Improve testing of EAX to show issue #3.

ctz · Apr 16, 2016 · 851e813 · 851e813
1 parent d613361
commit 851e813
Showing 1 changed file with 102 additions and 26 deletions.
diff --git a/src/testmodes.c b/src/testmodes.c
@@ -140,60 +140,136 @@ static void test_ctr(void)
   TEST_CHECK(memcmp(test_nonce, ctr.nonce, 16) == 0);
 }
 
-static void test_eax(void)
+static void check_eax(const void *key, size_t nkey,
+                      const void *msg, size_t nmsg,
+                      const void *nonce, size_t nnonce,
+                      const void *header, size_t nheader,
+                      const void *expect_cipher,
+                      const void *expect_tag, size_t ntag)
 {
-  uint8_t cipher[2], tag[16];
-
-  /*
-   * MSG: F7FB
-   * KEY: 91945D3F4DCBEE0BF45EF52255F095A4
-   * NONCE: BECAF043B0A23D843194BA972C66DEBD
-   * HEADER: FA3BFD4806EB53FA
-   * CIPHER: 19DD5C4C9331049D0BDAB0277408F67967E5
-   */
+  uint8_t cipher[32];
+  uint8_t tag[16];
 
-  const void *key = "\x91\x94\x5d\x3f\x4d\xcb\xee\x0b\xf4\x5e\xf5\x22\x55\xf0\x95\xa4";
-  const void *nonce = "\xbe\xca\xf0\x43\xb0\xa2\x3d\x84\x31\x94\xba\x97\x2c\x66\xde\xbd";
-  size_t nnonce = 16;
-  const void *header = "\xfa\x3b\xfd\x48\x06\xeb\x53\xfa";
-  size_t nheader = 8;
-  const void *msg = "\xf7\xfb";
-  size_t nmsg = 2;
+  assert(nmsg <= sizeof cipher);
+  assert(ntag <= ntag);
 
   cf_aes_context aes;
-  cf_aes_init(&aes, key, 16);
+  cf_aes_init(&aes, key, nkey);
 
   cf_eax_encrypt(&cf_aes, &aes,
                  msg, nmsg,
                  header, nheader,
                  nonce, nnonce,
                  cipher,
-                 tag, sizeof tag);
+                 tag, ntag);
 
-  TEST_CHECK(memcmp("\x19\xdd", cipher, 2) == 0);
-  TEST_CHECK(memcmp("\x5c\x4c\x93\x31\x04\x9d\x0b\xda\xb0\x27\x74\x08\xf6\x79\x67\xe5", tag, sizeof tag) == 0);
+  TEST_CHECK(memcmp(expect_cipher, cipher, nmsg) == 0);
+  TEST_CHECK(memcmp(expect_tag, tag, ntag) == 0);
 
   int rc;
-  uint8_t tmp[2];
+  uint8_t tmp[sizeof cipher];
   rc = cf_eax_decrypt(&cf_aes, &aes,
-                      cipher, sizeof cipher,
+                      cipher, nmsg,
                       header, nheader,
                       nonce, nnonce,
-                      tag, sizeof tag,
+                      tag, ntag,
                       tmp);
   TEST_CHECK(rc == 0);
   TEST_CHECK(memcmp(tmp, msg, nmsg) == 0);
 
   tag[0] ^= 0xff;
   rc = cf_eax_decrypt(&cf_aes, &aes,
-                      cipher, sizeof cipher,
+                      cipher, nmsg,
                       header, nheader,
                       nonce, nnonce,
-                      tag, sizeof tag,
+                      tag, ntag,
                       tmp);
   TEST_CHECK(rc == 1);
 }
 
