1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/netwerk/srtp/src/crypto/cipher/aes_cbc.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,540 @@
1.4 +/*
1.5 + * aes_cbc.c
1.6 + *
1.7 + * AES Cipher Block Chaining Mode
1.8 + *
1.9 + * David A. McGrew
1.10 + * Cisco Systems, Inc.
1.11 + */
1.12 +
1.13 +/*
1.14 + *
1.15 + * Copyright (c) 2001-2006, Cisco Systems, Inc.
1.16 + * All rights reserved.
1.17 + *
1.18 + * Redistribution and use in source and binary forms, with or without
1.19 + * modification, are permitted provided that the following conditions
1.20 + * are met:
1.21 + *
1.22 + * Redistributions of source code must retain the above copyright
1.23 + * notice, this list of conditions and the following disclaimer.
1.24 + *
1.25 + * Redistributions in binary form must reproduce the above
1.26 + * copyright notice, this list of conditions and the following
1.27 + * disclaimer in the documentation and/or other materials provided
1.28 + * with the distribution.
1.29 + *
1.30 + * Neither the name of the Cisco Systems, Inc. nor the names of its
1.31 + * contributors may be used to endorse or promote products derived
1.32 + * from this software without specific prior written permission.
1.33 + *
1.34 + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
1.35 + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
1.36 + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
1.37 + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
1.38 + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
1.39 + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
1.40 + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
1.41 + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.42 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1.43 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1.44 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1.45 + * OF THE POSSIBILITY OF SUCH DAMAGE.
1.46 + *
1.47 + */
1.48 +
1.49 +
1.50 +#include "aes_cbc.h"
1.51 +#include "alloc.h"
1.52 +
1.53 +debug_module_t mod_aes_cbc = {
1.54 + 0, /* debugging is off by default */
1.55 + "aes cbc" /* printable module name */
1.56 +};
1.57 +
1.58 +
1.59 +
1.60 +err_status_t
1.61 +aes_cbc_alloc(cipher_t **c, int key_len) {
1.62 + extern cipher_type_t aes_cbc;
1.63 + uint8_t *pointer;
1.64 + int tmp;
1.65 +
1.66 + debug_print(mod_aes_cbc,
1.67 + "allocating cipher with key length %d", key_len);
1.68 +
1.69 + if (key_len != 16 && key_len != 24 && key_len != 32)
1.70 + return err_status_bad_param;
1.71 +
1.72 + /* allocate memory a cipher of type aes_cbc */
1.73 + tmp = (sizeof(aes_cbc_ctx_t) + sizeof(cipher_t));
1.74 + pointer = (uint8_t*)crypto_alloc(tmp);
1.75 + if (pointer == NULL)
1.76 + return err_status_alloc_fail;
1.77 +
1.78 + /* set pointers */
1.79 + *c = (cipher_t *)pointer;
1.80 + (*c)->type = &aes_cbc;
1.81 + (*c)->state = pointer + sizeof(cipher_t);
1.82 +
1.83 + /* increment ref_count */
1.84 + aes_cbc.ref_count++;
1.85 +
1.86 + /* set key size */
1.87 + (*c)->key_len = key_len;
1.88 +
1.89 + return err_status_ok;
1.90 +}
1.91 +
1.92 +err_status_t
1.93 +aes_cbc_dealloc(cipher_t *c) {
1.94 + extern cipher_type_t aes_cbc;
1.95 +
1.96 + /* zeroize entire state*/
1.97 + octet_string_set_to_zero((uint8_t *)c,
1.98 + sizeof(aes_cbc_ctx_t) + sizeof(cipher_t));
1.99 +
1.100 + /* free memory */
1.101 + crypto_free(c);
1.102 +
1.103 + /* decrement ref_count */
1.104 + aes_cbc.ref_count--;
1.105 +
1.106 + return err_status_ok;
1.107 +}
1.108 +
