yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-18 11:11:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge CCM cipher mode and ciphersuites

Browse source 
Conflicts:
	library/ssl_tls.c
This commit is contained in:
Paul Bakker 2014-05-22 15:30:31 +02:00
parent 0f651c7422 64a96ea281
commit b5212b436f
27 changed files with 3533 additions and 246 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

134
include/polarssl/ccm.h Normal file
View file

@ -0,0 +1,134 @@
/**
* \file ccm.h
*
* \brief Counter with CBC-MAC (CCM) for 128-bit block ciphers
*
* Copyright (C) 2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_CCM_H
#define POLARSSL_CCM_H
#include "cipher.h"
#define POLARSSL_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to function. */
#define POLARSSL_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief CCM context structure
*/
typedef struct {
cipher_context_t cipher_ctx; /*!< cipher context used */
}
ccm_context;
/**
* \brief CCM initialization (encryption and decryption)
*
* \param ctx CCM context to be initialized
* \param cipher cipher to use (a 128-bit block cipher)
* \param key encryption key
* \param keysize key size in bits (must be acceptable by the cipher)
*
* \return 0 if successful, or a cipher specific error code
*/
int ccm_init( ccm_context *ctx, cipher_id_t cipher,
const unsigned char *key, unsigned int keysize );
/**
* \brief Free a CCM context and underlying cipher sub-context
*
* \param ctx CCM context to free
*/
void ccm_free( ccm_context *ctx );
/**
* \brief CCM buffer encryption
*
* \param ctx CCM context
* \param length length of the input data in bytes
* \param iv nonce (initialization vector)
* \param iv_len length of IV in bytes
* must be 2, 3, 4, 5, 6, 7 or 8
* \param add additional data
* \param add_len length of additional data in bytes
* must be less than 2^16 - 2^8
* \param input buffer holding the input data
* \param output buffer for holding the output data
* must be at least 'length' bytes wide
* \param tag buffer for holding the tag
* \param tag_len length of the tag to generate in bytes
* must be 4, 6, 8, 10, 14 or 16
*
* \note The tag is written to a separate buffer. To get the tag
* concatenated with the output as in the CCM spec, use
* tag = output + length and make sure the output buffer is
* at least length + tag_len wide.
*
* \return 0 if successful
*/
int ccm_encrypt_and_tag( ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len );
/**
* \brief CCM buffer authenticated decryption
*
* \param ctx CCM context
* \param length length of the input data
* \param iv initialization vector
* \param iv_len length of IV
* \param add additional data
* \param add_len length of additional data
* \param input buffer holding the input data
* \param output buffer for holding the output data
* \param tag buffer holding the tag
* \param tag_len length of the tag
*
* \return 0 if successful and authenticated,
* POLARSSL_ERR_CCM_AUTH_FAILED if tag does not match
*/
int ccm_auth_decrypt( ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len );
#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
*/
int ccm_self_test( int verbose );
#endif /* POLARSSL_SELF_TEST && POLARSSL_AES_C */
#ifdef __cplusplus
}
#endif
#endif /* POLARSSL_CGM_H */

108
include/polarssl/cipher.h
View file

@ -120,6 +120,12 @@ typedef enum {
POLARSSL_CIPHER_BLOWFISH_CFB64,
POLARSSL_CIPHER_BLOWFISH_CTR,
POLARSSL_CIPHER_ARC4_128,
POLARSSL_CIPHER_AES_128_CCM,
POLARSSL_CIPHER_AES_192_CCM,
POLARSSL_CIPHER_AES_256_CCM,
POLARSSL_CIPHER_CAMELLIA_128_CCM,
POLARSSL_CIPHER_CAMELLIA_192_CCM,
POLARSSL_CIPHER_CAMELLIA_256_CCM,
} cipher_type_t;
typedef enum {
@ -127,10 +133,11 @@ typedef enum {
POLARSSL_MODE_ECB,
POLARSSL_MODE_CBC,
POLARSSL_MODE_CFB,
POLARSSL_MODE_OFB,
POLARSSL_MODE_OFB, /* Unused! */
POLARSSL_MODE_CTR,
POLARSSL_MODE_GCM,
POLARSSL_MODE_STREAM,
POLARSSL_MODE_CCM,
} cipher_mode_t;
typedef enum {
@ -506,7 +513,7 @@ int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode );
* \param iv_len IV length for ciphers with variable-size IV;
* discarded by ciphers with fixed-size IV.
*
* \returns O on success, or POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
* \returns 0 on success, or POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
*
* \note Some ciphers don't use IVs nor NONCE. For these
* ciphers, this function has no effect.
@ -627,6 +634,103 @@ int cipher_check_tag( cipher_context_t *ctx,
const unsigned char *tag, size_t tag_len );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
/**
* \brief Generic all-in-one encryption/decryption
* (for all ciphers except AEAD constructs).
*
* \param ctx generic cipher context
* \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
* \param iv_len IV length for ciphers with variable-size IV;
* discarded by ciphers with fixed-size IV.
* \param input buffer holding the input data
* \param ilen length of the input data
* \param output buffer for the output data. Should be able to hold at
* least ilen + block_size. Cannot be the same buffer as
* input!
* \param olen length of the output data, will be filled with the
* actual number of bytes written.
*
* \note Some ciphers don't use IVs nor NONCE. For these
* ciphers, use iv = NULL and iv_len = 0.
*
* \returns 0 on success, or
* POLARSSL_ERR_CIPHER_BAD_INPUT_DATA, or
* POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
* expected a full block but was not provided one, or
* POLARSSL_ERR_CIPHER_INVALID_PADDING on invalid padding
* while decrypting, or
* a cipher specific error code.
*/
int cipher_crypt( cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
/**
* \brief Generic autenticated encryption (AEAD ciphers).
*
* \param ctx generic cipher context
* \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
* \param iv_len IV length for ciphers with variable-size IV;
* discarded by ciphers with fixed-size IV.
* \param ad Additional data to authenticate.
* \param ad_len Length of ad.
* \param input buffer holding the input data
* \param ilen length of the input data
* \param output buffer for the output data.
* Should be able to hold at least ilen.
* \param olen length of the output data, will be filled with the
* actual number of bytes written.
* \param tag buffer for the authentication tag
* \param tag_len desired tag length
*
* \returns 0 on success, or
* POLARSSL_ERR_CIPHER_BAD_INPUT_DATA, or
* a cipher specific error code.
*/
int cipher_auth_encrypt( cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
unsigned char *tag, size_t tag_len );
/**
* \brief Generic autenticated decryption (AEAD ciphers).
*
* \param ctx generic cipher context
* \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
* \param iv_len IV length for ciphers with variable-size IV;
* discarded by ciphers with fixed-size IV.
* \param ad Additional data to be authenticated.
* \param ad_len Length of ad.
* \param input buffer holding the input data
* \param ilen length of the input data
* \param output buffer for the output data.
* Should be able to hold at least ilen.
* \param olen length of the output data, will be filled with the
* actual number of bytes written.
* \param tag buffer holding the authentication tag
* \param tag_len length of the authentication tag
*
* \returns 0 on success, or
* POLARSSL_ERR_CIPHER_BAD_INPUT_DATA, or
* POLARSSL_ERR_CIPHER_AUTH_FAILED if data isn't authentic,
* or a cipher specific error code.
*
* \note If the data is not authentic, then the output buffer
* is zeroed out to prevent the unauthentic plaintext to
* be used by mistake, making this interface safer.
*/
int cipher_auth_decrypt( cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
const unsigned char *tag, size_t tag_len );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
/**
* \brief Checkup routine
*

14
include/polarssl/config.h
View file

@ -1274,6 +1274,20 @@
*/
#define POLARSSL_CAMELLIA_C
/**
* \def POLARSSL_CCM_C
*
* Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
*
* Module: library/ccm.c
*
* Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C
*
* This module enables the AES-CCM ciphersuites, if other requisites are
* enabled as well.
*/
#define POLARSSL_CCM_C
/**
* \def POLARSSL_CERTS_C
*

1
include/polarssl/error.h
View file

@ -77,6 +77,7 @@
* PBKDF2 1 0x007C-0x007C
* RIPEMD160 1 0x007E-0x007E
* HMAC_DRBG 4 0x0003-0x0009
* CCM 2 0x000D-0x000F
*
* High-level module nr (3 bits - 0x0...-0x7...)
* Name ID Nr of Errors

27
include/polarssl/ssl_ciphersuites.h
View file

@ -210,6 +210,29 @@ extern "C" {
#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< Not in SSL3! */
#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< Not in SSL3! */
#define TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */
#define TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F /**< TLS 1.2 */
#define TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 /**< TLS 1.2 */
#define TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2 /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 /**< TLS 1.2 */
#define TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */
#define TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */
#define TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6 /**< TLS 1.2 */
#define TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7 /**< TLS 1.2 */
#define TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */
#define TLS_PSK_WITH_AES_256_CCM_8 0xC0A9 /**< TLS 1.2 */
#define TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA /**< TLS 1.2 */
#define TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB /**< TLS 1.2 */
/* The last two are named with PSK_DHE in the RFC, which looks like a typo */
#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC /**< TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD /**< TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /**< TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /**< TLS 1.2 */
typedef enum {
POLARSSL_KEY_EXCHANGE_NONE = 0,
POLARSSL_KEY_EXCHANGE_RSA,
@ -226,7 +249,9 @@ typedef enum {
typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
#define POLARSSL_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */
#define POLARSSL_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */
#define POLARSSL_CIPHERSUITE_SHORT_TAG 0x02 /**< Short authentication tag,
eg for CCM_8 */
/**
* \brief This structure is used for storing ciphersuite information

1
library/CMakeLists.txt
View file

@ -11,6 +11,7 @@ set(src
bignum.c
blowfish.c
camellia.c
ccm.c
certs.c
cipher.c
cipher_wrap.c

2
library/Makefile
View file

@ -37,7 +37,7 @@ endif
OBJS= aes.o aesni.o arc4.o \
asn1parse.o \
asn1write.o base64.o bignum.o \
blowfish.o camellia.o \
blowfish.o camellia.o ccm.o \
certs.o cipher.o cipher_wrap.o \
ctr_drbg.o debug.o des.o \
dhm.o ecdh.o ecdsa.o \