+static void test_eax(void)
+{
+  /* Test vectors from paper. */
+  check_eax("\x23\x39\x52\xDE\xE4\xD5\xED\x5F\x9B\x9C\x6D\x6F\xF8\x0F\xF4\x78", 16,
+            "", 0,
+            "\x62\xEC\x67\xF9\xC3\xA4\xA4\x07\xFC\xB2\xA8\xC4\x90\x31\xA8\xB3", 16,
+            "\x6B\xFB\x91\x4F\xD0\x7E\xAE\x6B", 8,
+            "",
+            "\xE0\x37\x83\x0E\x83\x89\xF2\x7B\x02\x5A\x2D\x65\x27\xE7\x9D\x01", 16);
+
+  check_eax("\x91\x94\x5D\x3F\x4D\xCB\xEE\x0B\xF4\x5E\xF5\x22\x55\xF0\x95\xA4", 16,
+            "\xF7\xFB", 2,
+            "\xBE\xCA\xF0\x43\xB0\xA2\x3D\x84\x31\x94\xBA\x97\x2C\x66\xDE\xBD", 16,
+            "\xFA\x3B\xFD\x48\x06\xEB\x53\xFA", 8,
+            "\x19\xDD",
+            "\x5C\x4C\x93\x31\x04\x9D\x0B\xDA\xB0\x27\x74\x08\xF6\x79\x67\xE5", 16);
+
+  check_eax("\x01\xF7\x4A\xD6\x40\x77\xF2\xE7\x04\xC0\xF6\x0A\xDA\x3D\xD5\x23", 16,
+            "\x1A\x47\xCB\x49\x33", 5,
+            "\x70\xC3\xDB\x4F\x0D\x26\x36\x84\x00\xA1\x0E\xD0\x5D\x2B\xFF\x5E", 16,
+            "\x23\x4A\x34\x63\xC1\x26\x4A\xC6", 8,
+            "\xD8\x51\xD5\xBA\xE0",
+            "\x3A\x59\xF2\x38\xA2\x3E\x39\x19\x9D\xC9\x26\x66\x26\xC4\x0F\x80", 16);
+
+  check_eax("\xD0\x7C\xF6\xCB\xB7\xF3\x13\xBD\xDE\x66\xB7\x27\xAF\xD3\xC5\xE8", 16,
+            "\x48\x1C\x9E\x39\xB1", 5,
+            "\x84\x08\xDF\xFF\x3C\x1A\x2B\x12\x92\xDC\x19\x9E\x46\xB7\xD6\x17", 16,
+            "\x33\xCC\xE2\xEA\xBF\xF5\xA7\x9D", 8,
+            "\x63\x2A\x9D\x13\x1A",
+            "\xD4\xC1\x68\xA4\x22\x5D\x8E\x1F\xF7\x55\x93\x99\x74\xA7\xBE\xDE", 16);
+
+  check_eax("\x35\xB6\xD0\x58\x00\x05\xBB\xC1\x2B\x05\x87\x12\x45\x57\xD2\xC2", 16,
+            "\x40\xD0\xC0\x7D\xA5\xE4", 6,
+            "\xFD\xB6\xB0\x66\x76\xEE\xDC\x5C\x61\xD7\x42\x76\xE1\xF8\xE8\x16", 16,
+            "\xAE\xB9\x6E\xAE\xBE\x29\x70\xE9", 8,
+            "\x07\x1D\xFE\x16\xC6\x75",
+            "\xCB\x06\x77\xE5\x36\xF7\x3A\xFE\x6A\x14\xB7\x4E\xE4\x98\x44\xDD", 16);
+
+  check_eax("\xBD\x8E\x6E\x11\x47\x5E\x60\xB2\x68\x78\x4C\x38\xC6\x2F\xEB\x22", 16,
+            "\x4D\xE3\xB3\x5C\x3F\xC0\x39\x24\x5B\xD1\xFB\x7D", 12,
+            "\x6E\xAC\x5C\x93\x07\x2D\x8E\x85\x13\xF7\x50\x93\x5E\x46\xDA\x1B", 16,
+            "\xD4\x48\x2D\x1C\xA7\x8D\xCE\x0F", 8,
+            "\x83\x5B\xB4\xF1\x5D\x74\x3E\x35\x0E\x72\x84\x14",
+            "\xAB\xB8\x64\x4F\xD6\xCC\xB8\x69\x47\xC5\xE1\x05\x90\x21\x0A\x4F", 16);
+
+  check_eax("\x7C\x77\xD6\xE8\x13\xBE\xD5\xAC\x98\xBA\xA4\x17\x47\x7A\x2E\x7D", 16,