1.109 +err_status_t
1.110 +aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key, int key_len,
1.111 + cipher_direction_t dir) {
1.112 + err_status_t status;
1.113 +
1.114 + debug_print(mod_aes_cbc,
1.115 + "key: %s", octet_string_hex_string(key, key_len));
1.116 +
1.117 + /* expand key for the appropriate direction */
1.118 + switch (dir) {
1.119 + case (direction_encrypt):
1.120 + status = aes_expand_encryption_key(key, key_len, &c->expanded_key);
1.121 + if (status)
1.122 + return status;
1.123 + break;
1.124 + case (direction_decrypt):
1.125 + status = aes_expand_decryption_key(key, key_len, &c->expanded_key);
1.126 + if (status)
1.127 + return status;
1.128 + break;
1.129 + default:
1.130 + return err_status_bad_param;
1.131 + }
1.132 +
1.133 +
1.134 + return err_status_ok;
1.135 +}
1.136 +
1.137 +
1.138 +err_status_t
1.139 +aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv) {
1.140 + int i;
1.141 +/* v128_t *input = iv; */
1.142 + uint8_t *input = (uint8_t*) iv;
1.143 +
1.144 + /* set state and 'previous' block to iv */
1.145 + for (i=0; i < 16; i++)
1.146 + c->previous.v8[i] = c->state.v8[i] = input[i];
1.147 +
1.148 + debug_print(mod_aes_cbc, "setting iv: %s", v128_hex_string(&c->state));
1.149 +
1.150 + return err_status_ok;
1.151 +}
1.152 +
1.153 +err_status_t
1.154 +aes_cbc_encrypt(aes_cbc_ctx_t *c,
1.155 + unsigned char *data,
1.156 + unsigned int *bytes_in_data) {
1.157 + int i;
1.158 + unsigned char *input = data; /* pointer to data being read */
1.159 + unsigned char *output = data; /* pointer to data being written */
1.160 + int bytes_to_encr = *bytes_in_data;
1.161 +
1.162 + /*
1.163 + * verify that we're 16-octet aligned
1.164 + */
1.165 + if (*bytes_in_data & 0xf)
1.166 + return err_status_bad_param;
1.167 +
1.168 + /*
1.169 + * note that we assume that the initialization vector has already
1.170 + * been set, e.g. by calling aes_cbc_set_iv()
1.171 + */
1.172 + debug_print(mod_aes_cbc, "iv: %s",
1.173 + v128_hex_string(&c->state));
1.174 +
1.175 + /*
1.176 + * loop over plaintext blocks, exoring state into plaintext then
1.177 + * encrypting and writing to output
1.178 + */
1.179 + while (bytes_to_encr > 0) {
1.180 +
1.181 + /* exor plaintext into state */
1.182 + for (i=0; i < 16; i++)
1.183 + c->state.v8[i] ^= *input++;
1.184 +
1.185 + debug_print(mod_aes_cbc, "inblock: %s",
1.186 + v128_hex_string(&c->state));
1.187 +
1.188 + aes_encrypt(&c->state, &c->expanded_key);
1.189 +
1.190 + debug_print(mod_aes_cbc, "outblock: %s",
1.191 + v128_hex_string(&c->state));
1.192 +
1.193 + /* copy ciphertext to output */
1.194 + for (i=0; i < 16; i++)
1.195 + *output++ = c->state.v8[i];
1.196 +
1.197 + bytes_to_encr -= 16;
1.198 + }
1.199 +
1.200 + return err_status_ok;
1.201 +}
1.202 +
1.203 +err_status_t
1.204 +aes_cbc_decrypt(aes_cbc_ctx_t *c,
1.205 + unsigned char *data,
1.206 + unsigned int *bytes_in_data) {
1.207 + int i;
1.208 + v128_t state, previous;
1.209 + unsigned char *input = data; /* pointer to data being read */
1.210 + unsigned char *output = data; /* pointer to data being written */
1.211 + int bytes_to_encr = *bytes_in_data;
1.212 + uint8_t tmp;
1.213 +
1.214 + /*
1.215 + * verify that we're 16-octet aligned
1.216 + */
1.217 + if (*bytes_in_data & 0x0f)
1.218 + return err_status_bad_param;
1.219 +
1.220 + /* set 'previous' block to iv*/
1.221 + for (i=0; i < 16; i++) {
1.222 + previous.v8[i] = c->previous.v8[i];
1.223 + }
1.224 +
1.225 + debug_print(mod_aes_cbc, "iv: %s",
