diff --git a/makefiles/pseudomodules.inc.mk b/makefiles/pseudomodules.inc.mk index 0f8b37cf5d..6fb6e46843 100644 --- a/makefiles/pseudomodules.inc.mk +++ b/makefiles/pseudomodules.inc.mk @@ -306,6 +306,9 @@ PSEUDOMODULES += skald_eddystone # define optimized read function of DS18 driver as a pseudo module PSEUDOMODULES += ds18_optimized +PSEUDOMODULES += crypto_aes_128 +PSEUDOMODULES += crypto_aes_192 +PSEUDOMODULES += crypto_aes_256 # By using this pseudomodule, T tables will be precalculated. PSEUDOMODULES += crypto_aes_precalculated # This pseudomodule causes a loop in AES to be unrolled (more flash, less CPU) diff --git a/pkg/openwsn/contrib/cryptoengine.c b/pkg/openwsn/contrib/cryptoengine.c index 1ef8ffc6bf..996f6a2e21 100644 --- a/pkg/openwsn/contrib/cryptoengine.c +++ b/pkg/openwsn/contrib/cryptoengine.c @@ -38,7 +38,7 @@ owerror_t cryptoengine_aes_ccms_enc(uint8_t *a, uint8_t len_a, uint8_t *m, int ret, len; uint8_t tmp_buff[MAX_MESSAGE_LEN + CCM_MAC_MAX_LEN]; - ret = cipher_init(&cipher, CIPHER_AES_128, key, CCM_BLOCK_SIZE); + ret = cipher_init(&cipher, CIPHER_AES, key, CCM_BLOCK_SIZE); if (ret != 1) { return E_FAIL; @@ -64,7 +64,7 @@ owerror_t cryptoengine_aes_ccms_dec(uint8_t *a, uint8_t len_a, uint8_t *m, int ret, len; uint8_t tmp_buff[MAX_MESSAGE_LEN]; - ret = cipher_init(&cipher, CIPHER_AES_128, key, CCM_BLOCK_SIZE); + ret = cipher_init(&cipher, CIPHER_AES, key, CCM_BLOCK_SIZE); if (ret != 1) { return E_FAIL; @@ -88,7 +88,7 @@ owerror_t cryptoengine_aes_ecb_enc(uint8_t *buffer, uint8_t *key) cipher_t cipher; int ret, len; - ret = cipher_init(&cipher, CIPHER_AES_128, key, CCM_BLOCK_SIZE); + ret = cipher_init(&cipher, CIPHER_AES, key, CCM_BLOCK_SIZE); if (ret != 1) { return E_FAIL; diff --git a/pkg/semtech-loramac/Makefile.dep b/pkg/semtech-loramac/Makefile.dep index 16eb716643..bce0c7875d 100644 --- a/pkg/semtech-loramac/Makefile.dep +++ b/pkg/semtech-loramac/Makefile.dep @@ -1,6 +1,6 @@ USEMODULE += random USEMODULE += hashes -USEMODULE += crypto_aes +USEMODULE += crypto_aes_128 USEMODULE += semtech_loramac_contrib USEMODULE += semtech_loramac_mac diff --git a/sys/Makefile.dep b/sys/Makefile.dep index c812b7739f..73b0fa818b 100644 --- a/sys/Makefile.dep +++ b/sys/Makefile.dep @@ -42,17 +42,21 @@ ifneq (,$(filter i2c_scan,$(USEMODULE))) endif ifneq (,$(filter prng_fortuna,$(USEMODULE))) - USEMODULE += crypto_aes -endif - -ifneq (,$(filter crypto_aes_%,$(USEMODULE))) - USEMODULE += crypto_aes + USEMODULE += crypto_aes_128 endif ifneq (,$(filter crypto_%,$(USEMODULE))) USEMODULE += crypto endif +ifneq (,$(filter cipher_modes,$(USEMODULE))) + USEMODULE += crypto +endif + +ifneq (,$(filter crypto,$(USEMODULE))) + DEFAULT_MODULE += crypto_aes_128 +endif + ifneq (,$(filter sys_bus_%,$(USEMODULE))) USEMODULE += sys_bus USEMODULE += core_msg_bus @@ -60,7 +64,7 @@ endif ifneq (,$(filter ieee802154_security,$(USEMODULE))) USEMODULE += crypto - USEMODULE += crypto_aes + USEMODULE += crypto_aes_128 USEMODULE += cipher_modes endif diff --git a/sys/crypto/Kconfig b/sys/crypto/Kconfig index fa070b10c1..24cf354ed0 100644 --- a/sys/crypto/Kconfig +++ b/sys/crypto/Kconfig @@ -19,7 +19,7 @@ choice The common Crypto block ciphers API has multiple implementations. Choose one of the following. -config MODULE_CRYPTO_AES +config CRYPTO_AES bool "AES" select MODULE_CRYPTO @@ -30,7 +30,17 @@ config MODULE_CRYPTO_3DES endchoice menu "Crypto AES options" -depends on MODULE_CRYPTO_AES +depends on CRYPTO_AES + +config MODULE_CRYPTO_AES_128 + bool "AES-128" + default y + +config MODULE_CRYPTO_AES_192 + bool "AES-192" + +config MODULE_CRYPTO_AES_256 + bool "AES-256" config MODULE_CRYPTO_AES_PRECALCULATED bool "Pre-calculate T tables" diff --git a/sys/crypto/aes.c b/sys/crypto/aes.c index a6a229df83..776b6cc192 100644 --- a/sys/crypto/aes.c +++ b/sys/crypto/aes.c @@ -39,6 +39,28 @@ #include #include "crypto/aes.h" #include "crypto/ciphers.h" +#include "kernel_defines.h" + +#if !IS_USED(MODULE_CRYPTO_AES_128) && !IS_USED(MODULE_CRYPTO_AES_192) && \ + !IS_USED(MODULE_CRYPTO_AES_256) + #error "sys/crypto/aes: No aes module used." +#endif + +/** + * @brief AES key size used + */ +#if IS_USED(MODULE_CRYPTO_AES_128) && !IS_USED(MODULE_CRYPTO_AES_192) && \ + !IS_USED(MODULE_CRYPTO_AES_256) +# define AES_KEY_SIZE(ctx) AES_KEY_SIZE_128 +#elif !IS_USED(MODULE_CRYPTO_AES_128) && IS_USED(MODULE_CRYPTO_AES_192) && \ + !IS_USED(MODULE_CRYPTO_AES_256) +# define AES_KEY_SIZE(ctx) AES_KEY_SIZE_192 +#elif !IS_USED(MODULE_CRYPTO_AES_128) && !IS_USED(MODULE_CRYPTO_AES_192) && \ + IS_USED(MODULE_CRYPTO_AES_256) +# define AES_KEY_SIZE(ctx) AES_KEY_SIZE_256 +#else +# define AES_KEY_SIZE(ctx) ctx->key_size +#endif /** * Interface to the aes cipher @@ -49,7 +71,9 @@ static const cipher_interface_t aes_interface = { aes_encrypt, aes_decrypt }; + const cipher_id_t CIPHER_AES_128 = &aes_interface; +const cipher_id_t CIPHER_AES = &aes_interface; static const u32 Te0[256] = { 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, @@ -794,19 +818,26 @@ static const u32 rcon[] = { 0x1B000000, 0x36000000, }; - int aes_init(cipher_context_t *context, const uint8_t *key, uint8_t keySize) { uint8_t i; - /* This implementation only supports a single key size (defined in AES_KEY_SIZE) */ - if (keySize != AES_KEY_SIZE) { + if (keySize != AES_KEY_SIZE_128 && keySize != AES_KEY_SIZE_192 && + keySize != AES_KEY_SIZE_256) { return CIPHER_ERR_INVALID_KEY_SIZE; } + if ((keySize == AES_KEY_SIZE_128 && !IS_USED(MODULE_CRYPTO_AES_128)) || + (keySize == AES_KEY_SIZE_192 && !IS_USED(MODULE_CRYPTO_AES_192)) || + (keySize == AES_KEY_SIZE_256 && !IS_USED(MODULE_CRYPTO_AES_256))) { + return CIPHER_ERR_INVALID_KEY_SIZE; + } + + context->key_size = keySize; + /* Make sure that context is large enough. If this is not the case, you should build with -DAES */ - if (CIPHER_MAX_CONTEXT_SIZE < AES_KEY_SIZE) { + if (CIPHER_MAX_CONTEXT_SIZE < keySize) { return CIPHER_ERR_BAD_CONTEXT_SIZE; } @@ -1036,13 +1067,14 @@ int aes_encrypt(const cipher_context_t *context, const uint8_t *plainBlock, const AES_KEY *key = &aeskey; res = aes_set_encrypt_key((unsigned char *)context->context, - AES_KEY_SIZE * 8, &aeskey); + AES_KEY_SIZE(context) * 8, &aeskey); if (res < 0) { return res; } const u32 *rk; u32 s0, s1, s2, s3, t0, t1, t2, t3; + #ifndef MODULE_CRYPTO_AES_UNROLL int r; #endif /* ?MODULE_CRYPTO_AES_UNROLL */ @@ -1304,7 +1336,7 @@ int aes_decrypt(const cipher_context_t *context, const uint8_t *cipherBlock, const AES_KEY *key = &aeskey; res = aes_set_decrypt_key((unsigned char *)context->context, - AES_KEY_SIZE * 8, &aeskey); + AES_KEY_SIZE(context) * 8, &aeskey); if (res < 0) { return res; @@ -1312,6 +1344,7 @@ int aes_decrypt(const cipher_context_t *context, const uint8_t *cipherBlock, const u32 *rk; u32 s0, s1, s2, s3, t0, t1, t2, t3; + #ifndef MODULE_CRYPTO_AES_UNROLL int r; #endif /* ?MODULE_CRYPTO_AES_UNROLL */ diff --git a/sys/crypto/doc.txt b/sys/crypto/doc.txt index 959de84633..e6e861ce80 100644 --- a/sys/crypto/doc.txt +++ b/sys/crypto/doc.txt @@ -16,12 +16,11 @@ * @section ciphers Ciphers * * RIOT supports the following block ciphers: - * * AES-128 - * * 3DES (deprecated) + * * AES-128, AES-192, AES-256 * * NULL * - * You can use them directly by adding `crypto_aes` or `crypto_3des` to your - * USEMODULE-List. + * You can use them directly by adding `crypto_aes_128`, `crypto_aes_192` or + * `crypto_aes_256` to your USEMODULE-List. * While you can use the ciphers functions directly, you should resort to * the generic API for block ciphers whenever possible. * @@ -37,7 +36,7 @@ * plain_text[AES_BLOCK_SIZE] = {0}, * cipher_text[AES_BLOCK_SIZE] = {0}; * - * if (cipher_init(&cipher, CIPHER_AES_128, key, AES_KEY_SIZE) < 0) + * if (cipher_init(&cipher, CIPHER_AES, key, AES_KEY_SIZE) < 0) * printf("Cipher init failed!\n"); * * if (cipher_encrypt(&cipher, plain_text, cipher_text) < 0) diff --git a/sys/hashes/cmac.c b/sys/hashes/cmac.c index 698d0925d7..27cc57975c 100644 --- a/sys/hashes/cmac.c +++ b/sys/hashes/cmac.c @@ -49,7 +49,7 @@ int cmac_init(cmac_context_t *ctx, const uint8_t *key, uint8_t key_size) } memset(ctx, 0, sizeof(cmac_context_t)); - return cipher_init(&(ctx->aes_ctx), CIPHER_AES_128, key, key_size); + return cipher_init(&(ctx->aes_ctx), CIPHER_AES, key, key_size); } void cmac_update(cmac_context_t *ctx, const void *data, size_t len) diff --git a/sys/include/crypto/aes.h b/sys/include/crypto/aes.h index 5a57d33f75..2055dbb76a 100644 --- a/sys/include/crypto/aes.h +++ b/sys/include/crypto/aes.h @@ -13,6 +13,14 @@ * @file * @brief Headers for the implementation of the AES cipher-algorithm * + * The default key size is 128 bits. To use a different key size add + * USEMODULE += crypto_aes_192 and/or USEMODULE += crypto_aes_256 to + * your Makefile. + * + * If only one key size is needed and that key size is not 128 bits, the 128 bit + * key size can be disabled with DISABLE_MODULE += crypto_aes_128 as an + * optimization. + * * @author Freie Universitaet Berlin, Computer Systems & Telematics * @author Nicolai Schmittberger * @author Fabrice Bellard @@ -46,20 +54,26 @@ typedef uint8_t u8; #define AES_MAXNR 14 #define AES_BLOCK_SIZE 16 -#define AES_KEY_SIZE 16 + +/** + * @name AES key sizes + * @{ + */ +#define AES_KEY_SIZE_128 16 +#define AES_KEY_SIZE_192 24 +#define AES_KEY_SIZE_256 32 +/** @} */ /** * @brief AES key * @see cipher_context_t */ -struct aes_key_st { +typedef struct aes_key_st { /** @cond INTERNAL */ uint32_t rd_key[4 * (AES_MAXNR + 1)]; int rounds; /** @endcond */ -}; - -typedef struct aes_key_st AES_KEY; +} AES_KEY; /** * @brief the cipher_context_t-struct adapted for AES diff --git a/sys/include/crypto/ciphers.h b/sys/include/crypto/ciphers.h index d66e7a54e4..b34e529672 100644 --- a/sys/include/crypto/ciphers.h +++ b/sys/include/crypto/ciphers.h @@ -23,6 +23,7 @@ #define CRYPTO_CIPHERS_H #include +#include "kernel_defines.h" #ifdef __cplusplus extern "C" { @@ -30,8 +31,19 @@ extern "C" { /* Shared header file for all cipher algorithms */ -/** @brief the length of keys in bytes */ -#define CIPHERS_MAX_KEY_SIZE 20 +/** @brief the length of keys in bytes + * + * As of now AES is the only cipher which supports different key sizes. + * Here we optimize the CIPHERS_MAX_KEY_SIZE to always have the smallest possible + * value based on which AES key sizes are used. + */ +#if IS_USED(MODULE_CRYPTO_AES_256) + #define CIPHERS_MAX_KEY_SIZE 32 +#elif IS_USED(MODULE_CRYPTO_AES_192) + #define CIPHERS_MAX_KEY_SIZE 24 +#else + #define CIPHERS_MAX_KEY_SIZE 16 +#endif #define CIPHER_MAX_BLOCK_SIZE 16 /** @@ -43,7 +55,8 @@ extern "C" { */ #if defined(MODULE_CRYPTO_3DES) #define CIPHER_MAX_CONTEXT_SIZE 24 -#elif defined(MODULE_CRYPTO_AES) +#elif IS_USED(MODULE_CRYPTO_AES_256) || IS_USED(MODULE_CRYPTO_AES_192) || \ + IS_USED(MODULE_CRYPTO_AES_128) #define CIPHER_MAX_CONTEXT_SIZE CIPHERS_MAX_KEY_SIZE #else /* 0 is not a possibility because 0-sized arrays are not allowed in ISO C */ @@ -56,7 +69,8 @@ extern "C" { #define CIPHER_ERR_INVALID_LENGTH -4 #define CIPHER_ERR_ENC_FAILED -5 #define