448
library/ccm.c Normal file
View file

@ -0,0 +1,448 @@
/*
* NIST SP800-38C compliant CCM implementation
*
* Copyright (C) 2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/*
* Definition of CCM:
* http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
* RFC 3610 "Counter with CBC-MAC (CCM)"
*
* Related:
* RFC 5116 "An Interface and Algorithms for Authenticated Encryption"
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_CCM_C)
#include "polarssl/ccm.h"
#define CCM_ENCRYPT 0
#define CCM_DECRYPT 1
/*
* Initialize context
*/
int ccm_init( ccm_context *ctx, cipher_id_t cipher,
const unsigned char *key, unsigned int keysize )
{
int ret;
const cipher_info_t *cipher_info;
memset( ctx, 0, sizeof( ccm_context ) );
cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB );
if( cipher_info == NULL )
return( POLARSSL_ERR_CCM_BAD_INPUT );
if( cipher_info->block_size != 16 )
return( POLARSSL_ERR_CCM_BAD_INPUT );
if( ( ret = cipher_init_ctx( &ctx->cipher_ctx, cipher_info ) ) != 0 )
return( ret );
if( ( ret = cipher_setkey( &ctx->cipher_ctx, key, keysize,
POLARSSL_ENCRYPT ) ) != 0 )
{
return( ret );
}
return( 0 );
}
/*
* Free context
*/
void ccm_free( ccm_context *ctx )
{
(void) cipher_free_ctx( &ctx->cipher_ctx );
memset( ctx, 0, sizeof( ccm_context ) );
}
/*
* Macros for common operations.
* Results in smaller compiled code than static inline functions.
*/
/*
* Update the CBC-MAC state in y using a block in b
* (Always using b as the source helps the compiler optimise a bit better.)
*/
#define UPDATE_CBC_MAC \
for( i = 0; i < 16; i++ ) \
y[i] ^= b[i]; \
\
if( ( ret = cipher_update( &ctx->cipher_ctx, y, 16, y, &olen ) ) != 0 ) \
return( ret );
/*
* Encrypt or decrypt a partial block with CTR
* Warning: using b for temporary storage! src and dst must not be b!
* This avoids allocating one more 16 bytes buffer while allowing src == dst.
*/
#define CTR_CRYPT( dst, src, len ) \
if( ( ret = cipher_update( &ctx->cipher_ctx, ctr, 16, b, &olen ) ) != 0 ) \
return( ret ); \
\
for( i = 0; i < len; i++ ) \
dst[i] = src[i] ^ b[i];
/*
* Authenticated encryption or decryption
*/
static int ccm_auth_crypt( ccm_context *ctx, int mode, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len )
{
int ret;
unsigned char i;
unsigned char q = 16 - 1 - iv_len;
size_t len_left, olen;
unsigned char b[16];
unsigned char y[16];
unsigned char ctr[16];
const unsigned char *src;
unsigned char *dst;
/*
* Check length requirements: SP800-38C A.1
* Additional requirement: a < 2^16 - 2^8 to simplify the code.
* 'length' checked later (when writing it to the first block)
*/
if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 )
return( POLARSSL_ERR_CCM_BAD_INPUT );
/* Also implies q is within bounds */
if( iv_len < 7 || iv_len > 13 )
return( POLARSSL_ERR_CCM_BAD_INPUT );
if( add_len > 0xFF00 )
return( POLARSSL_ERR_CCM_BAD_INPUT );
/*
* First block B_0:
* 0 .. 0 flags
* 1 .. iv_len nonce (aka iv)
* iv_len+1 .. 15 length
*
* With flags as (bits):
* 7 0
* 6 add present?
* 5 .. 3 (t - 2) / 2
* 2 .. 0 q - 1
*/
b[0] = 0;
b[0] |= ( add_len > 0 ) << 6;
b[0] |= ( ( tag_len - 2 ) / 2 ) << 3;
b[0] |= q - 1;
memcpy( b + 1, iv, iv_len );
for( i = 0, len_left = length; i < q; i++, len_left >>= 8 )
b[15-i] = (unsigned char)( len_left & 0xFF );
if( len_left > 0 )
return( POLARSSL_ERR_CCM_BAD_INPUT );
/* Start CBC-MAC with first block */
memset( y, 0, 16 );
UPDATE_CBC_MAC;
/*
* If there is additional data, update CBC-MAC with
* add_len, add, 0 (padding to a block boundary)
*/
if( add_len > 0 )
{
size_t use_len;
len_left = add_len;
src = add;
memset( b, 0, 16 );
b[0] = (unsigned char)( ( add_len >> 8 ) & 0xFF );
b[1] = (unsigned char)( ( add_len ) & 0xFF );
use_len = len_left < 16 - 2 ? len_left : 16 - 2;
memcpy( b + 2, src, use_len );
len_left -= use_len;
src += use_len;
UPDATE_CBC_MAC;
while( len_left > 0 )
{
use_len = len_left > 16 ? 16 : len_left;
memset( b, 0, 16 );
memcpy( b, src, use_len );
UPDATE_CBC_MAC;
len_left -= use_len;
src += use_len;
}
}
/*
* Prepare counter block for encryption:
* 0 .. 0 flags
* 1 .. iv_len nonce (aka iv)
* iv_len+1 .. 15 counter (initially 1)
*
* With flags as (bits):
* 7 .. 3 0
* 2 .. 0 q - 1
*/
ctr[0] = q - 1;
memcpy( ctr + 1, iv, iv_len );
memset( ctr + 1 + iv_len, 0, q );
ctr[15] = 1;
/*
* Authenticate and {en,de}crypt the message.
*
* The only difference between encryption and decryption is
* the respective order of authentication and {en,de}cryption.
*/
len_left = length;
src = input;
dst = output;
while( len_left > 0 )
{
unsigned char use_len = len_left > 16 ? 16 : len_left;
if( mode == CCM_ENCRYPT )
{
memset( b, 0, 16 );
memcpy( b, src, use_len );
UPDATE_CBC_MAC;
}
CTR_CRYPT( dst, src, use_len );
if( mode == CCM_DECRYPT )
{
memset( b, 0, 16 );
memcpy( b, dst, use_len );
UPDATE_CBC_MAC;
}
dst += use_len;
src += use_len;
len_left -= use_len;
/*
* Increment counter.
* No need to check for overflow thanks to the length check above.
*/
for( i = 0; i < q; i++ )
if( ++ctr[15-i] != 0 )
break;
}
/*
* Authentication: reset counter and crypt/mask internal tag
*/
for( i = 0; i < q; i++ )
ctr[15-i] = 0;
CTR_CRYPT( y, y, 16 );
memcpy( tag, y, tag_len );
return( 0 );
}
/*
* Authenticated encryption
*/
int ccm_encrypt_and_tag( ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len )
{
return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
add, add_len, input, output, tag, tag_len ) );
}
/*
* Authenticated decryption
*/
int ccm_auth_decrypt( ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len )
{
int ret;
unsigned char check_tag[16];
unsigned char i;
int diff;
if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length,
iv, iv_len, add, add_len,
input, output, check_tag, tag_len ) ) != 0 )
{
return( ret );
}
/* Check tag in "constant-time" */
for( diff = 0, i = 0; i < tag_len; i++ )
diff |= tag[i] ^ check_tag[i];
if( diff != 0 )
{
memset( output, 0, length );
return( POLARSSL_ERR_CCM_AUTH_FAILED );
}
return( 0 );
}
#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#endif
/*
* Examples 1 to 3 from SP800-38C Appendix C
*/
#define NB_TESTS 3
/*
* The data is the same for all tests, only the used length changes
*/
static const unsigned char key[] = {
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
};
static const unsigned char iv[] = {
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b
};
static const unsigned char ad[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13
};
static const unsigned char msg[] = {
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
};
static const size_t iv_len [NB_TESTS] = { 7, 8, 12 };
static const size_t add_len[NB_TESTS] = { 8, 16, 20 };
static const size_t msg_len[NB_TESTS] = { 4, 16, 24 };
static const size_t tag_len[NB_TESTS] = { 4, 6, 8 };
static const unsigned char res[NB_TESTS][32] = {
{ 0x71, 0x62, 0x01, 0x5b, 0x4d, 0xac, 0x25, 0x5d },
{ 0xd2, 0xa1, 0xf0, 0xe0, 0x51, 0xea, 0x5f, 0x62,
0x08, 0x1a, 0x77, 0x92, 0x07, 0x3d, 0x59, 0x3d,
0x1f, 0xc6, 0x4f, 0xbf, 0xac, 0xcd },
{ 0xe3, 0xb2, 0x01, 0xa9, 0xf5, 0xb7, 0x1a, 0x7a,
0x9b, 0x1c, 0xea, 0xec, 0xcd, 0x97, 0xe7, 0x0b,
0x61, 0x76, 0xaa, 0xd9, 0xa4, 0x42, 0x8a, 0xa5,
0x48, 0x43, 0x92, 0xfb, 0xc1, 0xb0, 0x99, 0x51 }
};
int ccm_self_test( int verbose )
{
ccm_context ctx;
unsigned char out[32];
size_t i;
int ret;
if( ccm_init( &ctx, POLARSSL_CIPHER_ID_AES, key, 8 * sizeof key ) != 0 )
{
if( verbose != 0 )
polarssl_printf( " CCM: setup failed" );
return( 1 );
}
for( i = 0; i < NB_TESTS; i++ )
{
if( verbose != 0 )
polarssl_printf( " CCM-AES #%u: ", (unsigned int) i + 1 );
ret = ccm_encrypt_and_tag( &ctx, msg_len[i],
iv, iv_len[i], ad, add_len[i],
msg, out,
out + msg_len[i], tag_len[i] );
if( ret != 0 ||
memcmp( out, res[i], msg_len[i] + tag_len[i] ) != 0 )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
ret = ccm_auth_decrypt( &ctx, msg_len[i],
iv, iv_len[i], ad, add_len[i],
res[i], out,
res[i] + msg_len[i], tag_len[i] );
if( ret != 0 ||
memcmp( out, msg, msg_len[i] ) != 0 )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
polarssl_printf( "passed\n" );
}
ccm_free( &ctx );
if( verbose != 0 )
polarssl_printf( "\n" );
return( 0 );
}
#endif /* POLARSSL_SELF_TEST && POLARSSL_AES_C */
#endif /* POLARSSL_CCM_C */

113
library/cipher.c
View file

@ -42,6 +42,10 @@
#include "polarssl/gcm.h"
#endif
#if defined(POLARSSL_CCM_C)
#include "polarssl/ccm.h"
#endif
#include <stdlib.h>
#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
@ -771,6 +775,115 @@ int cipher_check_tag( cipher_context_t *ctx,
}
#endif /* POLARSSL_CIPHER_MODE_AEAD */
/*
* Packet-oriented wrapper for non-AEAD modes
*/
int cipher_crypt( cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen )
{
int ret;
size_t finish_olen;
if( ( ret = cipher_set_iv( ctx, iv, iv_len ) ) != 0 )
return( ret );
if( ( ret = cipher_reset( ctx ) ) != 0 )
return( ret );
if( ( ret = cipher_update( ctx, input, ilen, output, olen ) ) != 0 )
return( ret );
if( ( ret = cipher_finish( ctx, output + *olen, &finish_olen ) ) != 0 )
return( ret );
*olen += finish_olen;
return( 0 );
}
#if defined(POLARSSL_CIPHER_MODE_AEAD)
/*
* Packet-oriented encryption for AEAD modes
*/
int cipher_auth_encrypt( cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
unsigned char *tag, size_t tag_len )
{
#if defined(POLARSSL_GCM_C)
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
{
*olen = ilen;
return( gcm_crypt_and_tag( ctx->cipher_ctx, GCM_ENCRYPT, ilen,
iv, iv_len, ad, ad_len, input, output,
tag_len, tag ) );
}
#endif /* POLARSSL_GCM_C */
#if defined(POLARSSL_CCM_C)
if( POLARSSL_MODE_CCM == ctx->cipher_info->mode )
{
*olen = ilen;
return( ccm_encrypt_and_tag( ctx->cipher_ctx, ilen,
iv, iv_len, ad, ad_len, input, output,
tag, tag_len ) );
}
#endif /* POLARSSL_CCM_C */
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
/*
* Packet-oriented decryption for AEAD modes
*/
int cipher_auth_decrypt( cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
const unsigned char *tag, size_t tag_len )
{
#if defined(POLARSSL_GCM_C)
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
{
int ret;
*olen = ilen;
ret = gcm_auth_decrypt( ctx->cipher_ctx, ilen,
iv, iv_len, ad, ad_len,
tag, tag_len, input, output );
if( ret == POLARSSL_ERR_GCM_AUTH_FAILED )
ret = POLARSSL_ERR_CIPHER_AUTH_FAILED;
return( ret );
}
#endif /* POLARSSL_GCM_C */
#if defined(POLARSSL_CCM_C)
if( POLARSSL_MODE_CCM == ctx->cipher_info->mode )
{
int ret;
*olen = ilen;
ret = ccm_auth_decrypt( ctx->cipher_ctx, ilen,
iv, iv_len, ad, ad_len,
input, output, tag, tag_len );
if( ret == POLARSSL_ERR_CCM_AUTH_FAILED )
ret = POLARSSL_ERR_CIPHER_AUTH_FAILED;
return( ret );
}
#endif /* POLARSSL_CCM_C */
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#if defined(POLARSSL_SELF_TEST)
/*