1.226 + v128_hex_string(&previous));
1.227 +
1.228 + /*
1.229 + * loop over ciphertext blocks, decrypting then exoring with state
1.230 + * then writing plaintext to output
1.231 + */
1.232 + while (bytes_to_encr > 0) {
1.233 +
1.234 + /* set state to ciphertext input block */
1.235 + for (i=0; i < 16; i++) {
1.236 + state.v8[i] = *input++;
1.237 + }
1.238 +
1.239 + debug_print(mod_aes_cbc, "inblock: %s",
1.240 + v128_hex_string(&state));
1.241 +
1.242 + /* decrypt state */
1.243 + aes_decrypt(&state, &c->expanded_key);
1.244 +
1.245 + debug_print(mod_aes_cbc, "outblock: %s",
1.246 + v128_hex_string(&state));
1.247 +
1.248 + /*
1.249 + * exor previous ciphertext block out of plaintext, and write new
1.250 + * plaintext block to output, while copying old ciphertext block
1.251 + * to the 'previous' block
1.252 + */
1.253 + for (i=0; i < 16; i++) {
1.254 + tmp = *output;
1.255 + *output++ = state.v8[i] ^ previous.v8[i];
1.256 + previous.v8[i] = tmp;
1.257 + }
1.258 +
1.259 + bytes_to_encr -= 16;
1.260 + }
1.261 +
1.262 + return err_status_ok;
1.263 +}
1.264 +
1.265 +
1.266 +err_status_t
1.267 +aes_cbc_nist_encrypt(aes_cbc_ctx_t *c,
1.268 + unsigned char *data,
1.269 + unsigned int *bytes_in_data) {
1.270 + int i;
1.271 + unsigned char *pad_start;
1.272 + int num_pad_bytes;
1.273 + err_status_t status;
1.274 +
1.275 + /*
1.276 + * determine the number of padding bytes that we need to add -
1.277 + * this value is always between 1 and 16, inclusive.
1.278 + */
1.279 + num_pad_bytes = 16 - (*bytes_in_data & 0xf);
1.280 + pad_start = data;
1.281 + pad_start += *bytes_in_data;
1.282 + *pad_start++ = 0xa0;
1.283 + for (i=0; i < num_pad_bytes; i++)
1.284 + *pad_start++ = 0x00;
1.285 +
1.286 + /*
1.287 + * increment the data size
1.288 + */
1.289 + *bytes_in_data += num_pad_bytes;
1.290 +
1.291 + /*
1.292 + * now cbc encrypt the padded data
1.293 + */
1.294 + status = aes_cbc_encrypt(c, data, bytes_in_data);
1.295 + if (status)
1.296 + return status;
1.297 +
1.298 + return err_status_ok;
1.299 +}
1.300 +
1.301 +
1.302 +err_status_t
1.303 +aes_cbc_nist_decrypt(aes_cbc_ctx_t *c,
1.304 + unsigned char *data,
1.305 + unsigned int *bytes_in_data) {
1.306 + unsigned char *pad_end;
1.307 + int num_pad_bytes;
1.308 + err_status_t status;
1.309 +
1.310 + /*
1.311 + * cbc decrypt the padded data
1.312 + */
1.313 + status = aes_cbc_decrypt(c, data, bytes_in_data);
1.314 + if (status)
1.315 + return status;
1.316 +
1.317 + /*
1.318 + * determine the number of padding bytes in the decrypted plaintext
1.319 + * - this value is always between 1 and 16, inclusive.
1.320 + */
1.321 + num_pad_bytes = 1;
1.322 + pad_end = data + (*bytes_in_data - 1);
1.323 + while (*pad_end != 0xa0) { /* note: should check padding correctness */
1.324 + pad_end--;
1.325 + num_pad_bytes++;
1.326 + }
1.327 +
1.328 + /* decrement data size */
1.329 + *bytes_in_data -= num_pad_bytes;
1.330 +
1.331 + return err_status_ok;
1.332 +}
1.333 +
1.334 +
1.335 +char
1.336 +aes_cbc_description[] = "aes cipher block chaining (cbc) mode";
1.337 +
1.338 +/*
1.339 + * Test case 0 is derived from FIPS 197 Appendix C; it uses an
1.340 + * all-zero IV, so that the first block encryption matches the test
1.341 + * case in that appendix. This property provides a check of the base
1.342 + * AES encryption and decryption algorithms; if CBC fails on some
1.343 + * particular platform, then you should print out AES intermediate
1.344 + * data and compare with the detailed info provided in that appendix.