CIPHER_ERR_DEC_FAILED -6 -/** Is returned by the cipher_init functions, if the corresponding alogirithm has not been included in the build */ +/** Is returned by the cipher_init functions, if the corresponding algorithm + * has not been included in the build */ #define CIPHER_ERR_BAD_CONTEXT_SIZE 0 /** Returned by cipher_init upon successful initialization of a cipher. */ #define CIPHER_INIT_SUCCESS 1 @@ -65,7 +79,8 @@ extern "C" { * @brief the context for cipher-operations */ typedef struct { - uint8_t context[CIPHER_MAX_CONTEXT_SIZE]; /**< buffer for cipher operations */ + uint8_t key_size; /**< key size used */ + uint8_t context[CIPHER_MAX_CONTEXT_SIZE]; /**< buffer for cipher operations */ } cipher_context_t; @@ -96,8 +111,18 @@ typedef struct cipher_interface_st { typedef const cipher_interface_t *cipher_id_t; +/** + * @brief AES_128 cipher id + * + * @deprecated Use @ref CIPHER_AES instead. Will be removed after 2021.07 + * release. + */ extern const cipher_id_t CIPHER_AES_128; +/** + * @brief AES cipher id + */ +extern const cipher_id_t CIPHER_AES; /** * @brief basic struct for using block ciphers diff --git a/sys/net/gnrc/Makefile.dep b/sys/net/gnrc/Makefile.dep index 52d2cbecf5..8d76b02003 100644 --- a/sys/net/gnrc/Makefile.dep +++ b/sys/net/gnrc/Makefile.dep @@ -28,7 +28,7 @@ ifneq (,$(filter gnrc_lorawan,$(USEMODULE))) USEMODULE += xtimer USEMODULE += random USEMODULE += hashes - USEMODULE += crypto_aes + USEMODULE += crypto_aes_128 USEMODULE += netdev_layer USEMODULE += gnrc_nettype_lorawan endif diff --git a/sys/net/gnrc/link_layer/lorawan/gnrc_lorawan_crypto.c b/sys/net/gnrc/link_layer/lorawan/gnrc_lorawan_crypto.c index 4eb439f4eb..7cc67af245 100644 --- a/sys/net/gnrc/link_layer/lorawan/gnrc_lorawan_crypto.c +++ b/sys/net/gnrc/link_layer/lorawan/gnrc_lorawan_crypto.c @@ -95,7 +95,7 @@ void gnrc_lorawan_encrypt_payload(iolist_t *iolist, const le_uint32_t *dev_addr, lorawan_block_t *block = (lorawan_block_t *)a_block; - cipher_init(&AesContext, CIPHER_AES_128, appskey, LORAMAC_APPKEY_LEN); + cipher_init(&AesContext, CIPHER_AES, appskey, LORAMAC_APPKEY_LEN); block->fb = CRYPT_B0_START; @@ -127,7 +127,7 @@ void gnrc_lorawan_encrypt_payload(iolist_t *iolist, const le_uint32_t *dev_addr, void gnrc_lorawan_decrypt_join_accept(const uint8_t *key, uint8_t *pkt, int has_clist, uint8_t *out) { - cipher_init(&AesContext, CIPHER_AES_128, key, LORAMAC_APPKEY_LEN); + cipher_init(&AesContext, CIPHER_AES, key, LORAMAC_APPKEY_LEN); cipher_encrypt(&AesContext, pkt, out); if (has_clist) { @@ -145,7 +145,7 @@ void gnrc_lorawan_generate_session_keys(const uint8_t *app_nonce, memset(buf, 0, sizeof(buf)); - cipher_init(&AesContext, CIPHER_AES_128, appkey, LORAMAC_APPSKEY_LEN); + cipher_init(&AesContext, CIPHER_AES, appkey, LORAMAC_APPSKEY_LEN); /* net_id comes right after app_nonce */ memcpy(buf + 1, app_nonce, diff --git a/sys/net/link_layer/ieee802154/security.c b/sys/net/link_layer/ieee802154/security.c index 63eedd9fc6..56cacd1177 100644 --- a/sys/net/link_layer/ieee802154/security.c +++ b/sys/net/link_layer/ieee802154/security.c @@ -390,7 +390,7 @@ void ieee802154_sec_init(ieee802154_sec_context_t *ctx) uint8_t key[] = IEEE802154_DEFAULT_KEY; assert(CIPHER_MAX_CONTEXT_SIZE >= IEEE802154_SEC_KEY_LENGTH); - cipher_init(&ctx->cipher, CIPHER_AES_128, key, IEEE802154_SEC_KEY_LENGTH); + cipher_init(&ctx->cipher, CIPHER_AES, key, IEEE802154_SEC_KEY_LENGTH); } int ieee802154_sec_encrypt_frame(ieee802154_sec_context_t *ctx, diff --git a/tests/sys_crypto/Makefile b/tests/sys_crypto/Makefile index 0389e162a0..fc2892f7f9 100644 --- a/tests/sys_crypto/Makefile +++ b/tests/sys_crypto/Makefile @@ -4,5 +4,8 @@ USEMODULE += embunit USEMODULE += crypto_3des USEMODULE += cipher_modes +USEMODULE += crypto_aes_128 +USEMODULE += crypto_aes_192 +USEMODULE += crypto_aes_256 include $(RIOTBASE)/Makefile.include diff --git a/tests/sys_crypto/main.c b/tests/sys_crypto/main.c index 9cf320889e..1ab7debf17 100644 --- a/tests/sys_crypto/main.c +++ b/tests/sys_crypto/main.c @@ -19,6 +19,9 @@ int main(void) TESTS_RUN(tests_crypto_aes_tests()); TESTS_RUN(tests_crypto_cipher_tests()); TESTS_RUN(tests_crypto_modes_ccm_tests()); + TESTS_RUN(tests_crypto_modes_ccm_tests_128()); + TESTS_RUN(tests_crypto_modes_ccm_tests_192()); + TESTS_RUN(tests_crypto_modes_ccm_tests_256()); TESTS_RUN(tests_crypto_modes_ocb_tests()); TESTS_RUN(tests_crypto_modes_ecb_tests()); TESTS_RUN(tests_crypto_modes_cbc_tests()); diff --git a/tests/sys_crypto/tests-crypto-aes.c b/tests/sys_crypto/tests-crypto-aes.c index f7b3e23d6d..fb67fed73c 100644 --- a/tests/sys_crypto/tests-crypto-aes.c +++ b/tests/sys_crypto/tests-crypto-aes.c @@ -91,27 +91,12 @@ static void test_crypto_aes_init_key_length(void) cipher_context_t ctx; int err; - /* A keylength of 192 bit is not supported by the current implementation */ - uint8_t unsupported_key_1[24]; - + /* A keylength of 64 bit is not supported by AES */ + uint8_t unsupported_key_1[8]; memset(unsupported_key_1, 0, sizeof(unsupported_key_1)); - /* A keylength of 256 bit is not supported by the current implementation */ - uint8_t unsupported_key_2[32]; - memset(unsupported_key_2, 0, sizeof(unsupported_key_2)); - - /* A keylength of 64 bit is not supported by AES */ - uint8_t unsupported_key_3[8]; - memset(unsupported_key_3, 0, sizeof(unsupported_key_3)); - err = aes_init(&ctx, unsupported_key_1, sizeof(unsupported_key_1)); TEST_ASSERT_EQUAL_INT(CIPHER_ERR_INVALID_KEY_SIZE, err); - - err = aes_init(&ctx, unsupported_key_2, sizeof(unsupported_key_2)); - TEST_ASSERT_EQUAL_INT(CIPHER_ERR_INVALID_KEY_SIZE, err); - - err = aes_init(&ctx, unsupported_key_3, sizeof(unsupported_key_3)); - TEST_ASSERT_EQUAL_INT(CIPHER_ERR_INVALID_KEY_SIZE, err); } Test *tests_crypto_aes_tests(void) diff --git a/tests/sys_crypto/tests-crypto-cipher.c b/tests/sys_crypto/tests-crypto-cipher.c index 7337bc364a..0eeeecf01c 100644 --- a/tests/sys_crypto/tests-crypto-cipher.c +++ b/tests/sys_crypto/tests-crypto-cipher.c @@ -34,7 +34,7 @@ static void test_crypto_cipher_aes_encrypt(void) int err, cmp; uint8_t data[16] = { 0 }; - err = cipher_init(&cipher, CIPHER_AES_128, TEST_KEY, 16); + err = cipher_init(&cipher, CIPHER_AES, TEST_KEY, 16); TEST_ASSERT_EQUAL_INT(1, err); err = cipher_encrypt(&cipher, TEST_INP, data); @@ -50,7 +50,7 @@ static void test_crypto_cipher_aes_decrypt(void) int err, cmp; uint8_t data[16]; - err = cipher_init(&cipher, CIPHER_AES_128, TEST_KEY, 16); + err = cipher_init(&cipher, CIPHER_AES, TEST_KEY, 16); TEST_ASSERT_EQUAL_INT(1, err); err = cipher_decrypt(&cipher, TEST_ENC_AES, data); @@ -65,33 +65,14 @@ static void test_crypto_cipher_init_aes_key_length(void) cipher_t cipher; int err; - /* A keylength of 192 bit is not supported by the current implementation */ - uint8_t unsupported_key_1[24]; - + /* A keylength of 64 bit is not supported by AES */ + uint8_t unsupported_key_1[8]; memset(unsupported_key_1, 0, sizeof(unsupported_key_1)); - /* A keylength of 256 bit is not supported by the current implementation */ - uint8_t unsupported_key_2[32]; - memset(unsupported_key_2, 0, sizeof(unsupported_key_2)); - - /* A keylength of 64 bit is not supported by AES */ - uint8_t unsupported_key_3[8]; - memset(unsupported_key_3, 0, sizeof(unsupported_key_3)); - err = - cipher_init(&cipher, CIPHER_AES_128, unsupported_key_1, + cipher_init(&cipher, CIPHER_AES, unsupported_key_1, sizeof(unsupported_key_1)); TEST_ASSERT_EQUAL_INT(CIPHER_ERR_INVALID_KEY_SIZE, err); - - err = - cipher_init(&cipher, CIPHER_AES_128, unsupported_key_2, - sizeof(unsupported_key_2)); - TEST_ASSERT_EQUAL_INT(CIPHER_ERR_INVALID_KEY_SIZE, err); - - err = - cipher_init(&cipher, CIPHER_AES_128, unsupported_key_3, - sizeof(unsupported_key_3)); - TEST_ASSERT_EQUAL_INT(CIPHER_ERR_INVALID_KEY_SIZE, err); } Test *tests_crypto_cipher_tests(void) diff --git a/tests/sys_crypto/tests-crypto-modes-cbc.c b/tests/sys_crypto/tests-crypto-modes-cbc.c index c4c0ef618f..bd3f1e0bd3 100644 --- a/tests/sys_crypto/tests-crypto-modes-cbc.c +++ b/tests/sys_crypto/tests-crypto-modes-cbc.c @@ -32,12 +32,27 @@ static uint8_t TEST_1_KEY[] = { }; static uint8_t TEST_1_KEY_LEN = 16; -static uint8_t TEST_1_IV[16] = { +static uint8_t TEST_2_KEY[] = { + 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, + 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, + 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b +}; +static uint8_t TEST_2_KEY_LEN = 24; + +static uint8_t TEST_3_KEY[] = { + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 +}; +static uint8_t TEST_3_KEY_LEN = 32; + +static uint8_t TEST_IV[16] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; -static uint8_t TEST_1_PLAIN[] = { +static uint8_t TEST_PLAIN[] = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, @@ -47,7 +62,7 @@ static uint8_t TEST_1_PLAIN[] = { 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; -static uint8_t TEST_1_PLAIN_LEN = 64; +static uint8_t TEST_PLAIN_LEN = 64; static uint8_t TEST_1_CIPHER[] = { 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46, @@ -59,9 +74,31 @@ static uint8_t TEST_1_CIPHER[] = { 0x3f, 0xf1, 0xca, 0xa1, 0x68, 0x1f, 0xac, 0x09, 0x12, 0x0e, 0xca, 0x30, 0x75, 0x86, 0xe1, 0xa7 }; -static uint8_t TEST_1_CIPHER_LEN = 64; -static void test_encrypt_op(uint8_t *key, uint8_t key_len, uint8_t iv[16], +static uint8_t TEST_2_CIPHER[] = { + 0x4f, 0x02, 0x1d, 0xb2, 0x43, 0xbc, 0x63, 0x3d, + 0x71, 0x78, 0x18, 0x3a, 0x9f, 0xa0, 0x71, 0xe8, + 0xb4, 0xd9, 0xad, 0xa9, 0xad, 0x7d, 0xed, 0xf4, + 0xe5, 0xe7, 0x38, 0x76, 0x3f, 0x69, 0x14, 0x5a, + 0x57, 0x1b, 0x24, 0x20, 0x12, 0xfb, 0x7a, 0xe0, + 0x7f, 0xa9, 0xba, 0xac, 0x3d, 0xf1, 0x02, 0xe0, + 0x08, 0xb0, 0xe2, 0x79, 0x88, 0x59, 0x88, 0x81, + 0xd9, 0x20, 0xa9, 0xe6, 0x4f, 0x56, 0x15, 0xcd +}; + +static uint8_t TEST_3_CIPHER[] = { + 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba, + 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6, + 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d, + 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d, + 0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf, + 0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61, + 0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc, + 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b +}; +static uint8_t TEST_CIPHER_LEN = 64; + +static void test_encrypt_op_128(uint8_t *key, uint8_t key_len, uint8_t iv[16], uint8_t *input, uint8_t input_len, uint8_t *output, uint8_t output_len) { @@ -69,7 +106,7 @@ static void test_encrypt_op(uint8_t *key, uint8_t key_len, uint8_t iv[16], int len, err, cmp; uint8_t data[64]; - err = cipher_init(&cipher, CIPHER_AES_128, key, key_len); + err = cipher_init(&cipher, CIPHER_AES, key, key_len); TEST_ASSERT_EQUAL_INT(1, err); len = cipher_encrypt_cbc(&cipher, iv, input, input_len, data); @@ -81,7 +118,7 @@ static void test_encrypt_op(uint8_t *key, uint8_t key_len, uint8_t iv[16], } -static void test_decrypt_op(uint8_t *key, uint8_t key_len, uint8_t iv[16], +static void test_encrypt_op_192(uint8_t *key, uint8_t key_len, uint8_t