138
library/cipher_wrap.c
View file

@ -61,6 +61,10 @@
#include "polarssl/gcm.h"
#endif
#if defined(POLARSSL_CCM_C)
#include "polarssl/ccm.h"
#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
@ -84,6 +88,20 @@ static void gcm_ctx_free( void *ctx )
}
#endif /* POLARSSL_GCM_C */
#if defined(POLARSSL_CCM_C)
/* shared by all CCM ciphers */
static void *ccm_ctx_alloc( void )
{
return polarssl_malloc( sizeof( ccm_context ) );
}
static void ccm_ctx_free( void *ctx )
{
ccm_free( ctx );
polarssl_free( ctx );
}
#endif /* POLARSSL_CCM_C */
#if defined(POLARSSL_AES_C)
static int aes_crypt_ecb_wrap( void *ctx, operation_t operation,
@ -378,6 +396,61 @@ const cipher_info_t aes_256_gcm_info = {
};
#endif /* POLARSSL_GCM_C */
#if defined(POLARSSL_CCM_C)
static int ccm_aes_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
return ccm_init( (ccm_context *) ctx, POLARSSL_CIPHER_ID_AES,
key, key_length );
}
const cipher_base_t ccm_aes_info = {
POLARSSL_CIPHER_ID_AES,
NULL,
NULL,
NULL,
NULL,
NULL,
ccm_aes_setkey_wrap,
ccm_aes_setkey_wrap,
ccm_ctx_alloc,
ccm_ctx_free,
};
const cipher_info_t aes_128_ccm_info = {
POLARSSL_CIPHER_AES_128_CCM,
POLARSSL_MODE_CCM,
128,
"AES-128-CCM",
12,
1,
16,
&ccm_aes_info
};
const cipher_info_t aes_192_ccm_info = {
POLARSSL_CIPHER_AES_192_CCM,
POLARSSL_MODE_CCM,
192,
"AES-192-CCM",
12,
1,
16,
&ccm_aes_info
};
const cipher_info_t aes_256_ccm_info = {
POLARSSL_CIPHER_AES_256_CCM,
POLARSSL_MODE_CCM,
256,
"AES-256-CCM",
12,
1,
16,
&ccm_aes_info
};
#endif /* POLARSSL_CCM_C */
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
@ -676,6 +749,61 @@ const cipher_info_t camellia_256_gcm_info = {
};
#endif /* POLARSSL_GCM_C */
#if defined(POLARSSL_CCM_C)
static int ccm_camellia_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
return ccm_init( (ccm_context *) ctx, POLARSSL_CIPHER_ID_CAMELLIA,
key, key_length );
}
const cipher_base_t ccm_camellia_info = {
POLARSSL_CIPHER_ID_CAMELLIA,
NULL,
NULL,
NULL,
NULL,
NULL,
ccm_camellia_setkey_wrap,
ccm_camellia_setkey_wrap,
ccm_ctx_alloc,
ccm_ctx_free,
};
const cipher_info_t camellia_128_ccm_info = {
POLARSSL_CIPHER_CAMELLIA_128_CCM,
POLARSSL_MODE_CCM,
128,
"CAMELLIA-128-CCM",
12,
1,
16,
&ccm_camellia_info
};
const cipher_info_t camellia_192_ccm_info = {
POLARSSL_CIPHER_CAMELLIA_192_CCM,
POLARSSL_MODE_CCM,
192,
"CAMELLIA-192-CCM",
12,
1,
16,
&ccm_camellia_info
};
const cipher_info_t camellia_256_ccm_info = {
POLARSSL_CIPHER_CAMELLIA_256_CCM,
POLARSSL_MODE_CCM,
256,
"CAMELLIA-256-CCM",
12,
1,
16,
&ccm_camellia_info
};
#endif /* POLARSSL_CCM_C */
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_DES_C)
@ -1217,6 +1345,11 @@ const cipher_definition_t cipher_definitions[] =
{ POLARSSL_CIPHER_AES_192_GCM, &aes_192_gcm_info },
{ POLARSSL_CIPHER_AES_256_GCM, &aes_256_gcm_info },
#endif
#if defined(POLARSSL_CCM_C)
{ POLARSSL_CIPHER_AES_128_CCM, &aes_128_ccm_info },
{ POLARSSL_CIPHER_AES_192_CCM, &aes_192_ccm_info },
{ POLARSSL_CIPHER_AES_256_CCM, &aes_256_ccm_info },
#endif
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_ARC4_C)
@ -1260,6 +1393,11 @@ const cipher_definition_t cipher_definitions[] =
{ POLARSSL_CIPHER_CAMELLIA_192_GCM, &camellia_192_gcm_info },
{ POLARSSL_CIPHER_CAMELLIA_256_GCM, &camellia_256_gcm_info },
#endif
#if defined(POLARSSL_CCM_C)
{ POLARSSL_CIPHER_CAMELLIA_128_CCM, &camellia_128_ccm_info },
{ POLARSSL_CIPHER_CAMELLIA_192_CCM, &camellia_192_ccm_info },
{ POLARSSL_CIPHER_CAMELLIA_256_CCM, &camellia_256_ccm_info },
#endif
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_DES_C)

11
library/error.c
View file

@ -53,6 +53,10 @@
#include "polarssl/camellia.h"
#endif
#if defined(POLARSSL_CCM_C)
#include "polarssl/ccm.h"
#endif
#if defined(POLARSSL_CIPHER_C)
#include "polarssl/cipher.h"
#endif
@ -578,6 +582,13 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
snprintf( buf, buflen, "CAMELLIA - Invalid data input length" );
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_CCM_C)
if( use_ret == -(POLARSSL_ERR_CCM_BAD_INPUT) )
snprintf( buf, buflen, "CCM - Bad input parameters to function" );
if( use_ret == -(POLARSSL_ERR_CCM_AUTH_FAILED) )
snprintf( buf, buflen, "CCM - Authenticated decryption failed" );
#endif /* POLARSSL_CCM_C */
#if defined(POLARSSL_CTR_DRBG_C)
if( use_ret == -(POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) )
snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" );

136
library/ssl_ciphersuites.c
View file

@ -51,13 +51,15 @@
* Forward-secure non-PSK > forward-secure PSK > other non-PSK > other PSK
* 2. By key length and cipher:
* AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES
* 3. By cipher mode when relevant GCM > CBC
* 4. By hash function used
* 3. By cipher mode when relevant CCM > GCM > CBC > CCM_8
* 4. By hash function used when relevant
* 5. By key exchange/auth again: EC > non-EC
*/
static const int ciphersuite_preference[] =
{
/* All AES-256 ephemeral suites */
TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
TLS_DHE_RSA_WITH_AES_256_CCM,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
@ -67,6 +69,8 @@ static const int ciphersuite_preference[] =
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
TLS_DHE_RSA_WITH_AES_256_CCM_8,
/* All CAMELLIA-256 ephemeral suites */
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
@ -78,6 +82,8 @@ static const int ciphersuite_preference[] =
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
/* All AES-128 ephemeral suites */
TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
TLS_DHE_RSA_WITH_AES_128_CCM,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
@ -87,6 +93,8 @@ static const int ciphersuite_preference[] =
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
TLS_DHE_RSA_WITH_AES_128_CCM_8,
/* All CAMELLIA-128 ephemeral suites */
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
@ -103,6 +111,7 @@ static const int ciphersuite_preference[] =
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
/* The PSK ephemeral suites */
TLS_DHE_PSK_WITH_AES_256_CCM,
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
@ -111,7 +120,9 @@ static const int ciphersuite_preference[] =
TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS_DHE_PSK_WITH_AES_256_CCM_8,
TLS_DHE_PSK_WITH_AES_128_CCM,
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
@ -120,11 +131,13 @@ static const int ciphersuite_preference[] =
TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS_DHE_PSK_WITH_AES_128_CCM_8,
TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
/* All AES-256 suites */
TLS_RSA_WITH_AES_256_CCM,
TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,
@ -134,6 +147,7 @@ static const int ciphersuite_preference[] =
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_CCM_8,
/* All CAMELLIA-256 suites */
TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
@ -145,6 +159,7 @@ static const int ciphersuite_preference[] =
TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
/* All AES-128 suites */
TLS_RSA_WITH_AES_128_CCM,
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,
@ -154,6 +169,7 @@ static const int ciphersuite_preference[] =
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_CCM_8,
/* All CAMELLIA-128 suites */
TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
@ -185,17 +201,21 @@ static const int ciphersuite_preference[] =
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
/* The PSK suites */
TLS_PSK_WITH_AES_256_CCM,
TLS_PSK_WITH_AES_256_GCM_SHA384,
TLS_PSK_WITH_AES_256_CBC_SHA384,
TLS_PSK_WITH_AES_256_CBC_SHA,
TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
TLS_PSK_WITH_AES_256_CCM_8,
TLS_PSK_WITH_AES_128_CCM,
TLS_PSK_WITH_AES_128_GCM_SHA256,
TLS_PSK_WITH_AES_128_CBC_SHA256,
TLS_PSK_WITH_AES_128_CBC_SHA,
TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
TLS_PSK_WITH_AES_128_CCM_8,
TLS_PSK_WITH_3DES_EDE_CBC_SHA,
@ -240,7 +260,7 @@ static const int ciphersuite_preference[] =
0
};
#define MAX_CIPHERSUITES 160
#define MAX_CIPHERSUITES 176
static int supported_ciphersuites[MAX_CIPHERSUITES];
static int supported_init = 0;
@ -294,6 +314,28 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
0 },
#endif /* POLARSSL_GCM_C */
#endif /* POLARSSL_SHA512_C */
#if defined(POLARSSL_CCM_C)
{ TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_SHORT_TAG },
{ TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_SHORT_TAG },
#endif /* POLARSSL_CCM_C */
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
@ -533,6 +575,28 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
0 },
#endif /* POLARSSL_SHA1_C */
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_CCM_C)
{ TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_SHORT_TAG },
{ TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_SHORT_TAG },
#endif /* POLARSSL_CCM_C */
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
@ -646,6 +710,28 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
0 },
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif /* POLARSSL_SHA1_C */
#if defined(POLARSSL_CCM_C)
{ TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_SHORT_TAG },
{ TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_SHORT_TAG },
#endif /* POLARSSL_CCM_C */
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
@ -1018,6 +1104,28 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
0 },
#endif /* POLARSSL_SHA1_C */
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_CCM_C)
{ TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_SHORT_TAG },
{ TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_SHORT_TAG },
#endif /* POLARSSL_CCM_C */
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
@ -1132,6 +1240,28 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
0 },
#endif /* POLARSSL_SHA1_C */
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_CCM_C)
{ TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
POLARSSL_CIPHER_AES_256_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_SHORT_TAG },
{ TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 },
{ TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
POLARSSL_CIPHER_AES_128_CCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_SHORT_TAG },
#endif /* POLARSSL_CCM_C */
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)

