {
/* K2 */
0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e, 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e,
0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c
} }
}; };
static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
{ {
/* Example #1 */
0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
}, },
{ {
/* Example #2 */
0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90, 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
}, },
{ {
0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad, /* Example #3 */
0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e 0x3d, 0x75, 0xc1, 0x94, 0xed, 0x96, 0x07, 0x04,
0x44, 0xa9, 0xfa, 0x7e, 0xc7, 0x40, 0xec, 0xf8
}, },
{ {
/* Example #4 */
0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
} }
}; };
/* AES 256 CMAC Test Data */ /* CMAC-AES256 Test Data */
static const unsigned char aes_256_key[32] = { static const unsigned char aes_256_key[32] = {
0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
@ -581,28 +596,34 @@ static const unsigned char aes_256_key[32] = {
}; };
static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = { static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
{ {
/* K1 */
0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac, 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac,
0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f
}, },
{ {
/* K2 */
0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58, 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58,
0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9
} }
}; };
static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = { static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
{ {
/* Example #1 */
0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
}, },
{ {
/* Example #2 */
0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82, 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
}, },
{ {
0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2, /* Example #3 */
0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6 0x15, 0x67, 0x27, 0xdc, 0x08, 0x78, 0x94, 0x4a,
0x02, 0x3c, 0x1f, 0xe0, 0x3b, 0xad, 0x6d, 0x93
}, },
{ {
/* Example #4 */
0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5, 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
} }
@ -613,66 +634,84 @@ static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTL
/* Truncation point of message for 3DES CMAC tests */ /* Truncation point of message for 3DES CMAC tests */
static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = { static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = {
0, 0,
8, 16,
20, 20,
32 32
}; };
/* 3DES 2 Key CMAC Test Data */ /* CMAC-TDES (Generation) - 2 Key Test Data */
static const unsigned char des3_2key_key[24] = { static const unsigned char des3_2key_key[24] = {
0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5, /* Key1 */
0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5 /* Key2 */
0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xEF, 0x01,
/* Key3 */
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
}; };
static const unsigned char des3_2key_subkeys[2][8] = { static const unsigned char des3_2key_subkeys[2][8] = {
{ {
0x8e, 0xcf, 0x37, 0x3e, 0xd7, 0x1a, 0xfa, 0xef /* K1 */
0x0d, 0xd2, 0xcb, 0x7a, 0x3d, 0x88, 0x88, 0xd9
}, },
{ {
0x1d, 0x9e, 0x6e, 0x7d, 0xae, 0x35, 0xf5, 0xc5 /* K2 */
0x1b, 0xa5, 0x96, 0xf4, 0x7b, 0x11, 0x11, 0xb2
} }
}; };
static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = { static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
{ {
0xbd, 0x2e, 0xbf, 0x9a, 0x3b, 0xa0, 0x03, 0x61 /* Sample #1 */
0x79, 0xce, 0x52, 0xa7, 0xf7, 0x86, 0xa9, 0x60
}, },
{ {
0x4f, 0xf2, 0xab, 0x81, 0x3c, 0x53, 0xce, 0x83 /* Sample #2 */
0xcc, 0x18, 0xa0, 0xb7, 0x9a, 0xf2, 0x41, 0x3b
}, },
{ {
0x62, 0xdd, 0x1b, 0x47, 0x19, 0x02, 0xbd, 0x4e /* Sample #3 */
0xc0, 0x6d, 0x37, 0x7e, 0xcd, 0x10, 0x19, 0x69
}, },
{ {
0x31, 0xb1, 0xe4, 0x31, 0xda, 0xbc, 0x4e, 0xb8 /* Sample #4 */
0x9c, 0xd3, 0x35, 0x80, 0xf9, 0xb6, 0x4d, 0xfb
} }
}; };
/* 3DES 3 Key CMAC Test Data */ /* CMAC-TDES (Generation) - 3 Key Test Data */
static const unsigned char des3_3key_key[24] = { static const unsigned char des3_3key_key[24] = {
0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62, /* Key1 */
0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58, 0x01, 0x23, 0x45, 0x67, 0x89, 0xaa, 0xcd, 0xef,
0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 /* Key2 */
0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01,
/* Key3 */
0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23
}; };
static const unsigned char des3_3key_subkeys[2][8] = { static const unsigned char des3_3key_subkeys[2][8] = {
{ {
0x91, 0x98, 0xe9, 0xd3, 0x14, 0xe6, 0x53, 0x5f /* K1 */
0x9d, 0x74, 0xe7, 0x39, 0x33, 0x17, 0x96, 0xc0
}, },
{ {
0x23, 0x31, 0xd3, 0xa6, 0x29, 0xcc, 0xa6, 0xa5 /* K2 */
0x3a, 0xe9, 0xce, 0x72, 0x66, 0x2f, 0x2d, 0x9b
} }
}; };
static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = { static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
{ {
0xb7, 0xa6, 0x88, 0xe1, 0x22, 0xff, 0xaf, 0x95 /* Sample #1 */
0x7d, 0xb0, 0xd3, 0x7d, 0xf9, 0x36, 0xc5, 0x50
}, },
{ {
0x8e, 0x8f, 0x29, 0x31, 0x36, 0x28, 0x37, 0x97 /* Sample #2 */
0x30, 0x23, 0x9c, 0xf1, 0xf5, 0x2e, 0x66, 0x09
}, },
{ {
0x74, 0x3d, 0xdb, 0xe0, 0xce, 0x2d, 0xc2, 0xed /* Sample #3 */
0x6c, 0x9f, 0x3e, 0xe4, 0x92, 0x3f, 0x6b, 0xe2
}, },
{ {
0x33, 0xe6, 0xb1, 0x09, 0x24, 0x00, 0xea, 0xe5 /* Sample #4 */
0x99, 0x42, 0x9b, 0xd0, 0xbF, 0x79, 0x04, 0xe5
} }
}; };
@ -681,6 +720,7 @@ static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBED
#if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_AES_C)
/* AES AES-CMAC-PRF-128 Test Data */ /* AES AES-CMAC-PRF-128 Test Data */
static const unsigned char PRFK[] = { static const unsigned char PRFK[] = {
/* Key */
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0xed, 0xcb 0xed, 0xcb
@ -693,7 +733,7 @@ static const size_t PRFKlen[NB_PRF_TESTS] = {
10 10
}; };
/* PRF M */ /* Message */
static const unsigned char PRFM[] = { static const unsigned char PRFM[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,