iv[16], uint8_t *input, uint8_t input_len, uint8_t *output, uint8_t output_len) { @@ -89,10 +126,29 @@ static void test_decrypt_op(uint8_t *key, uint8_t key_len, uint8_t iv[16], int len, err, cmp; uint8_t data[64]; - err = cipher_init(&cipher, CIPHER_AES_128, key, key_len); + err = cipher_init(&cipher, CIPHER_AES, key, key_len); TEST_ASSERT_EQUAL_INT(1, err); - len = cipher_decrypt_cbc(&cipher, iv, input, input_len, data); + len = cipher_encrypt_cbc(&cipher, iv, input, input_len, data); + TEST_ASSERT_MESSAGE(len > 0, "Encryption failed"); + + TEST_ASSERT_EQUAL_INT(output_len, len); + cmp = compare(output, data, len); + TEST_ASSERT_MESSAGE(1 == cmp, "wrong ciphertext"); +} + +static void test_encrypt_op_256(uint8_t *key, uint8_t key_len, uint8_t iv[16], + uint8_t *input, uint8_t input_len, uint8_t *output, + uint8_t output_len) +{ + cipher_t cipher; + int len, err, cmp; + uint8_t data[64]; + + err = cipher_init(&cipher, CIPHER_AES, key, key_len); + TEST_ASSERT_EQUAL_INT(1, err); + + len = cipher_encrypt_cbc(&cipher, iv, input, input_len, data); TEST_ASSERT_MESSAGE(len > 0, "Encryption failed"); TEST_ASSERT_EQUAL_INT(output_len, len); @@ -101,16 +157,88 @@ static void test_decrypt_op(uint8_t *key, uint8_t key_len, uint8_t iv[16], } +static void test_decrypt_op_128(uint8_t *key, uint8_t key_len, uint8_t iv[16], + uint8_t *input, uint8_t input_len, uint8_t *output, + uint8_t output_len) +{ + cipher_t cipher; + int len, err, cmp; + uint8_t data[64]; + + err = cipher_init(&cipher, CIPHER_AES, key, key_len); + TEST_ASSERT_EQUAL_INT(1, err); + + len = cipher_decrypt_cbc(&cipher, iv, input, input_len, data); + TEST_ASSERT_MESSAGE(len > 0, "Decryption failed"); + + TEST_ASSERT_EQUAL_INT(output_len, len); + cmp = compare(output, data, len); + TEST_ASSERT_MESSAGE(1 == cmp, "wrong plaintext"); + +} + +static void test_decrypt_op_192(uint8_t *key, uint8_t key_len, uint8_t iv[16], + uint8_t *input, uint8_t input_len, uint8_t *output, + uint8_t output_len) +{ + cipher_t cipher; + int len, err, cmp; + uint8_t data[64]; + + err = cipher_init(&cipher, CIPHER_AES, key, key_len); + TEST_ASSERT_EQUAL_INT(1, err); + + len = cipher_decrypt_cbc(&cipher, iv, input, input_len, data); + TEST_ASSERT_MESSAGE(len > 0, "Decryption failed"); + + TEST_ASSERT_EQUAL_INT(output_len, len); + cmp = compare(output, data, len); + TEST_ASSERT_MESSAGE(1 == cmp, "wrong plaintext"); + +} + +static void test_decrypt_op_256(uint8_t *key, uint8_t key_len, uint8_t iv[16], + uint8_t *input, uint8_t input_len, uint8_t *output, + uint8_t output_len) +{ + cipher_t cipher; + int len, err, cmp; + uint8_t data[64]; + + err = cipher_init(&cipher, CIPHER_AES, key, key_len); + TEST_ASSERT_EQUAL_INT(1, err); + + len = cipher_decrypt_cbc(&cipher, iv, input, input_len, data); + TEST_ASSERT_MESSAGE(len > 0, "Decryption failed"); + + TEST_ASSERT_EQUAL_INT(output_len, len); + cmp = compare(output, data, len); + TEST_ASSERT_MESSAGE(1 == cmp, "wrong plaintext"); + +} + static void test_crypto_modes_cbc_encrypt(void) { - test_encrypt_op(TEST_1_KEY, TEST_1_KEY_LEN, TEST_1_IV, TEST_1_PLAIN, - TEST_1_PLAIN_LEN, TEST_1_CIPHER, TEST_1_CIPHER_LEN); + test_encrypt_op_128(TEST_1_KEY, TEST_1_KEY_LEN, TEST_IV, TEST_PLAIN, + TEST_PLAIN_LEN, TEST_1_CIPHER, TEST_CIPHER_LEN); + + test_encrypt_op_192(TEST_2_KEY, TEST_2_KEY_LEN, TEST_IV, TEST_PLAIN, + TEST_PLAIN_LEN, TEST_2_CIPHER, TEST_CIPHER_LEN); + + test_encrypt_op_256(TEST_3_KEY, TEST_3_KEY_LEN, TEST_IV, TEST_PLAIN, + TEST_PLAIN_LEN, TEST_3_CIPHER, TEST_CIPHER_LEN); } static void test_crypto_modes_cbc_decrypt(void) { - test_decrypt_op(TEST_1_KEY, TEST_1_KEY_LEN, TEST_1_IV, TEST_1_CIPHER, - TEST_1_CIPHER_LEN, TEST_1_PLAIN, TEST_1_PLAIN_LEN); + test_decrypt_op_128(TEST_1_KEY, TEST_1_KEY_LEN, TEST_IV, TEST_1_CIPHER, + TEST_CIPHER_LEN, TEST_PLAIN, TEST_PLAIN_LEN); + + test_decrypt_op_192(TEST_2_KEY, TEST_2_KEY_LEN, TEST_IV, TEST_2_CIPHER, + TEST_CIPHER_LEN, TEST_PLAIN, TEST_PLAIN_LEN); + + test_decrypt_op_256(TEST_3_KEY, TEST_3_KEY_LEN, TEST_IV, TEST_3_CIPHER, + TEST_CIPHER_LEN, TEST_PLAIN, TEST_PLAIN_LEN); } diff --git a/tests/sys_crypto/tests-crypto-modes-ccm.c b/tests/sys_crypto/tests-crypto-modes-ccm.c index ea6be9724b..d623e9fde5 100644 --- a/tests/sys_crypto/tests-crypto-modes-ccm.c +++ b/tests/sys_crypto/tests-crypto-modes-ccm.c @@ -1105,7 +1105,7 @@ static void test_encrypt_op(const uint8_t *key, uint8_t key_len, TEST_ASSERT_MESSAGE(sizeof(data) >= output_expected_len, "Output buffer too small"); - err = cipher_init(&cipher, CIPHER_AES_128, key, key_len); + err = cipher_init(&cipher, CIPHER_AES, key, key_len); TEST_ASSERT_EQUAL_INT(1, err); len = cipher_encrypt_ccm(&cipher, adata, adata_len, @@ -1133,7 +1133,7 @@ static void test_decrypt_op(const uint8_t *key, uint8_t key_len, TEST_ASSERT_MESSAGE(sizeof(data) >= output_expected_len, "Output buffer too small"); - err = cipher_init(&cipher, CIPHER_AES_128, key, key_len); + err = cipher_init(&cipher, CIPHER_AES, key, key_len); TEST_ASSERT_EQUAL_INT(1, err); len = cipher_decrypt_ccm(&cipher, adata, adata_len, @@ -1271,7 +1271,7 @@ static int _test_ccm_len(func_ccm_t func, uint8_t len_encoding, uint8_t nonce_len = nonce_and_len_encoding_size - len_encoding; - cipher_init(&cipher, CIPHER_AES_128, key, 16); + cipher_init(&cipher, CIPHER_AES, key, 16); ret = func(&cipher, NULL, adata_len, mac_length, len_encoding, nonce, nonce_len, input, input_len, data); diff --git a/tests/sys_crypto/tests-crypto-modes-ctr.c b/tests/sys_crypto/tests-crypto-modes-ctr.c index ee506ae8a6..d6c0257326 100644 --- a/tests/sys_crypto/tests-crypto-modes-ctr.c +++ b/tests/sys_crypto/tests-crypto-modes-ctr.c @@ -32,12 +32,27 @@ static uint8_t TEST_1_KEY[] = { }; static uint8_t TEST_1_KEY_LEN = 16; -static uint8_t TEST_1_COUNTER[16] = { +static uint8_t TEST_2_KEY[] = { + 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, + 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, + 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b +}; +static uint8_t TEST_2_KEY_LEN = 24; + +static uint8_t TEST_3_KEY[] = { + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 +}; +static uint8_t TEST_3_KEY_LEN = 32; + +static uint8_t TEST_COUNTER[16] = { 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff }; -static uint8_t TEST_1_PLAIN[] = { +static uint8_t TEST_PLAIN[] = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, @@ -47,7 +62,7 @@ static uint8_t TEST_1_PLAIN[] = { 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; -static uint8_t TEST_1_PLAIN_LEN = 64; +static uint8_t TEST_PLAIN_LEN = 64; static uint8_t TEST_1_CIPHER[] = { 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26, @@ -59,9 +74,31 @@ static uint8_t TEST_1_CIPHER[] = { 0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe, 0x03, 0xd1, 0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee }; -static uint8_t TEST_1_CIPHER_LEN = 64; -static void test_encrypt_op(uint8_t *key, uint8_t key_len, uint8_t ctr[16], +static uint8_t TEST_2_CIPHER[] = { + 0x1a, 0xbc, 0x93, 0x24, 0x17, 0x52, 0x1c, 0xa2, + 0x4f, 0x2b, 0x04, 0x59, 0xfe, 0x7e, 0x6e, 0x0b, + 0x09, 0x03, 0x39, 0xec, 0x0a, 0xa6, 0xfa, 0xef, + 0xd5, 0xcc, 0xc2, 0xc6, 0xf4, 0xce, 0x8e, 0x94, + 0x1e, 0x36, 0xb2, 0x6b, 0xd1, 0xeb, 0xc6, 0x70, + 0xd1, 0xbd, 0x1d, 0x66, 0x56, 0x20, 0xab, 0xf7, + 0x4f, 0x78, 0xa7, 0xf6, 0xd2, 0x98, 0x09, 0x58, + 0x5a, 0x97, 0xda, 0xec, 0x58, 0xc6, 0xb0, 0x50 +}; + +static uint8_t TEST_3_CIPHER[] = { + 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5, + 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28, + 0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a, + 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5, + 0x2b, 0x09, 0x30, 0xda, 0xa2, 0x3d, 0xe9, 0x4c, + 0xe8, 0x70, 0x17, 0xba, 0x2d, 0x84, 0x98, 0x8d, + 0xdf, 0xc9, 0xc5, 0x8d, 0xb6, 0x7a, 0xad, 0xa6, + 0x13, 0xc2, 0xdd, 0x08, 0x45, 0x79, 0x41, 0xa6 +}; +static uint8_t TEST_CIPHER_LEN = 64; + +static void test_encrypt_op_128(uint8_t *key, uint8_t key_len, uint8_t ctr[16], uint8_t *input, uint8_t input_len, uint8_t *output, uint8_t output_len) { @@ -69,7 +106,7 @@ static void test_encrypt_op(uint8_t *key, uint8_t key_len, uint8_t ctr[16], int len, err, cmp; uint8_t data[64]; - err = cipher_init(&cipher, CIPHER_AES_128, key, key_len); + err = cipher_init(&cipher, CIPHER_AES, key, key_len); TEST_ASSERT_EQUAL_INT(1, err); len = cipher_encrypt_ctr(&cipher, ctr, 0, input, input_len, data); @@ -81,7 +118,7 @@ static void test_encrypt_op(uint8_t *key, uint8_t key_len, uint8_t ctr[16], } -static void test_decrypt_op(uint8_t *key, uint8_t key_len, uint8_t ctr[16], +static void test_encrypt_op_192(uint8_t *key, uint8_t key_len, uint8_t ctr[16], uint8_t *input, uint8_t input_len, uint8_t *output, uint8_t output_len) { @@ -89,7 +126,45 @@ static void test_decrypt_op(uint8_t *key, uint8_t key_len, uint8_t ctr[16], int len, err, cmp; uint8_t data[64]; - err = cipher_init(&cipher, CIPHER_AES_128, key, key_len); + err = cipher_init(&cipher, CIPHER_AES, key, key_len); + TEST_ASSERT_EQUAL_INT(1, err); + + len = cipher_encrypt_ctr(&cipher, ctr, 0, input, input_len, data); + TEST_ASSERT_MESSAGE(len > 0, "Encryption failed"); + + TEST_ASSERT_EQUAL_INT(output_len, len); + cmp = compare(output, data, len); + TEST_ASSERT_MESSAGE(1 == cmp, "wrong ciphertext"); +} + +static void test_encrypt_op_256(uint8_t *key, uint8_t key_len, uint8_t ctr[16], + uint8_t *input, uint8_t input_len, uint8_t *output, + uint8_t output_len) +{ + cipher_t cipher; + int len, err, cmp; + uint8_t data[64]; + + err = cipher_init(&cipher, CIPHER_AES, key, key_len); + TEST_ASSERT_EQUAL_INT(1, err); + + len = cipher_encrypt_ctr(&cipher, ctr, 0, input, input_len, data); + TEST_ASSERT_MESSAGE(len > 0, "Encryption failed"); + + TEST_ASSERT_EQUAL_INT(output_len, len); + cmp = compare(output, data, len); + TEST_ASSERT_MESSAGE(1 == cmp, "wrong ciphertext"); +} + +static void test_decrypt_op_128(uint8_t *key, uint8_t key_len, uint8_t ctr[16], + uint8_t *input, uint8_t input_len, uint8_t *output, + uint8_t output_len) +{ + cipher_t cipher; + int len, err, cmp; + uint8_t data[64]; + + err = cipher_init(&cipher, CIPHER_AES, key, key_len); TEST_ASSERT_EQUAL_INT(1, err); len = cipher_decrypt_ctr(&cipher, ctr, 0, input, input_len, data); @@ -98,25 +173,78 @@ static void test_decrypt_op(uint8_t *key, uint8_t key_len, uint8_t ctr[16], TEST_ASSERT_EQUAL_INT(output_len, len); cmp = compare(output, data, len); TEST_ASSERT_MESSAGE(1 == cmp, "wrong ciphertext"); +} +static void test_decrypt_op_192(uint8_t *key, uint8_t key_len, uint8_t ctr[16], + uint8_t *input, uint8_t input_len, uint8_t *output, + uint8_t output_len) +{ + cipher_t cipher; + int len, err, cmp; + uint8_t data[64]; + + err = cipher_init(&cipher, CIPHER_AES, key, key_len); + TEST_ASSERT_EQUAL_INT(1, err); + + len = cipher_decrypt_ctr(&cipher, ctr, 0, input, input_len, data); + TEST_ASSERT_MESSAGE(len > 0, "Encryption failed"); + + TEST_ASSERT_EQUAL_INT(output_len, len); + cmp = compare(output, data, len); + TEST_ASSERT_MESSAGE(1 == cmp, "wrong ciphertext"); +} + +static void test_decrypt_op_256(uint8_t *key, uint8_t key_len, uint8_t ctr[16], + uint8_t *input, uint8_t input_len, uint8_t *output, + uint8_t output_len) +{ + cipher_t cipher; + int len, err, cmp; + uint8_t data[64]; + + err = cipher_init(&cipher, CIPHER_AES, key, key_len); + TEST_ASSERT_EQUAL_INT(1, err); + + len = cipher_decrypt_ctr(&cipher, ctr, 0, input, input_len, data); + TEST_ASSERT_MESSAGE(len > 0, "Encryption failed"); + + TEST_ASSERT_EQUAL_INT(output_len, len); + cmp = compare(output, data, len); + TEST_ASSERT_MESSAGE(1 == cmp, "wrong ciphertext"); } static void test_crypto_modes_ctr_encrypt(void) { uint8_t ctr[16]; - memcpy(ctr, TEST_1_COUNTER, 16); - test_encrypt_op(TEST_1_KEY, TEST_1_KEY_LEN, ctr, TEST_1_PLAIN, - TEST_1_PLAIN_LEN, TEST_1_CIPHER, TEST_1_CIPHER_LEN); + memcpy(ctr, TEST_COUNTER, 16); + test_encrypt_op_128(TEST_1_KEY, TEST_1_KEY_LEN, ctr, TEST_PLAIN, + TEST_PLAIN_LEN, TEST_1_CIPHER, TEST_CIPHER_LEN); + + memcpy(ctr, TEST_COUNTER, 16); + test_encrypt_op_192(TEST_2_KEY, TEST_2_KEY_LEN, ctr, TEST_PLAIN, + TEST_PLAIN_LEN, TEST_2_CIPHER, TEST_CIPHER_LEN); + + memcpy(ctr, TEST_COUNTER, 16); + test_encrypt_op_256(TEST_3_KEY, TEST_3_KEY_LEN, ctr, TEST_PLAIN, + TEST_PLAIN_LEN, TEST_3_CIPHER, TEST_CIPHER_LEN); } static void test_crypto_modes_ctr_decrypt(void) { uint8_t ctr[16]; - memcpy(ctr, TEST_1_COUNTER, 16); - test_decrypt_op(TEST_1_KEY, TEST_1_KEY_LEN, ctr, TEST_1_CIPHER, - TEST_1_CIPHER_LEN, TEST_1_PLAIN, TEST_1_PLAIN_LEN); + memcpy(ctr, TEST_COUNTER, 16); + test_decrypt_op_128(TEST_1_KEY, TEST_1_KEY_LEN, ctr, TEST_1_CIPHER, + TEST_CIPHER_LEN, TEST_PLAIN, TEST_PLAIN_LEN); + + memcpy(ctr, TEST_COUNTER, 16); + test_decrypt_op_192(TEST_2_KEY, TEST_2_KEY_LEN, ctr, TEST_2_CIPHER, + TEST_CIPHER_LEN, TEST_PLAIN, TEST_PLAIN_LEN); + + memcpy(ctr, TEST_COUNTER, 16); + test_decrypt_op_256(TEST_3_KEY, TEST_3_KEY_LEN, ctr, TEST_3_CIPHER, + TEST_CIPHER_LEN, TEST_PLAIN, TEST_PLAIN_LEN); } diff --git a/tests/sys_crypto/tests-crypto-modes-ecb.c b/tests/sys_crypto/tests-crypto-modes-ecb.c index c7091bddcd..151d11dcd4 100644 --- a/tests/sys_crypto/tests-crypto-modes-ecb.c +++ b/tests/sys_crypto/tests-crypto-modes-ecb.c @@ -32,7 +32,22 @@ static uint8_t TEST_1_KEY[] = { }; static uint8_t TEST_1_KEY_LEN = 16; -static uint8_t TEST_1_PLAIN[] = { +static uint8_t TEST_2_KEY[] = { + 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, + 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, + 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b +}; +static uint8_t TEST_2_KEY_LEN = 24; + +static uint8_t TEST_3_KEY[] = { + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 +}; +static uint8_t TEST_3_KEY_LEN = 32; + +static uint8_t TEST_PLAIN[] = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, @@ -42,7 +57,7 @@ static uint8_t TEST_1_PLAIN[] = { 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; -static uint8_t TEST_1_PLAIN_LEN = 64; +static uint8_t TEST_PLAIN_LEN = 64; static uint8_t TEST_1_CIPHER[] = { 0x3a, 0xd7, 0x7b, 0xb4, 0x0d, 0x7a, 0x36, 0x60, @@ -54,9 +69,31 @@ static uint8_t TEST_1_CIPHER[] = { 0x7b, 0x0c, 0x78, 0x5e, 0x27, 0xe8, 0xad, 0x3f, 0x82, 0x23, 0x20, 0x71, 0x04, 0x72, 0x5d, 0xd4 }; -static uint8_t TEST_1_CIPHER_LEN = 64; -static void test_encrypt_op(uint8_t *key, uint8_t key_len, uint8_t *input, +static uint8_t TEST_2_CIPHER[] = { + 0xbd, 0x33, 0x4f, 0x1d, 0x6e, 0x45, 0xf2, 0x5f, + 0xf7, 0x12, 0xa2, 0x14, 0x57, 0x1f, 0xa5, 0xcc, + 0x97, 0x41, 0x04, 0x84, 0x6d, 0x0a, 0xd3, 0xad, + 0x77, 0x34, 0xec, 0xb3, 0xec, 0xee, 0x4e, 0xef, + 0xef, 0x7a, 0xfd, 0x22, 0x70, 0xe2, 0xe6, 0x0a, + 0xdc, 0xe0, 0xba, 0x2f, 0xac, 0xe6, 0x44, 0x4e, + 0x9a, 0x4b, 0x41, 0xba, 0x73, 0x8d, 0x6c, 0x72, + 0xfb, 0x16, 0x69, 0x16, 0x03, 0xc1, 0x8e, 0x0e +}; + +static uint8_t TEST_3_CIPHER[] = { + 0xf3, 0xee, 0xd1, 0xbd, 0xb5, 0xd2, 0xa0, 0x3c, + 0x06, 0x4b, 0x5a, 0x7e, 0x3d, 0xb1, 0x81, 0xf8, + 0x59, 0x1c, 0xcb, 0x10, 0xd4, 0x10, 0xed, 0x26, + 0xdc, 0x5b, 0xa7, 0x4a, 0x31, 0x36, 0x28, 0x70, + 0xb6, 0xed, 0x21, 0xb9, 0x9c, 0xa6, 0xf4, 0xf9, + 0xf1, 0x53, 0xe7, 0xb1, 0xbe, 0xaf, 0xed, 0x1d, + 0x23, 0x30, 0x4b, 0x7a, 0x39, 0xf9, 0xf3, 0xff, + 0x06, 0x7d, 0x8d, 0x8f, 0x9e, 0x24, 0xec, 0xc7 +}; +static uint8_t TEST_CIPHER_LEN = 64; + +static void test_encrypt_op_128(uint8_t *key, uint8_t key_len, uint8_t *input, uint8_t input_len, uint8_t *output, uint8_t output_len) { @@ -64,7 +101,7 @@ static void test_encrypt_op(uint8_t *key, uint8_t key_len, uint8_t *input, int len, err, cmp; uint8_t data[64]; - err = cipher_init(&cipher, CIPHER_AES_128, key, key_len); + err = cipher_init(&cipher, CIPHER_AES, key, key_len); TEST_ASSERT_EQUAL_INT(1, err); len = cipher_encrypt_ecb(&cipher, input, input_len, data); @@ -76,7 +113,7 @@ static void test_encrypt_op(uint8_t *key, uint8_t key_len, uint8_t *input, } -static void test_decrypt_op(uint8_t *key, uint8_t key_len, uint8_t *input, +static void test_encrypt_op_192(uint8_t *key, uint8_t key_len, uint8_t *input, uint8_t input_len, uint8_t *output, uint8_t output_len) { @@ -84,7 +121,87 @@ static void test_decrypt_op(uint8_t *key, uint8_t key_len, uint8_t *input, int len, err, cmp; uint8_t data[64]; - err = cipher_init(&cipher, CIPHER_AES_128, key, key_len); + err = cipher_init(&cipher, CIPHER_AES, key, key_len); + TEST_ASSERT_EQUAL_INT(1, err); + + len = cipher_encrypt_ecb(&cipher, input, input_len, data); + TEST_ASSERT_MESSAGE(len > 0, "Encryption failed"); + + TEST_ASSERT_EQUAL_INT(output_len, len); + cmp = compare(output, data, len); + TEST_ASSERT_MESSAGE(1 == cmp, "wrong ciphertext"); + +} + +static void