316
library/ssl_tls.c
View file

@ -506,7 +506,8 @@ int ssl_derive_keys( ssl_context *ssl )
* Determine the appropriate key, IV and MAC length.
*/
if( cipher_info->mode == POLARSSL_MODE_GCM )
if( cipher_info->mode == POLARSSL_MODE_GCM ||
cipher_info->mode == POLARSSL_MODE_CCM )
{
transform->keylen = cipher_info->key_length;
transform->keylen /= 8;
@ -991,17 +992,19 @@ static void ssl_mac( md_context_t *md_ctx, unsigned char *secret,
static int ssl_encrypt_buf( ssl_context *ssl )
{
size_t i;
const cipher_mode_t mode = cipher_get_cipher_mode(
&ssl->transform_out->cipher_ctx_enc );
SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
/*
* Add MAC before encrypt, except for GCM
* Add MAC before encrypt, except for AEAD modes
*/
#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
( defined(POLARSSL_CIPHER_MODE_CBC) && \
( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode !=
POLARSSL_MODE_GCM )
if( mode != POLARSSL_MODE_GCM &&
mode != POLARSSL_MODE_CCM )
{
#if defined(POLARSSL_SSL_PROTO_SSL3)
if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
@ -1037,14 +1040,13 @@ static int ssl_encrypt_buf( ssl_context *ssl )
ssl->out_msglen += ssl->transform_out->maclen;
}
#endif /* GCM not the only option */
#endif /* AEAD not the only option */
/*
* Encrypt
*/
#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode ==
POLARSSL_MODE_STREAM )
if( mode == POLARSSL_MODE_STREAM )
{
int ret;
size_t olen = 0;
@ -1056,25 +1058,13 @@ static int ssl_encrypt_buf( ssl_context *ssl )
SSL_DEBUG_BUF( 4, "before encrypt: output payload",
ssl->out_msg, ssl->out_msglen );
if( ( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_reset", ret );
return( ret );
}
if( ( ret = cipher_set_iv( &ssl->transform_out->cipher_ctx_enc,
if( ( ret = cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
ssl->transform_out->iv_enc,
ssl->transform_out->ivlen ) ) != 0 )
ssl->transform_out->ivlen,
ssl->out_msg, ssl->out_msglen,
ssl->out_msg, &olen ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
return( ret );
}
if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc,
ssl->out_msg, ssl->out_msglen, ssl->out_msg,
&olen ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_update", ret );
SSL_DEBUG_RET( 1, "cipher_crypt", ret );
return( ret );
}
@ -1084,31 +1074,19 @@ static int ssl_encrypt_buf( ssl_context *ssl )
ssl->out_msglen, olen ) );
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc,
ssl->out_msg + olen, &olen ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_finish", ret );
return( ret );
}
if( 0 != olen )
{
SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect %d %d",
0, olen ) );
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
}
else
#endif /* POLARSSL_ARC4_C || POLARSSL_CIPHER_NULL_CIPHER */
#if defined(POLARSSL_GCM_C)
if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode ==
POLARSSL_MODE_GCM )
#if defined(POLARSSL_GCM_C) || defined(POLARSSL_CCM_C)
if( mode == POLARSSL_MODE_GCM ||
mode == POLARSSL_MODE_CCM )
{
size_t enc_msglen, olen, totlen;
int ret;
size_t enc_msglen, olen;
unsigned char *enc_msg;
unsigned char add_data[13];
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
unsigned char taglen = ssl->transform_out->ciphersuite_info->flags &
POLARSSL_CIPHERSUITE_SHORT_TAG ? 8 : 16;
memcpy( add_data, ssl->out_ctr, 8 );
add_data[8] = ssl->out_msgtype;
@ -1152,67 +1130,36 @@ static int ssl_encrypt_buf( ssl_context *ssl )
ssl->out_msg, ssl->out_msglen );
/*
* Encrypt
* Encrypt and authenticate
*/
if( ( ret = cipher_set_iv( &ssl->transform_out->cipher_ctx_enc,
ssl->transform_out->iv_enc,
ssl->transform_out->ivlen ) ) != 0 ||
( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc ) ) != 0 )
if( ( ret = cipher_auth_encrypt( &ssl->transform_out->cipher_ctx_enc,
ssl->transform_out->iv_enc,
ssl->transform_out->ivlen,
add_data, 13,
enc_msg, enc_msglen,
enc_msg, &olen,
enc_msg + enc_msglen, taglen ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_reset", ret );
SSL_DEBUG_RET( 1, "cipher_auth_encrypt", ret );
return( ret );
}
if( ( ret = cipher_update_ad( &ssl->transform_out->cipher_ctx_enc,
add_data, 13 ) ) != 0 )
if( olen != enc_msglen )
{
SSL_DEBUG_RET( 1, "cipher_update_ad", ret );
return( ret );
}
if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc,
enc_msg, enc_msglen,
enc_msg, &olen ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_update", ret );
return( ret );
}
totlen = olen;
if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc,
enc_msg + olen, &olen ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_finish", ret );
return( ret );
}
totlen += olen;
if( totlen != enc_msglen )
{
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect %d %d",
enc_msglen, olen ) );
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
/*
* Authenticate
*/
ssl->out_msglen += 16;
ssl->out_msglen += taglen;
if( ( ret = cipher_write_tag( &ssl->transform_out->cipher_ctx_enc,
enc_msg + enc_msglen, 16 ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_write_tag", ret );
return( ret );
}
SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, 16 );
SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, taglen );
}
else
#endif /* POLARSSL_GCM_C */
#endif /* POLARSSL_GCM_C || POLARSSL_CCM_C */
#if defined(POLARSSL_CIPHER_MODE_CBC) && \
( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) )
if( ssl->transform_out->cipher_ctx_enc.cipher_info->mode ==
POLARSSL_MODE_CBC )
if( mode == POLARSSL_MODE_CBC )
{
int ret;
unsigned char *enc_msg;
@ -1266,34 +1213,13 @@ static int ssl_encrypt_buf( ssl_context *ssl )
SSL_DEBUG_BUF( 4, "before encrypt: output payload",
ssl->out_iv, ssl->out_msglen );
if( ( ret = cipher_reset( &ssl->transform_out->cipher_ctx_enc ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_reset", ret );
return( ret );
}
if( ( ret = cipher_set_iv( &ssl->transform_out->cipher_ctx_enc,
if( ( ret = cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
ssl->transform_out->iv_enc,
ssl->transform_out->ivlen ) ) != 0 )
ssl->transform_out->ivlen,
enc_msg, enc_msglen,
enc_msg, &olen ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
return( ret );
}
if( ( ret = cipher_update( &ssl->transform_out->cipher_ctx_enc,
enc_msg, enc_msglen, enc_msg,
&olen ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_update", ret );
return( ret );
}
enc_msglen -= olen;
if( ( ret = cipher_finish( &ssl->transform_out->cipher_ctx_enc,
enc_msg + olen, &olen ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_finish", ret );
SSL_DEBUG_RET( 1, "cipher_crypt", ret );
return( ret );
}
@ -1345,6 +1271,8 @@ static int ssl_encrypt_buf( ssl_context *ssl )
static int ssl_decrypt_buf( ssl_context *ssl )
{
size_t i;
const cipher_mode_t mode = cipher_get_cipher_mode(
&ssl->transform_in->cipher_ctx_dec );
#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
( defined(POLARSSL_CIPHER_MODE_CBC) && \
( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
@ -1361,33 +1289,20 @@ static int ssl_decrypt_buf( ssl_context *ssl )
}
#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode ==
POLARSSL_MODE_STREAM )
if( mode == POLARSSL_MODE_STREAM )
{
int ret;
size_t olen = 0;
padlen = 0;
if( ( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_reset", ret );
return( ret );
}
if( ( ret = cipher_set_iv( &ssl->transform_in->cipher_ctx_dec,
if( ( ret = cipher_crypt( &ssl->transform_in->cipher_ctx_dec,
ssl->transform_in->iv_dec,
ssl->transform_in->ivlen ) ) != 0 )
ssl->transform_in->ivlen,
ssl->in_msg, ssl->in_msglen,
ssl->in_msg, &olen ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
return( ret );
}
if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec,
ssl->in_msg, ssl->in_msglen, ssl->in_msg,
&olen ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_update", ret );
SSL_DEBUG_RET( 1, "cipher_crypt", ret );
return( ret );
}
@ -1396,35 +1311,24 @@ static int ssl_decrypt_buf( ssl_context *ssl )
SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect" ) );
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec,
ssl->in_msg + olen, &olen ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_finish", ret );
return( ret );
}
if( 0 != olen )
{
SSL_DEBUG_MSG( 1, ( "total encrypted length incorrect" ) );
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
}
else
#endif /* POLARSSL_ARC4_C || POLARSSL_CIPHER_NULL_CIPHER */
#if defined(POLARSSL_GCM_C)
if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode ==
POLARSSL_MODE_GCM )
#if defined(POLARSSL_GCM_C) || defined(POLARSSL_CCM_C)
if( mode == POLARSSL_MODE_GCM ||
mode == POLARSSL_MODE_CCM )
{
int ret;
size_t dec_msglen, olen;
unsigned char *dec_msg;
unsigned char *dec_msg_result;
size_t dec_msglen, olen, totlen;
unsigned char add_data[13];
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
unsigned char taglen = ssl->transform_in->ciphersuite_info->flags &
POLARSSL_CIPHERSUITE_SHORT_TAG ? 8 : 16;
dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen -
ssl->transform_in->fixed_ivlen );
dec_msglen -= 16;
dec_msglen -= taglen;
dec_msg = ssl->in_msg;
dec_msg_result = ssl->in_msg;
ssl->in_msglen = dec_msglen;
@ -1445,67 +1349,39 @@ static int ssl_decrypt_buf( ssl_context *ssl )
SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec,
ssl->transform_in->ivlen );
SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, 16 );
SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, taglen );
/*
* Decrypt
* Decrypt and authenticate
*/
if( ( ret = cipher_set_iv( &ssl->transform_in->cipher_ctx_dec,
ssl->transform_in->iv_dec,
ssl->transform_in->ivlen ) ) != 0 ||
( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec ) ) != 0 )
if( ( ret = cipher_auth_decrypt( &ssl->transform_in->cipher_ctx_dec,
ssl->transform_in->iv_dec,
ssl->transform_in->ivlen,
add_data, 13,
dec_msg, dec_msglen,
dec_msg_result, &olen,
dec_msg + dec_msglen, taglen ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_reset", ret );
SSL_DEBUG_RET( 1, "cipher_auth_decrypt", ret );
if( ret == POLARSSL_ERR_CIPHER_AUTH_FAILED )
return( POLARSSL_ERR_SSL_INVALID_MAC );
return( ret );
}
if( ( ret = cipher_update_ad( &ssl->transform_in->cipher_ctx_dec,
add_data, 13 ) ) != 0 )
if( olen != dec_msglen )
{
SSL_DEBUG_RET( 1, "cipher_update_ad", ret );
return( ret );
}
if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec,
dec_msg, dec_msglen,
dec_msg_result, &olen ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_update", ret );
return( ret );
}
totlen = olen;
if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec,
dec_msg_result + olen, &olen ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_finish", ret );
return( ret );
}
totlen += olen;
if( totlen != dec_msglen )
{
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
SSL_DEBUG_MSG( 1, ( "total decrypted length incorrect %d %d",
dec_msglen, olen ) );
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
/*
* Authenticate
*/
if( ( ret = cipher_check_tag( &ssl->transform_in->cipher_ctx_dec,
dec_msg + dec_msglen, 16 ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_check_tag", ret );
return( POLARSSL_ERR_SSL_INVALID_MAC );
}
}
else
#endif /* POLARSSL_GCM_C */
#endif /* POLARSSL_GCM_C || POLARSSL_CCM_C */
#if defined(POLARSSL_CIPHER_MODE_CBC) && \
( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) )
if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode ==
POLARSSL_MODE_CBC )
if( mode == POLARSSL_MODE_CBC )
{
/*
* Decrypt and check the padding
@ -1560,33 +1436,13 @@ static int ssl_decrypt_buf( ssl_context *ssl )
}
#endif /* POLARSSL_SSL_PROTO_TLS1_1 || POLARSSL_SSL_PROTO_TLS1_2 */
if( ( ret = cipher_reset( &ssl->transform_in->cipher_ctx_dec ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_reset", ret );
return( ret );
}
if( ( ret = cipher_set_iv( &ssl->transform_in->cipher_ctx_dec,
if( ( ret = cipher_crypt( &ssl->transform_in->cipher_ctx_dec,
ssl->transform_in->iv_dec,
ssl->transform_in->ivlen ) ) != 0 )
ssl->transform_in->ivlen,
dec_msg, dec_msglen,
dec_msg_result, &olen ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_set_iv", ret );
return( ret );
}
if( ( ret = cipher_update( &ssl->transform_in->cipher_ctx_dec,
dec_msg, dec_msglen, dec_msg_result,
&olen ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_update", ret );
return( ret );
}
dec_msglen -= olen;
if( ( ret = cipher_finish( &ssl->transform_in->cipher_ctx_dec,
dec_msg_result + olen, &olen ) ) != 0 )
{
SSL_DEBUG_RET( 1, "cipher_finish", ret );
SSL_DEBUG_RET( 1, "cipher_crypt", ret );
return( ret );
}
@ -1697,13 +1553,13 @@ static int ssl_decrypt_buf( ssl_context *ssl )
ssl->in_msg, ssl->in_msglen );
/*
* Always compute the MAC (RFC4346, CBCTIME), except for GCM of course
* Always compute the MAC (RFC4346, CBCTIME), except for AEAD of course
*/
#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) || \
( defined(POLARSSL_CIPHER_MODE_CBC) && \
( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode !=
POLARSSL_MODE_GCM )
if( mode != POLARSSL_MODE_GCM &&
mode != POLARSSL_MODE_CCM )
{
unsigned char tmp[POLARSSL_SSL_MAX_MAC_SIZE];
@ -1784,7 +1640,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )
if( correct == 0 )
return( POLARSSL_ERR_SSL_INVALID_MAC );
}
#endif /* GCM not the only option */
#endif /* AEAD not the only option */
if( ssl->in_msglen == 0 )
{