1.345 + *
1.346 + */
1.347 +
1.348 +
1.349 +uint8_t aes_cbc_test_case_0_key[16] = {
1.350 + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1.351 + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
1.352 +};
1.353 +
1.354 +uint8_t aes_cbc_test_case_0_plaintext[64] = {
1.355 + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1.356 + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
1.357 +};
1.358 +
1.359 +uint8_t aes_cbc_test_case_0_ciphertext[80] = {
1.360 + 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30,
1.361 + 0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a,
1.362 + 0x03, 0x35, 0xed, 0x27, 0x67, 0xf2, 0x6d, 0xf1,
1.363 + 0x64, 0x83, 0x2e, 0x23, 0x44, 0x38, 0x70, 0x8b
1.364 +
1.365 +};
1.366 +
1.367 +uint8_t aes_cbc_test_case_0_iv[16] = {
1.368 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1.369 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1.370 +};
1.371 +
1.372 +
1.373 +cipher_test_case_t aes_cbc_test_case_0 = {
1.374 + 16, /* octets in key */
1.375 + aes_cbc_test_case_0_key, /* key */
1.376 + aes_cbc_test_case_0_iv, /* initialization vector */
1.377 + 16, /* octets in plaintext */
1.378 + aes_cbc_test_case_0_plaintext, /* plaintext */
1.379 + 32, /* octets in ciphertext */
1.380 + aes_cbc_test_case_0_ciphertext, /* ciphertext */
1.381 + NULL /* pointer to next testcase */
1.382 +};
1.383 +
1.384 +
1.385 +/*
1.386 + * this test case is taken directly from Appendix F.2 of NIST Special
1.387 + * Publication SP 800-38A
1.388 + */
1.389 +
1.390 +uint8_t aes_cbc_test_case_1_key[16] = {
1.391 + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
1.392 + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
1.393 +};
1.394 +
1.395 +uint8_t aes_cbc_test_case_1_plaintext[64] = {
1.396 + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1.397 + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1.398 + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1.399 + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1.400 + 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
1.401 + 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
1.402 + 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
1.403 + 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
1.404 +};
1.405 +
1.406 +uint8_t aes_cbc_test_case_1_ciphertext[80] = {
1.407 + 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
1.408 + 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
1.409 + 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee,
1.410 + 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2,
1.411 + 0x73, 0xbe, 0xd6, 0xb8, 0xe3, 0xc1, 0x74, 0x3b,
1.412 + 0x71, 0x16, 0xe6, 0x9e, 0x22, 0x22, 0x95, 0x16,
1.413 + 0x3f, 0xf1, 0xca, 0xa1, 0x68, 0x1f, 0xac, 0x09,
1.414 + 0x12, 0x0e, 0xca, 0x30, 0x75, 0x86, 0xe1, 0xa7,
1.415 + 0x39, 0x34, 0x07, 0x03, 0x36, 0xd0, 0x77, 0x99,
1.416 + 0xe0, 0xc4, 0x2f, 0xdd, 0xa8, 0xdf, 0x4c, 0xa3
1.417 +};
1.418 +
1.419 +uint8_t aes_cbc_test_case_1_iv[16] = {
1.420 + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1.421 + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
1.422 +};
1.423 +
1.424 +cipher_test_case_t aes_cbc_test_case_1 = {
1.425 + 16, /* octets in key */
1.426 + aes_cbc_test_case_1_key, /* key */
1.427 + aes_cbc_test_case_1_iv, /* initialization vector */
1.428 + 64, /* octets in plaintext */
1.429 + aes_cbc_test_case_1_plaintext, /* plaintext */
1.430 + 80, /* octets in ciphertext */
1.431 + aes_cbc_test_case_1_ciphertext, /* ciphertext */
1.432 + &aes_cbc_test_case_0 /* pointer to next testcase */
1.433 +};
1.434 +
1.435 +/*
1.436 + * Test case 2 is like test case 0, but for 256-bit keys. (FIPS 197
1.437 + * appendix C.3).