+            "\x8B\x0A\x79\x30\x6C\x9C\xE7\xED\x99\xDA\xE4\xF8\x7F\x8D\xD6\x16\x36", 17,
+            "\x1A\x8C\x98\xDC\xD7\x3D\x38\x39\x3B\x2B\xF1\x56\x9D\xEE\xFC\x19", 16,
+            "\x65\xD2\x01\x79\x90\xD6\x25\x28", 8,
+            "\x02\x08\x3E\x39\x79\xDA\x01\x48\x12\xF5\x9F\x11\xD5\x26\x30\xDA\x30",
+            "\x13\x73\x27\xD1\x06\x49\xB0\xAA\x6E\x1C\x18\x1D\xB6\x17\xD7\xF2", 16);
+
+  check_eax("\x5F\xFF\x20\xCA\xFA\xB1\x19\xCA\x2F\xC7\x35\x49\xE2\x0F\x5B\x0D", 16,
+            "\x1B\xDA\x12\x2B\xCE\x8A\x8D\xBA\xF1\x87\x7D\x96\x2B\x85\x92\xDD\x2D\x56", 18,
+            "\xDD\xE5\x9B\x97\xD7\x22\x15\x6D\x4D\x9A\xFF\x2B\xC7\x55\x98\x26", 16,
+            "\x54\xB9\xF0\x4E\x6A\x09\x18\x9A", 8,
+            "\x2E\xC4\x7B\x2C\x49\x54\xA4\x89\xAF\xC7\xBA\x48\x97\xED\xCD\xAE\x8C\xC3",
+            "\x3B\x60\x45\x05\x99\xBD\x02\xC9\x63\x82\x90\x2A\xEF\x7F\x83\x2A", 16);
+
+  check_eax("\xA4\xA4\x78\x2B\xCF\xFD\x3E\xC5\xE7\xEF\x6D\x8C\x34\xA5\x61\x23", 16,
+            "\x6C\xF3\x67\x20\x87\x2B\x85\x13\xF6\xEA\xB1\xA8\xA4\x44\x38\xD5\xEF\x11", 18,
+            "\xB7\x81\xFC\xF2\xF7\x5F\xA5\xA8\xDE\x97\xA9\xCA\x48\xE5\x22\xEC", 16,
+            "\x89\x9A\x17\x58\x97\x56\x1D\x7E", 8,
+            "\x0D\xE1\x8F\xD0\xFD\xD9\x1E\x7A\xF1\x9F\x1D\x8E\xE8\x73\x39\x38\xB1\xE8",
+            "\xE7\xF6\xD2\x23\x16\x18\x10\x2F\xDB\x7F\xE5\x5F\xF1\x99\x17\x00", 16);
+
+  check_eax("\x83\x95\xFC\xF1\xE9\x5B\xEB\xD6\x97\xBD\x01\x0B\xC7\x66\xAA\xC3", 16,
+            "\xCA\x40\xD7\x44\x6E\x54\x5F\xFA\xED\x3B\xD1\x2A\x74\x0A\x65\x9F\xFB\xBB\x3C\xEA\xB7", 21,
+            "\x22\xE7\xAD\xD9\x3C\xFC\x63\x93\xC5\x7E\xC0\xB3\xC1\x7D\x6B\x44", 16,
+            "\x12\x67\x35\xFC\xC3\x20\xD2\x5A", 8,
+            "\xCB\x89\x20\xF8\x7A\x6C\x75\xCF\xF3\x96\x27\xB5\x6E\x3E\xD1\x97\xC5\x52\xD2\x95\xA7",
+            "\xCF\xC4\x6A\xFC\x25\x3B\x46\x52\xB1\xAF\x37\x95\xB1\x24\xAB\x6E", 16);
+
+  /* Test vector from bug #3 */
+  check_eax("\x58\x94\x17\xB0\x32\x4B\x1B\x71\xD7\xA6\x75\x18\x52\x86\x7A\xE8", 16,
+            "\x00\x00\x1C\x40\x00\x00\x00\x48\x00\x00\x00\x73", 12,
+            "\x00\x01\x00\x00\xF6\x83", 6,
+            "", 0,
+            "\xD5\xD8\x99\x79\xAE\x79\xEB\xEE\x4E\x38\x5F\xA5",
+            "\x0E\xFB\x21\xFA\xD7\x14\xA2\x5B\x44\x14\x5F\x79\x22\x1A\x2C\x9A", 16);
+
+}
+
 static void check_cmac(const void *key, size_t nkey,
                        const void *msg, size_t nmsg,
                        const void *wanttag, size_t ntag)