3
library/version_features.c
View file

@ -366,6 +366,9 @@ const char *features[] = {
#if defined(POLARSSL_CAMELLIA_C)
"POLARSSL_CAMELLIA_C",
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_CCM_C)
"POLARSSL_CCM_C",
#endif /* POLARSSL_CCM_C */
#if defined(POLARSSL_CERTS_C)
"POLARSSL_CERTS_C",
#endif /* POLARSSL_CERTS_C */

29
programs/test/benchmark.c
View file

@ -47,6 +47,7 @@
#include "polarssl/blowfish.h"
#include "polarssl/camellia.h"
#include "polarssl/gcm.h"
#include "polarssl/ccm.h"
#include "polarssl/havege.h"
#include "polarssl/ctr_drbg.h"
#include "polarssl/hmac_drbg.h"
@ -157,14 +158,14 @@ unsigned char buf[BUFSIZE];
typedef struct {
char md4, md5, ripemd160, sha1, sha256, sha512,
arc4, des3, des, aes_cbc, aes_gcm, camellia, blowfish,
arc4, des3, des, aes_cbc, aes_gcm, aes_ccm, camellia, blowfish,
havege, ctr_drbg, hmac_drbg,
rsa, dhm, ecdsa, ecdh;
} todo_list;
#define OPTIONS \
"md4, md5, ripemd160, sha1, sha256, sha512,\n" \
"arc4, des3, des, aes_cbc, aes_gcm, camellia, blowfish,\n" \
"arc4, des3, des, aes_cbc, aes_gcm, aes_ccm, camellia, blowfish,\n" \
"havege, ctr_drbg, hmac_drbg\n" \
"rsa, dhm, ecdsa, ecdh.\n"
@ -205,6 +206,8 @@ int main( int argc, char *argv[] )
todo.aes_cbc = 1;
else if( strcmp( argv[i], "aes_gcm" ) == 0 )
todo.aes_gcm = 1;
else if( strcmp( argv[i], "aes_ccm" ) == 0 )
todo.aes_ccm = 1;
else if( strcmp( argv[i], "camellia" ) == 0 )
todo.camellia = 1;
else if( strcmp( argv[i], "blowfish" ) == 0 )
@ -226,7 +229,7 @@ int main( int argc, char *argv[] )
else
{
printf( "Unrecognized option: %s\n", argv[i] );
printf( "Available options:" OPTIONS );
printf( "Available options: " OPTIONS );
}
}
}
@ -331,6 +334,26 @@ int main( int argc, char *argv[] )
}
}
#endif
#if defined(POLARSSL_CCM_C)
if( todo.aes_ccm )
{
ccm_context ccm;
for( keysize = 128; keysize <= 256; keysize += 64 )
{
snprintf( title, sizeof( title ), "AES-CCM-%d", keysize );
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
ccm_init( &ccm, POLARSSL_CIPHER_ID_AES, tmp, keysize );
TIME_AND_TSC( title,
ccm_encrypt_and_tag( &ccm, BUFSIZE, tmp,
12, NULL, 0, buf, buf, tmp, 16 ) );
ccm_free( &ccm );
}
}
#endif
#endif
#if defined(POLARSSL_CAMELLIA_C) && defined(POLARSSL_CIPHER_MODE_CBC)

8
programs/test/selftest.c
View file

@ -36,6 +36,7 @@
#include "polarssl/ctr_drbg.h"
#include "polarssl/dhm.h"
#include "polarssl/gcm.h"
#include "polarssl/ccm.h"
#include "polarssl/md2.h"
#include "polarssl/md4.h"
#include "polarssl/md5.h"
@ -132,11 +133,16 @@ int main( int argc, char *argv[] )
return( ret );
#endif
#if defined(POLARSSL_GCM_C)
#if defined(POLARSSL_GCM_C) && defined(POLARSSL_AES_C)
if( ( ret = gcm_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(POLARSSL_CCM_C) && defined(POLARSSL_AES_C)
if( ( ret = ccm_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(POLARSSL_BASE64_C)
if( ( ret = base64_self_test( v ) ) != 0 )
return( ret );

2
scripts/generate_errors.pl
View file

@ -33,7 +33,7 @@ my @low_level_modules = ( "AES", "ASN1", "BLOWFISH", "CAMELLIA", "BIGNUM",
"BASE64", "XTEA", "PBKDF2", "OID",
"PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY",
"HMAC_DRBG", "MD2", "MD4", "MD5", "RIPEMD160",
"SHA1", "SHA256", "SHA512", "GCM", "THREADING" );
"SHA1", "SHA256", "SHA512", "GCM", "THREADING", "CCM" );
my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "ECP", "MD", "CIPHER", "SSL",
"PK", "PKCS12", "PKCS5" );

2
tests/CMakeLists.txt
View file

@ -43,10 +43,12 @@ add_test_suite(arc4)
add_test_suite(base64)
add_test_suite(blowfish)
add_test_suite(camellia)
add_test_suite(ccm)
add_test_suite(cipher cipher.aes)
add_test_suite(cipher cipher.arc4)
add_test_suite(cipher cipher.blowfish)
add_test_suite(cipher cipher.camellia)
add_test_suite(cipher cipher.ccm)
add_test_suite(cipher cipher.des)
add_test_suite(cipher cipher.gcm)
add_test_suite(cipher cipher.null)

18
tests/Makefile
View file

@ -34,8 +34,10 @@ APPS = test_suite_aes.ecb test_suite_aes.cbc \
test_suite_aes.cfb test_suite_aes.rest \
test_suite_arc4 \
test_suite_base64 test_suite_blowfish \
test_suite_camellia test_suite_cipher.aes \
test_suite_cipher.arc4 test_suite_cipher.gcm \
test_suite_camellia test_suite_ccm \
test_suite_cipher.aes \
test_suite_cipher.arc4 test_suite_cipher.ccm \
test_suite_cipher.gcm \
test_suite_cipher.blowfish \
test_suite_cipher.camellia \
test_suite_cipher.des test_suite_cipher.null \
@ -94,6 +96,10 @@ test_suite_cipher.arc4.c : suites/test_suite_cipher.function suites/test_suite_c
echo " Generate $@"
scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.arc4
test_suite_cipher.ccm.c : suites/test_suite_cipher.function suites/test_suite_cipher.ccm.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
echo " Generate $@"
scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.ccm
test_suite_cipher.gcm.c : suites/test_suite_cipher.function suites/test_suite_cipher.gcm.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
echo " Generate $@"
scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.gcm
@ -198,6 +204,10 @@ test_suite_camellia: test_suite_camellia.c $(DEP)
echo " CC $@.c"
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
test_suite_ccm: test_suite_ccm.c $(DEP)
echo " CC $@.c"
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
test_suite_cipher.aes: test_suite_cipher.aes.c $(DEP)
echo " CC $@.c"
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
@ -206,6 +216,10 @@ test_suite_cipher.arc4: test_suite_cipher.arc4.c $(DEP)
echo " CC $@.c"
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
test_suite_cipher.ccm: test_suite_cipher.ccm.c $(DEP)
echo " CC $@.c"
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@
test_suite_cipher.gcm: test_suite_cipher.gcm.c $(DEP)
echo " CC $@.c"
$(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@

30
tests/compat.sh
View file

@ -570,11 +570,28 @@ add_polarssl_ciphersuites()
P_CIPHERS="$P_CIPHERS \
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
TLS-ECDHE-ECDSA-WITH-AES-128-CCM \
TLS-ECDHE-ECDSA-WITH-AES-256-CCM \
TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \
"
fi
;;
"RSA")
if [ "$MODE" = "tls1_2" ];
then
P_CIPHERS="$P_CIPHERS \
TLS-RSA-WITH-AES-128-CCM \
TLS-RSA-WITH-AES-256-CCM \
TLS-DHE-RSA-WITH-AES-128-CCM \
TLS-DHE-RSA-WITH-AES-256-CCM \
TLS-RSA-WITH-AES-128-CCM-8 \
TLS-RSA-WITH-AES-256-CCM-8 \
TLS-DHE-RSA-WITH-AES-128-CCM-8 \
TLS-DHE-RSA-WITH-AES-256-CCM-8 \
"
fi
;;
"PSK")
@ -591,6 +608,19 @@ add_polarssl_ciphersuites()
TLS-ECDHE-PSK-WITH-NULL-SHA \
"
fi
if [ "$MODE" = "tls1_2" ];
then
P_CIPHERS="$P_CIPHERS \
TLS-PSK-WITH-AES-128-CCM \
TLS-PSK-WITH-AES-256-CCM \
TLS-DHE-PSK-WITH-AES-128-CCM \
TLS-DHE-PSK-WITH-AES-256-CCM \
TLS-PSK-WITH-AES-128-CCM-8 \
TLS-PSK-WITH-AES-256-CCM-8 \
TLS-DHE-PSK-WITH-AES-128-CCM-8 \
TLS-DHE-PSK-WITH-AES-256-CCM-8 \
"
fi
;;
esac
}

4
tests/ssl-opt.sh
View file

@ -984,12 +984,12 @@ fi
# Tests for keyUsage in leaf certificates, part 1:
# server-side certificate/suite selection
run_test "keyUsage srv #1 (RSA, digitalSignature -> ECDHE-RSA)" \
run_test "keyUsage srv #1 (RSA, digitalSignature -> (EC)DHE-RSA)" \
"$P_SRV key_file=data_files/server2.key \
crt_file=data_files/server2.ku-ds.crt" \
"$P_CLI" \
0 \
-c "Ciphersuite is TLS-ECDHE-RSA-WITH-"
-c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
run_test "keyUsage srv #2 (RSA, keyEncipherment -> RSA)" \