1.438 + */
1.439 +
1.440 +
1.441 +uint8_t aes_cbc_test_case_2_key[32] = {
1.442 + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1.443 + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1.444 + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1.445 + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1.446 +};
1.447 +
1.448 +uint8_t aes_cbc_test_case_2_plaintext[64] = {
1.449 + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1.450 + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
1.451 +};
1.452 +
1.453 +uint8_t aes_cbc_test_case_2_ciphertext[80] = {
1.454 + 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf,
1.455 + 0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89,
1.456 + 0x72, 0x72, 0x6e, 0xe7, 0x71, 0x39, 0xbf, 0x11,
1.457 + 0xe5, 0x40, 0xe2, 0x7c, 0x54, 0x65, 0x1d, 0xee
1.458 +};
1.459 +
1.460 +uint8_t aes_cbc_test_case_2_iv[16] = {
1.461 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1.462 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1.463 +};
1.464 +
1.465 +cipher_test_case_t aes_cbc_test_case_2 = {
1.466 + 32, /* octets in key */
1.467 + aes_cbc_test_case_2_key, /* key */
1.468 + aes_cbc_test_case_2_iv, /* initialization vector */
1.469 + 16, /* octets in plaintext */
1.470 + aes_cbc_test_case_2_plaintext, /* plaintext */
1.471 + 32, /* octets in ciphertext */
1.472 + aes_cbc_test_case_2_ciphertext, /* ciphertext */
1.473 + &aes_cbc_test_case_1 /* pointer to next testcase */
1.474 +};
1.475 +
1.476 +
1.477 +/*
1.478 + * this test case is taken directly from Appendix F.2 of NIST Special
1.479 + * Publication SP 800-38A
1.480 + */
1.481 +
1.482 +uint8_t aes_cbc_test_case_3_key[32] = {
1.483 + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
1.484 + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
1.485 + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
1.486 + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
1.487 +};
1.488 +
1.489 +uint8_t aes_cbc_test_case_3_plaintext[64] = {
1.490 + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
1.491 + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
1.492 + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
1.493 + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
1.494 + 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
1.495 + 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
1.496 + 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
1.497 + 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
1.498 +};
1.499 +
1.500 +uint8_t aes_cbc_test_case_3_ciphertext[80] = {
1.501 + 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba,
1.502 + 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6,
1.503 + 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d,
1.504 + 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d,
1.505 + 0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf,
1.506 + 0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61,
1.507 + 0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc,
1.508 + 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b,
1.509 + 0xfb, 0x98, 0x20, 0x2c, 0x45, 0xb2, 0xe4, 0xa0,
1.510 + 0x63, 0xc4, 0x68, 0xba, 0x84, 0x39, 0x16, 0x5a
1.511 +};
1.512 +
1.513 +uint8_t aes_cbc_test_case_3_iv[16] = {
1.514 + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1.515 + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
1.516 +};
1.517 +
1.518 +cipher_test_case_t aes_cbc_test_case_3 = {
1.519 + 32, /* octets in key */
1.520 + aes_cbc_test_case_3_key, /* key */
1.521 + aes_cbc_test_case_3_iv, /* initialization vector */
1.522 + 64, /* octets in plaintext */
1.523 + aes_cbc_test_case_3_plaintext, /* plaintext */
1.524 + 80, /* octets in ciphertext */
1.525 + aes_cbc_test_case_3_ciphertext, /* ciphertext */
1.526 + &aes_cbc_test_case_2 /* pointer to next testcase */
1.527 +};
1.528 +
1.529 +cipher_type_t aes_cbc = {
1.530 + (cipher_alloc_func_t) aes_cbc_alloc,
1.531 + (cipher_dealloc_func_t) aes_cbc_dealloc,
1.532 + (cipher_init_func_t) aes_cbc_context_init,
1.533 + (cipher_encrypt_func_t) aes_cbc_nist_encrypt,
1.534 + (cipher_decrypt_func_t) aes_cbc_nist_decrypt,
1.535 + (cipher_set_iv_func_t) aes_cbc_set_iv,
1.536 + (char *) aes_cbc_description,
1.537 + (int) 0, /* instance count */
1.538 + (cipher_test_case_t *) &aes_cbc_test_case_3,
1.539 + (debug_module_t *) &mod_aes_cbc,
1.540 + (cipher_type_id_t) AES_CBC
1.541 +};
1.542 +
1.543 +