test_encrypt_op_256(uint8_t *key, uint8_t key_len, uint8_t *input, + uint8_t input_len, uint8_t *output, + uint8_t output_len) +{ + cipher_t cipher; + int len, err, cmp; + uint8_t data[64]; + + err = cipher_init(&cipher, CIPHER_AES, key, key_len); + TEST_ASSERT_EQUAL_INT(1, err); + + len = cipher_encrypt_ecb(&cipher, input, input_len, data); + TEST_ASSERT_MESSAGE(len > 0, "Encryption failed"); + + TEST_ASSERT_EQUAL_INT(output_len, len); + cmp = compare(output, data, len); + TEST_ASSERT_MESSAGE(1 == cmp, "wrong ciphertext"); + +} + +static void test_decrypt_op_128(uint8_t *key, uint8_t key_len, uint8_t *input, + uint8_t input_len, uint8_t *output, + uint8_t output_len) +{ + cipher_t cipher; + int len, err, cmp; + uint8_t data[64]; + + err = cipher_init(&cipher, CIPHER_AES, key, key_len); + TEST_ASSERT_EQUAL_INT(1, err); + + len = cipher_decrypt_ecb(&cipher, input, input_len, data); + TEST_ASSERT_MESSAGE(len > 0, "Encryption failed"); + + TEST_ASSERT_EQUAL_INT(output_len, len); + cmp = compare(output, data, len); + TEST_ASSERT_MESSAGE(1 == cmp, "wrong ciphertext"); + +} + +static void test_decrypt_op_192(uint8_t *key, uint8_t key_len, uint8_t *input, + uint8_t input_len, uint8_t *output, + uint8_t output_len) +{ + cipher_t cipher; + int len, err, cmp; + uint8_t data[64]; + + err = cipher_init(&cipher, CIPHER_AES, key, key_len); + TEST_ASSERT_EQUAL_INT(1, err); + + len = cipher_decrypt_ecb(&cipher, input, input_len, data); + TEST_ASSERT_MESSAGE(len > 0, "Encryption failed"); + + TEST_ASSERT_EQUAL_INT(output_len, len); + cmp = compare(output, data, len); + TEST_ASSERT_MESSAGE(1 == cmp, "wrong ciphertext"); + +} + +static void test_decrypt_op_256(uint8_t *key, uint8_t key_len, uint8_t *input, + uint8_t input_len, uint8_t *output, + uint8_t output_len) +{ + cipher_t cipher; + int len, err, cmp; + uint8_t data[64]; + + err = cipher_init(&cipher, CIPHER_AES, key, key_len); TEST_ASSERT_EQUAL_INT(1, err); len = cipher_decrypt_ecb(&cipher, input, input_len, data); @@ -98,17 +215,30 @@ static void test_decrypt_op(uint8_t *key, uint8_t key_len, uint8_t *input, static void test_crypto_modes_ecb_encrypt(void) { - test_encrypt_op(TEST_1_KEY, TEST_1_KEY_LEN, TEST_1_PLAIN, TEST_1_PLAIN_LEN, - TEST_1_CIPHER, TEST_1_CIPHER_LEN); + test_encrypt_op_128(TEST_1_KEY, TEST_1_KEY_LEN, TEST_PLAIN, TEST_PLAIN_LEN, + TEST_1_CIPHER, TEST_CIPHER_LEN); + + test_encrypt_op_192(TEST_2_KEY, TEST_2_KEY_LEN, TEST_PLAIN, TEST_PLAIN_LEN, + TEST_2_CIPHER, TEST_CIPHER_LEN); + + test_encrypt_op_256(TEST_3_KEY, TEST_3_KEY_LEN, TEST_PLAIN, TEST_PLAIN_LEN, + TEST_3_CIPHER, TEST_CIPHER_LEN); } static void test_crypto_modes_ecb_decrypt(void) { - test_decrypt_op(TEST_1_KEY, TEST_1_KEY_LEN, TEST_1_CIPHER, - TEST_1_CIPHER_LEN, - TEST_1_PLAIN, TEST_1_PLAIN_LEN); -} + test_decrypt_op_128(TEST_1_KEY, TEST_1_KEY_LEN, TEST_1_CIPHER, + TEST_CIPHER_LEN, + TEST_PLAIN, TEST_PLAIN_LEN); + test_decrypt_op_192(TEST_2_KEY, TEST_2_KEY_LEN, TEST_2_CIPHER, + TEST_CIPHER_LEN, + TEST_PLAIN, TEST_PLAIN_LEN); + + test_decrypt_op_256(TEST_2_KEY, TEST_2_KEY_LEN, TEST_2_CIPHER, + TEST_CIPHER_LEN, + TEST_PLAIN, TEST_PLAIN_LEN); +} Test *tests_crypto_modes_ecb_tests(void) { diff --git a/tests/sys_crypto/tests-crypto-modes-ocb.c b/tests/sys_crypto/tests-crypto-modes-ocb.c index ac9403d0ca..70209155bc 100644 --- a/tests/sys_crypto/tests-crypto-modes-ocb.c +++ b/tests/sys_crypto/tests-crypto-modes-ocb.c @@ -277,7 +277,7 @@ static void test_encrypt_op(uint8_t *key, uint8_t key_len, TEST_ASSERT_MESSAGE(sizeof(data) >= output_expected_len, "Output buffer too small"); - err = cipher_init(&cipher, CIPHER_AES_128, key, key_len); + err = cipher_init(&cipher, CIPHER_AES, key, key_len); TEST_ASSERT_EQUAL_INT(1, err); len = cipher_encrypt_ocb(&cipher, adata, adata_len, @@ -327,7 +327,7 @@ static void test_decrypt_op(uint8_t *key, uint8_t key_len, TEST_ASSERT_MESSAGE(sizeof(data) >= output_expected_len, "Output buffer too small"); - err = cipher_init(&cipher, CIPHER_AES_128, key, key_len); + err = cipher_init(&cipher, CIPHER_AES, key, key_len); TEST_ASSERT_EQUAL_INT(1, err); len = cipher_decrypt_ocb(&cipher, adata, adata_len, @@ -412,7 +412,7 @@ static void test_crypto_modes_ocb_bad_parameter_values(void) uint8_t key[16], auth_data[1], nonce[16], input[16], output[32]; cipher_t cipher; - cipher_init(&cipher, CIPHER_AES_128, key, 16); + cipher_init(&cipher, CIPHER_AES, key, 16); /* tag length must be positive */ int rv = cipher_encrypt_ocb(&cipher, auth_data, sizeof(auth_data), 0, nonce, 15, input, sizeof(input), output); diff --git a/tests/sys_crypto/tests-crypto.h b/tests/sys_crypto/tests-crypto.h index eddf2d73ba..b316b50d06 100644 --- a/tests/sys_crypto/tests-crypto.h +++ b/tests/sys_crypto/tests-crypto.h @@ -59,6 +59,9 @@ static inline int compare(const uint8_t *a, const uint8_t *b, uint8_t len) Test* tests_crypto_aes_tests(void); Test* tests_crypto_cipher_tests(void); Test* tests_crypto_modes_ccm_tests(void); +Test* tests_crypto_modes_ccm_tests_128(void); +Test* tests_crypto_modes_ccm_tests_192(void); +Test* tests_crypto_modes_ccm_tests_256(void); Test* tests_crypto_modes_ocb_tests(void); Test* tests_crypto_modes_ecb_tests(void); Test* tests_crypto_modes_cbc_tests(void); diff --git a/tests/unittests/tests-hashes/Makefile.include b/tests/unittests/tests-hashes/Makefile.include index d25437ed3f..9c5493cf91 100644 --- a/tests/unittests/tests-hashes/Makefile.include +++ b/tests/unittests/tests-hashes/Makefile.include @@ -1,2 +1,2 @@ USEMODULE += hashes -USEMODULE += crypto_aes +USEMODULE += crypto_aes_128