1482
tests/suites/test_suite_ccm.data Normal file
View file

File diff suppressed because it is too large Load diff

176
tests/suites/test_suite_ccm.function Normal file
View file

@ -0,0 +1,176 @@
/* BEGIN_HEADER */
#include <polarssl/ccm.h>
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:POLARSSL_CCM_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:POLARSSL_SELF_TEST:POLARSSL_AES_C */
void ccm_self_test( )
{
TEST_ASSERT( ccm_self_test( 0 ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE */
void ccm_init( int cipher_id, int key_size, int result )
{
ccm_context ctx;
unsigned char key[32];
int ret;
memset( key, 0x2A, sizeof( key ) );
TEST_ASSERT( (unsigned) key_size <= 8 * sizeof( key ) );
ret = ccm_init( &ctx, cipher_id, key, key_size );
TEST_ASSERT( ret == result );
ccm_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_AES_C */
void ccm_lengths( int msg_len, int iv_len, int add_len, int tag_len, int res )
{
ccm_context ctx;
unsigned char key[16];
unsigned char msg[10];
unsigned char iv[14];
unsigned char add[10];
unsigned char out[10];
unsigned char tag[18];
int decrypt_ret;
memset( key, 0, sizeof( key ) );
memset( msg, 0, sizeof( msg ) );
memset( iv, 0, sizeof( iv ) );
memset( add, 0, sizeof( add ) );
memset( out, 0, sizeof( out ) );
memset( tag, 0, sizeof( tag ) );
TEST_ASSERT( ccm_init( &ctx, POLARSSL_CIPHER_ID_AES,
key, 8 * sizeof( key ) ) == 0 );
TEST_ASSERT( ccm_encrypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len,
msg, out, tag, tag_len ) == res );
decrypt_ret = ccm_auth_decrypt( &ctx, msg_len, iv, iv_len, add, add_len,
msg, out, tag, tag_len );
if( res == 0 )
TEST_ASSERT( decrypt_ret == POLARSSL_ERR_CCM_AUTH_FAILED );
else
TEST_ASSERT( decrypt_ret == res );
ccm_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE */
void ccm_encrypt_and_tag( int cipher_id,
char *key_hex, char *msg_hex,
char *iv_hex, char *add_hex,
char *result_hex )
{
unsigned char key[32];
unsigned char msg[50];
unsigned char iv[13];
unsigned char add[32];
unsigned char result[50];
ccm_context ctx;
size_t key_len, msg_len, iv_len, add_len, tag_len, result_len;
memset( key, 0x00, sizeof( key ) );
memset( msg, 0x00, sizeof( msg ) );
memset( iv, 0x00, sizeof( iv ) );
memset( add, 0x00, sizeof( add ) );
memset( result, 0x00, sizeof( result ) );
key_len = unhexify( key, key_hex );
msg_len = unhexify( msg, msg_hex );
iv_len = unhexify( iv, iv_hex );
add_len = unhexify( add, add_hex );
result_len = unhexify( result, result_hex );
tag_len = result_len - msg_len;
TEST_ASSERT( ccm_init( &ctx, cipher_id, key, key_len * 8 ) == 0 );
/* Test with input == output */
TEST_ASSERT( ccm_encrypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len,
msg, msg, msg + msg_len, tag_len ) == 0 );
TEST_ASSERT( memcmp( msg, result, result_len ) == 0 );
/* Check we didn't write past the end */
TEST_ASSERT( msg[result_len] == 0 && msg[result_len + 1] == 0 );
ccm_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE */
void ccm_auth_decrypt( int cipher_id,
char *key_hex, char *msg_hex,
char *iv_hex, char *add_hex,
int tag_len, char *result_hex )
{
unsigned char key[32];
unsigned char msg[50];
unsigned char iv[13];
unsigned char add[32];
unsigned char tag[16];
unsigned char result[50];
ccm_context ctx;
size_t key_len, msg_len, iv_len, add_len, result_len;
int ret;
memset( key, 0x00, sizeof( key ) );
memset( msg, 0x00, sizeof( msg ) );
memset( iv, 0x00, sizeof( iv ) );
memset( add, 0x00, sizeof( add ) );
memset( tag, 0x00, sizeof( tag ) );
memset( result, 0x00, sizeof( result ) );
key_len = unhexify( key, key_hex );
msg_len = unhexify( msg, msg_hex );
iv_len = unhexify( iv, iv_hex );
add_len = unhexify( add, add_hex );
msg_len -= tag_len;
memcpy( tag, msg + msg_len, tag_len );
if( strcmp( "FAIL", result_hex ) == 0 )
{
ret = POLARSSL_ERR_CCM_AUTH_FAILED;
}
else
{
ret = 0;
result_len = unhexify( result, result_hex );
}
TEST_ASSERT( ccm_init( &ctx, cipher_id, key, key_len * 8 ) == 0 );
/* Test with input == output */
TEST_ASSERT( ccm_auth_decrypt( &ctx, msg_len, iv, iv_len, add, add_len,
msg, msg, msg + msg_len, tag_len ) == ret );
if( ret == 0 )
{
TEST_ASSERT( memcmp( msg, result, result_len ) == 0 );
}
else
{
size_t i;
for( i = 0; i < msg_len; i++ )
TEST_ASSERT( msg[i] == 0 );
}
/* Check we didn't write past the end (where the original tag is) */
TEST_ASSERT( memcmp( msg + msg_len, tag, tag_len ) == 0 );
ccm_free( &ctx );
}
/* END_CASE */

480
tests/suites/test_suite_cipher.ccm.data Normal file
View file

@ -0,0 +1,480 @@
AES-128-CCM test vector NIST #1 (P=0, N=7, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"4ae701103c63deca5b5a3939d7d05992":"5a8aa485c316e9":"":"":"02209f55":""
AES-128-CCM test vector NIST #2 (P=0, N=7, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"4ae701103c63deca5b5a3939d7d05992":"3796cf51b87266":"":"":"9a04c241":"FAIL"
AES-128-CCM test vector NIST #3 (P=0, N=7, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"5a8aa485c316e9":"":"":"75d582db43ce9b13ab4b6f7f14341330":""
AES-128-CCM test vector NIST #4 (P=0, N=7, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"3796cf51b87266":"":"":"3a65e03af37b81d05acc7ec1bc39deb0":"FAIL"
AES-128-CCM test vector NIST #5 (P=0, N=13, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"5a8aa485c316e9403aff859fbb":"":"":"90156f3f":""
AES-128-CCM test vector NIST #6 (P=0, N=13, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"a16a2e741f1cd9717285b6d882":"":"":"88909016":"FAIL"
AES-128-CCM test vector NIST #7 (P=0, N=13, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9403aff859fbb":"":"":"fb04dc5a44c6bb000f2440f5154364b4":""
AES-128-CCM test vector NIST #8 (P=0, N=13, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"a16a2e741f1cd9717285b6d882":"":"":"5447075bf42a59b91f08064738b015ab":"FAIL"
AES-128-CCM test vector NIST #9 (P=24, N=7, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"":"a90e8ea44085ced791b2fdb7fd44b5cf0bd7d27718029bb7":"03e1fa6b":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
AES-128-CCM test vector NIST #10 (P=24, N=7, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"31f8fa25827d48":"":"50aafe0578c115c4a8e126ff7b3ccb64dce8ccaa8ceda69f":"23e5d81c":"FAIL"
AES-128-CCM test vector NIST #11 (P=24, N=7, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9":"":"24ab9eeb0e5508cae80074f1070ee188a637171860881f1f":"2d9a3fbc210595b7b8b1b41523111a8e":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
AES-128-CCM test vector NIST #12 (P=24, N=7, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"31f8fa25827d48":"":"7ebfda6fa5da1dbffd82dc29b875798fbcef8ba0084fbd24":"63af747cc88a001fa94e060290f209c4":"FAIL"
AES-128-CCM test vector NIST #13 (P=24, N=13, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9403aff859fbb":"":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134":"a3e138b9":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
AES-128-CCM test vector NIST #14 (P=24, N=13, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"49004912fdd7269279b1f06a89":"":"118ec53dd1bfbe52d5b9fe5dfebecf2ee674ec983eada654":"091a5ae9":"FAIL"
AES-128-CCM test vector NIST #15 (P=24, N=13, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"6a9a970b9beb2ac1bd4fd62168f8378a":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
AES-128-CCM test vector NIST #16 (P=24, N=13, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"49004912fdd7269279b1f06a89":"":"0c56a503aa2c12e87450d45a7b714db980fd348f327c0065":"a65666144994bad0c8195bcb4ade1337":"FAIL"
AES-128-CCM test vector NIST #17 (P=0, N=7, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"782e4318":""
AES-128-CCM test vector NIST #18 (P=0, N=7, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"a04f270a":"FAIL"
AES-128-CCM test vector NIST #19 (P=0, N=7, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"41b476013f45e4a781f253a6f3b1e530":""
AES-128-CCM test vector NIST #20 (P=0, N=7, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"f9f018fcd125822616083fffebc4c8e6":"FAIL"
AES-128-CCM test vector NIST #21 (P=0, N=13, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"9f69f24f":""
AES-128-CCM test vector NIST #22 (P=0, N=13, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"e17afaa4":"FAIL"
AES-128-CCM test vector NIST #23 (P=0, N=13, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"1859ac36a40a6b28b34266253627797a":""
AES-128-CCM test vector NIST #24 (P=0, N=13, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"edf8b46eb69ac0044116019dec183072":"FAIL"
AES-128-CCM test vector NIST #25 (P=24, N=7, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"6be31860ca271ef448de8f8d8b39346daf4b81d7e92d65b3":"38f125fa":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
AES-128-CCM test vector NIST #26 (P=24, N=7, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"4cc57a9927a6bc401441870d3193bf89ebd163f5c01501c7":"28a66b69":"FAIL"
AES-128-CCM test vector NIST #27 (P=24, N=7, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"b351ab96b2e45515254558d5212673ee6c776d42dbca3b51":"2cf3a20b7fd7c49e6e79bef475c2906f":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
AES-128-CCM test vector NIST #28 (P=24, N=7, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"df1a5285caa41b4bb47f6e5ceceba4e82721828d68427a30":"81d18ca149d6766bfaccec88f194eb5b":"FAIL"
AES-128-CCM test vector NIST #29 (P=24, N=13, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"934f893824e880f743d196b22d1f340a52608155087bd28a":"c25e5329":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
AES-128-CCM test vector NIST #30 (P=24, N=13, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"f43ba9d834ad85dfab3f1c0c27c3441fe4e411a38a261a65":"59b3b3ee":"FAIL"
AES-128-CCM test vector NIST #31 (P=24, N=13, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"26511fb51fcfa75cb4b44da75a6e5a0e":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"50038b5fdd364ee747b70d00bd36840ece4ea19998123375":"c0a458bfcafa3b2609afe0f825cbf503":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
AES-128-CCM test vector NIST #32 (P=24, N=13, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_128_CCM:"26511fb51fcfa75cb4b44da75a6e5a0e":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"78ed8ff6b5a1255d0fbd0a719a9c27b059ff5f83d0c4962c":"390042ba8bb5f6798dab01c5afad7306":"FAIL"
AES-192-CCM test vector NIST #1 (P=0, N=7, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"5a8aa485c316e9":"":"":"9d4b7f3b":""
AES-192-CCM test vector NIST #2 (P=0, N=7, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"3796cf51b87266":"":"":"80745de9":"FAIL"
AES-192-CCM test vector NIST #3 (P=0, N=7, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"5a8aa485c316e9":"":"":"17223038fa99d53681ca1beabe78d1b4":""
AES-192-CCM test vector NIST #4 (P=0, N=7, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"3796cf51b87266":"":"":"d0e1eeef4d2a264536bb1c2c1bde7c35":"FAIL"
AES-192-CCM test vector NIST #5 (P=0, N=13, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"5a8aa485c316e9403aff859fbb":"":"":"fe69ed84":""
AES-192-CCM test vector NIST #6 (P=0, N=13, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"a16a2e741f1cd9717285b6d882":"":"":"db7ffc82":"FAIL"
AES-192-CCM test vector NIST #7 (P=0, N=13, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"5a8aa485c316e9403aff859fbb":"":"":"0c66a8e547ed4f8c2c9a9a1eb5d455b9":""
AES-192-CCM test vector NIST #8 (P=0, N=13, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"a16a2e741f1cd9717285b6d882":"":"":"38757b3a61a4dc97ca3ab88bf1240695":"FAIL"
AES-192-CCM test vector NIST #9 (P=24, N=7, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"5a8aa485c316e9":"":"411986d04d6463100bff03f7d0bde7ea2c3488784378138c":"ddc93a54":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
AES-192-CCM test vector NIST #10 (P=24, N=7, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"31f8fa25827d48":"":"32b649ab56162e55d4148a1292d6a225a988eb1308298273":"b6889036":"FAIL"
AES-192-CCM test vector NIST #11 (P=24, N=7, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"5a8aa485c316e9":"":"cba4b4aeb85f0492fd8d905c4a6d8233139833373ef188a8":"c5a5ebecf7ac8607fe412189e83d9d20":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
AES-192-CCM test vector NIST #12 (P=24, N=7, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"31f8fa25827d48":"":"ca62713728b5c9d652504b0ae8fd4fee5d297ee6a8d19cb6":"e699f15f14d34dcaf9ba8ed4b877c97d":"FAIL"
AES-192-CCM test vector NIST #13 (P=24, N=13, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"5a8aa485c316e9403aff859fbb":"":"042653c674ef2a90f7fb11d30848e530ae59478f1051633a":"34fad277":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
AES-192-CCM test vector NIST #14 (P=24, N=13, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"49004912fdd7269279b1f06a89":"":"1902d9769a7ba3d3268e1257395c8c2e5f98eef295dcbfa5":"a35df775":"FAIL"
AES-192-CCM test vector NIST #15 (P=24, N=13, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9403aff859fbb":"":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671e":"a7ade30a07d185692ab0ebdf4c78cf7a":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
AES-192-CCM test vector NIST #16 (P=24, N=13, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"49004912fdd7269279b1f06a89":"":"9a98617fb97a0dfe466be692272dcdaec1c5443a3b51312e":"f042c86363cc05afb98c66e16be8a445":"FAIL"
AES-192-CCM test vector NIST #17 (P=0, N=7, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"1d089a5f":""
AES-192-CCM test vector NIST #18 (P=0, N=7, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"2f46022a":"FAIL"
AES-192-CCM test vector NIST #19 (P=0, N=7, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"5280a2137fee3deefcfe9b63a1199fb3":""
AES-192-CCM test vector NIST #20 (P=0, N=7, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"d40a7318c5f2d82f838c0beeefe0d598":"FAIL"
AES-192-CCM test vector NIST #21 (P=0, N=13, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"5e0eaebd":""
AES-192-CCM test vector NIST #22 (P=0, N=13, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"71b7fc33":"FAIL"
AES-192-CCM test vector NIST #23 (P=0, N=13, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"d07ccf9fdc3d33aa94cda3d230da707c":""
AES-192-CCM test vector NIST #24 (P=0, N=13, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"65fe32b649dc328c9f531584897e85b3":"FAIL"
AES-192-CCM test vector NIST #25 (P=24, N=7, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"9f6ca4af9b159148c889a6584d1183ea26e2614874b05045":"75dea8d1":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
AES-192-CCM test vector NIST #26 (P=24, N=7, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"84d8212e9cfc2121252baa3b065b1edcf50497b9594db1eb":"d7965825":"FAIL"
AES-192-CCM test vector NIST #27 (P=24, N=7, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"6aab64c4787599d8f213446beadb16e08dba60e97f56dbd1":"4d1d980d6fe0fb44b421992662b97975":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
AES-192-CCM test vector NIST #28 (P=24, N=7, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"4980b2ee49b1aaf393175f5ab9bae95ec7904557dfa20660":"3c51d36c826f01384100886198a7f6a3":"FAIL"
AES-192-CCM test vector NIST #29 (P=24, N=13, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"16e543d0e20615ff0df15acd9927ddfe40668a54bb854ccc":"c25e9fce":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
AES-192-CCM test vector NIST #30 (P=24, N=13, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"df35b109caf690656ae278bbd8f8bba687a2ce11b105dae9":"8ecedb3e":"FAIL"
AES-192-CCM test vector NIST #31 (P=24, N=13, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"c5b0b2ef17498c5570eb335df4588032958ba3d69bf6f317":"8464a6f7fa2b76744e8e8d95691cecb8":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
AES-192-CCM test vector NIST #32 (P=24, N=13, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_192_CCM:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"d1f0518929f4ae2f0543de2a7dfe4bb0110bb3057e524a1c":"06bd6dc2e6bcc3436cffb969ae900388":"FAIL"
AES-256-CCM test vector NIST #1 (P=0, N=7, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"a544218dadd3c1":"":"":"469c90bb":""
AES-256-CCM test vector NIST #2 (P=0, N=7, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"d3d5424e20fbec":"":"":"46a908ed":"FAIL"
AES-256-CCM test vector NIST #3 (P=0, N=7, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"a544218dadd3c1":"":"":"8207eb14d33855a52acceed17dbcbf6e":""
AES-256-CCM test vector NIST #4 (P=0, N=7, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"d3d5424e20fbec":"":"":"60f8e127cb4d30db6df0622158cd931d":"FAIL"
AES-256-CCM test vector NIST #5 (P=0, N=13, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"a544218dadd3c10583db49cf39":"":"":"8a19a133":""
AES-256-CCM test vector NIST #6 (P=0, N=13, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"3c0e2815d37d844f7ac240ba9d":"":"":"2e317f1b":"FAIL"
AES-256-CCM test vector NIST #7 (P=0, N=13, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"a544218dadd3c10583db49cf39":"":"":"97e1a8dd4259ccd2e431e057b0397fcf":""
AES-256-CCM test vector NIST #8 (P=0, N=13, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"3c0e2815d37d844f7ac240ba9d":"":"":"5a9596c511ea6a8671adefc4f2157d8b":"FAIL"
AES-256-CCM test vector NIST #9 (P=24, N=7, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"a544218dadd3c1":"":"64a1341679972dc5869fcf69b19d5c5ea50aa0b5e985f5b7":"22aa8d59":"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
AES-256-CCM test vector NIST #10 (P=24, N=7, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"bfcda8b5a2d0d2":"":"c5b7f802bffc498c1626e3774f1d9f94045dfd8e1a10a202":"77d00a75":"FAIL"
AES-256-CCM test vector NIST #11 (P=24, N=7, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c1":"":"bc51c3925a960e7732533e4ef3a4f69ee6826de952bcb0fd":"374f3bb6db8377ebfc79674858c4f305":"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
AES-256-CCM test vector NIST #12 (P=24, N=7, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bfcda8b5a2d0d2":"":"afa1fa8e8a70e26b02161150556d604101fdf423f332c336":"3275f2a4907d51b734fe7238cebbd48f":"FAIL"
AES-256-CCM test vector NIST #13 (P=24, N=13, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c10583db49cf39":"":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f412":"3d14fb3f":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
AES-256-CCM test vector NIST #14 (P=24, N=13, A=0, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"894dcaa61008eb8fb052c60d41":"":"bb5425b3869b76856ec58e39886fb6f6f2ac13fe44cb132d":"8d0c0099":"FAIL"
AES-256-CCM test vector NIST #15 (P=24, N=13, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"a544218dadd3c10583db49cf39":"":"f0050ad16392021a3f40207bed3521fb1e9f808f49830c42":"3a578d179902f912f9ea1afbce1120b3":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
AES-256-CCM test vector NIST #16 (P=24, N=13, A=0, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"894dcaa61008eb8fb052c60d41":"":"c408190d0fbf5034f83b24a8ed9657331a7ce141de4fae76":"9084607b83bd06e6442eac8dacf583cc":"FAIL"
AES-256-CCM test vector NIST #17 (P=0, N=7, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"":"92d00fbe":""
AES-256-CCM test vector NIST #18 (P=0, N=7, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":"":"9143e5c4":"FAIL"
AES-256-CCM test vector NIST #19 (P=0, N=7, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"":"93af11a08379eb37a16aa2837f09d69d":""
AES-256-CCM test vector NIST #20 (P=0, N=7, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":"":"d19b0c14ec686a7961ca7c386d125a65":"FAIL"
AES-256-CCM test vector NIST #21 (P=0, N=13, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"":"866d4227":""
AES-256-CCM test vector NIST #22 (P=0, N=13, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":"":"94cb1127":"FAIL"
AES-256-CCM test vector NIST #23 (P=0, N=13, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"":"867b0d87cf6e0f718200a97b4f6d5ad5":""
AES-256-CCM test vector NIST #24 (P=0, N=13, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":"":"677a040d46ee3f2b7838273bdad14f16":"FAIL"
AES-256-CCM test vector NIST #25 (P=24, N=7, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"c2fe12658139f5d0dd22cadf2e901695b579302a72fc5608":"3ebc7720":"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
AES-256-CCM test vector NIST #26 (P=24, N=7, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":"94748ba81229e53c38583a8564b23ebbafc6f6efdf4c2a81":"c44db2c9":"FAIL"
AES-256-CCM test vector NIST #27 (P=24, N=7, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"3341168eb8c48468c414347fb08f71d2086f7c2d1bd581ce":"1ac68bd42f5ec7fa7e068cc0ecd79c2a":"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
AES-256-CCM test vector NIST #28 (P=24, N=7, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":"d543acda712b898cbb27b8f598b2e4438ce587a836e27851":"47c3338a2400809e739b63ba8227d2f9":"FAIL"
AES-256-CCM test vector NIST #29 (P=24, N=13, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"c0ea400b599561e7905b99262b4565d5c3dc49fad84d7c69":"ef891339":"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
AES-256-CCM test vector NIST #30 (P=24, N=13, A=32, T=4)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":"60871e03ea0eb968536c99f926ea24ef43d41272ad9fb7f6":"3d488623":"FAIL"
AES-256-CCM test vector NIST #31 (P=24, N=13, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"8d34cdca37ce77be68f65baf3382e31efa693e63f914a781":"367f30f2eaad8c063ca50795acd90203":"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
AES-256-CCM test vector NIST #32 (P=24, N=13, A=32, T=16)
depends_on:POLARSSL_AES_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_AES_256_CCM:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":"516c0095cc3d85fd55e48da17c592e0c7014b9daafb82bdc":"4b41096dfdbe9cc1ab610f8f3e038d16":"FAIL"
Camellia-CCM test vector RFC 5528 #1
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"0001020304050607":"BA737185E719310492F38A5F1251DA55FAFBC949848A0D":"FCAECE746B3DB9AD":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E"
Camellia-CCM test vector RFC 5528 #2
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000004030201A0A1A2A3A4A5":"0001020304050607":"5D2564BF8EAFE1D99526EC016D1BF0424CFBD2CD62848F33":"60B2295DF24283E8":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
Camellia-CCM test vector RFC 5528 #3
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000005040302A0A1A2A3A4A5":"0001020304050607":"81F663D6C7787817F9203608B982AD15DC2BBD87D756F79204":"F551D6682F23AA46":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20"
Camellia-CCM test vector RFC 5528 #4
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000006050403A0A1A2A3A4A5":"000102030405060708090A0B":"CAEF1E827211B08F7BD90F08C77288C070A4A0":"8B3A933A63E497A0":"0C0D0E0F101112131415161718191A1B1C1D1E"
Camellia-CCM test vector RFC 5528 #5
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000007060504A0A1A2A3A4A5":"000102030405060708090A0B":"2AD3BAD94FC52E92BE438E827C1023B96A8A7725":"8FA17BA7F331DB09":"0C0D0E0F101112131415161718191A1B1C1D1E1F"
Camellia-CCM test vector RFC 5528 #6
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000008070605A0A1A2A3A4A5":"000102030405060708090A0B":"FEA5480BA53FA8D3C34422AACE4DE67FFA3BB73BAB":"AB36A1EE4FE0FE28":"0C0D0E0F101112131415161718191A1B1C1D1E1F20"
Camellia-CCM test vector RFC 5528 #7
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000009080706A0A1A2A3A4A5":"0001020304050607":"54532026E54C119A8D36D9EC6E1ED97416C8708C4B5C2C":"ACAFA3BCCF7A4EBF9573":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E"
Camellia-CCM test vector RFC 5528 #8
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000A090807A0A1A2A3A4A5":"0001020304050607":"8AD19B001A87D148F4D92BEF34525CCCE3A63C6512A6F575":"7388E4913EF14701F441":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
Camellia-CCM test vector RFC 5528 #9
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000B0A0908A0A1A2A3A4A5":"0001020304050607":"5DB08D62407E6E31D60F9CA2C60474219AC0BE50C0D4A57787":"94D6E230CD25C9FEBF87":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20"
Camellia-CCM test vector RFC 5528 #10
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000C0B0A09A0A1A2A3A4A5":"000102030405060708090A0B":"DB118CCEC1B8761C877CD8963A67D6F3BBBC5C":"D09299EB11F312F23237":"0C0D0E0F101112131415161718191A1B1C1D1E"
Camellia-CCM test vector RFC 5528 #11
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000D0C0B0AA0A1A2A3A4A5":"000102030405060708090A0B":"7CC83D8DC49103525B483DC5CA7EA9AB812B7056":"079DAFFADA16CCCF2C4E":"0C0D0E0F101112131415161718191A1B1C1D1E1F"
Camellia-CCM test vector RFC 5528 #12
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000E0D0C0BA0A1A2A3A4A5":"000102030405060708090A0B":"2CD35B8820D23E7AA351B0E92FC79367238B2CC748":"CBB94C2947793D64AF75":"0C0D0E0F101112131415161718191A1B1C1D1E1F20"
Camellia-CCM test vector RFC 5528 #13
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00A970110E1927B160B6A31C1C":"6B7F464507FAE496":"A435D727348DDD22907F7EB8F5FDBB4D939DA6524DB4F6":"4558C02D25B127EE":"C6B5F3E6CA2311AEF7472B203E735EA561ADB17D56C5A3"
Camellia-CCM test vector RFC 5528 #14
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"0083CD8CE0CB42B160B6A31C1C":"986605B43DF15DE7":"8AE052508FBECA932E346F05E0DC0DFBCF939EAFFA3E587C":"867D6E1C48703806":"01F6CE6764C574483BB02E6BBF1E0ABD26A22572B4D80EE7"
Camellia-CCM test vector RFC 5528 #15
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"005F54950B18F2B160B6A31C1C":"48F2E7E1A7671A51":"08B67EE21C8BF26E473E408599E9C0836D6AF0BB18DF55466C":"A80878A790476DE5":"CDF1D8406FC2E9014953897005FBFB8BA57276F92404608E08"
Camellia-CCM test vector RFC 5528 #16
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00EC600863319AB160B6A31C1C":"DE97DF3B8CBD6D8E5030DA4C":"63B78B4967B19EDBB733CD1114F64EB2260893":"68C354828D950CC5":"B005DCFA0B59181426A961685A993D8C43185B"
Camellia-CCM test vector RFC 5528 #17
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"0060CFF1A31EA1B160B6A31C1C":"A5EE93E457DF05466E782DCF":"0BC6BBE2A8B909F4629EE6DC148DA44410E18AF4":"3147383276F66A9F":"2E20211298105F129D5ED95B93F72D30B2FACCD7"
Camellia-CCM test vector RFC 5528 #18
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"000F85CD995C97B160B6A31C1C":"24AA1BF9A5CD876182A25074":"222AD632FA31D6AF970C345F7E77CA3BD0DC25B340":"A1A3D31F8D4B44B7":"2645941E75632D3491AF0FC0C9876C3BE4AA7468C9"
Camellia-CCM test vector RFC 5528 #19
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00C29B2CAAC4CDB160B6A31C1C":"691946B9CA07BE87":"05B8E1B9C49CFD56CF130AA6251DC2ECC06CCC508FE697":"A0066D57C84BEC182768":"070135A6437C9DB120CD61D8F6C39C3EA125FD95A0D23D"
Camellia-CCM test vector RFC 5528 #20
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"002C6B7595EE62B160B6A31C1C":"D0C54ECB84627DC4":"54CEB968DEE23611575EC003DFAA1CD48849BDF5AE2EDB6B":"7FA775B150ED4383C5A9":"C8C0880E6C636E20093DD6594217D2E18877DB264E71A5CC"
Camellia-CCM test vector RFC 5528 #21
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00C53CD4C2AA24B160B6A31C1C":"E285E0E4808CDA3D":"B1404546BF667210CA28E309B39BD6CA7E9FC8285FE698D43C":"D20A02E0BDCAED2010D3":"F75DAA0710C4E64297794DC2B7D2A20757B1AA4E448002FFAB"
Camellia-CCM test vector RFC 5528 #22
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00BEE9267FBADCB160B6A31C1C":"6CAEF9941141570D7C813405":"94C8959C11569A297831A721005857AB61B87A":"2DEA0936B6EB5F625F5D":"C238822FAC5F98FF929405B0AD127A4E41854E"
Camellia-CCM test vector RFC 5528 #23
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00DFA8B1245007B160B6A31C1C":"36A52CF16B19A2037AB7011E":"5869E3AAD2447C74E0FC05F9A4EA74577F4DE8CA":"8924764296AD04119CE7":"4DBF3E774AD245E5D5891F9D1C32A0AE022C85D7"
Camellia-CCM test vector RFC 5528 #24
depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CCM_C
auth_crypt_tv:POLARSSL_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"003B8FD8D3A937B160B6A31C1C":"A4D499F78419728C19178B0C":"4B198156393B0F7796086AAFB454F8C3F034CCA966":"945F1FCEA7E11BEE6A2F":"9DC9EDAE2FF5DF8636E8C6DE0EED55F7867E33337D"

86
tests/suites/test_suite_cipher.function
View file

@ -411,6 +411,92 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
}
/* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_CIPHER_MODE_AEAD */
void auth_crypt_tv( int cipher_id, char *hex_key, char *hex_iv,
char *hex_ad, char *hex_cipher,
char *hex_tag, char *hex_clear )
{
int ret;
unsigned char key[50];
unsigned char iv[50];
unsigned char cipher[200];
unsigned char clear[200];
unsigned char ad[200];
unsigned char tag[20];
unsigned char my_tag[20];
size_t key_len, iv_len, cipher_len, clear_len, ad_len, tag_len;
cipher_context_t ctx;
unsigned char output[200];
size_t outlen;
memset( key, 0x00, sizeof( key ) );
memset( iv, 0x00, sizeof( iv ) );
memset( cipher, 0x00, sizeof( cipher ) );
memset( clear, 0x00, sizeof( clear ) );
memset( ad, 0x00, sizeof( ad ) );
memset( tag, 0x00, sizeof( tag ) );
memset( my_tag, 0xFF, sizeof( my_tag ) );
memset( output, 0xFF, sizeof( output ) );
key_len = unhexify( key, hex_key );
iv_len = unhexify( iv, hex_iv );
cipher_len = unhexify( cipher, hex_cipher );
ad_len = unhexify( ad, hex_ad );
tag_len = unhexify( tag, hex_tag );
/* Prepare context */
TEST_ASSERT( 0 == cipher_init_ctx( &ctx,
cipher_info_from_type( cipher_id ) ) );
TEST_ASSERT( 0 == cipher_setkey( &ctx, key, 8 * key_len, POLARSSL_DECRYPT ) );
/* decode buffer and check tag */
ret = cipher_auth_decrypt( &ctx, iv, iv_len, ad, ad_len,
cipher, cipher_len, output, &outlen,
tag, tag_len );
/* make sure we didn't overwrite */
TEST_ASSERT( output[outlen + 0] == 0xFF );
TEST_ASSERT( output[outlen + 1] == 0xFF );
/* make sure the message is rejected if it should be */
if( strcmp( hex_clear, "FAIL" ) == 0 )
{
TEST_ASSERT( ret == POLARSSL_ERR_CIPHER_AUTH_FAILED );
goto cleanup;
}
/* otherwise, make sure it was decrypted properly */
TEST_ASSERT( ret == 0 );
clear_len = unhexify( clear, hex_clear );
TEST_ASSERT( outlen == clear_len );
TEST_ASSERT( memcmp( output, clear, clear_len ) == 0 );
/* then encrypt the clear and make sure we get the same ciphertext and tag */
memset( output, 0xFF, sizeof( output ) );
outlen = 0;
ret = cipher_auth_encrypt( &ctx, iv, iv_len, ad, ad_len,
clear, clear_len, output, &outlen,
my_tag, tag_len );
TEST_ASSERT( ret == 0 );
TEST_ASSERT( outlen == clear_len );
TEST_ASSERT( memcmp( output, cipher, clear_len ) == 0 );
TEST_ASSERT( memcmp( my_tag, tag, tag_len ) == 0 );
/* make sure we didn't overwrite */
TEST_ASSERT( output[outlen + 0] == 0xFF );
TEST_ASSERT( output[outlen + 1] == 0xFF );
TEST_ASSERT( my_tag[tag_len + 0] == 0xFF );
TEST_ASSERT( my_tag[tag_len + 1] == 0xFF );
cleanup:
cipher_free_ctx( &ctx );
}
/* END_CASE */
/* BEGIN_CASE */
void test_vec_ecb( int cipher_id, int operation, char *hex_key,
char *hex_input, char *hex_result,

2
visualc/VS2010/PolarSSL.vcxproj
View file

@ -152,6 +152,7 @@
<ClInclude Include="..\..\include\polarssl\blowfish.h" />
<ClInclude Include="..\..\include\polarssl\bn_mul.h" />
<ClInclude Include="..\..\include\polarssl\camellia.h" />
<ClInclude Include="..\..\include\polarssl\ccm.h" />
<ClInclude Include="..\..\include\polarssl\certs.h" />
<ClInclude Include="..\..\include\polarssl\check_config.h" />
<ClInclude Include="..\..\include\polarssl\cipher.h" />
@ -217,6 +218,7 @@
<ClCompile Include="..\..\library\bignum.c" />
<ClCompile Include="..\..\library\blowfish.c" />
<ClCompile Include="..\..\library\camellia.c" />
<ClCompile Include="..\..\library\ccm.c" />
<ClCompile Include="..\..\library\certs.c" />
<ClCompile Include="..\..\library\cipher.c" />
<ClCompile Include="..\..\library\cipher_wrap.c" />

8
visualc/VS6/polarssl.dsp
View file

@ -121,6 +121,10 @@ SOURCE=..\..\library\camellia.c
# End Source File
# Begin Source File
SOURCE=..\..\library\ccm.c
# End Source File
# Begin Source File
SOURCE=..\..\library\certs.c
# End Source File
# Begin Source File
@ -397,6 +401,10 @@ SOURCE=..\..\include\polarssl\camellia.h
# End Source File
# Begin Source File
SOURCE=..\..\include\polarssl\ccm.h
# End Source File
# Begin Source File
SOURCE=..\..\include\polarssl\certs.h
# End Source File
# Begin Source File