1%% -*- mode: erlang; tab-width: 4; indent-tabs-mode: 1; st-rulers: [70] -*- 2%% vim: ts=4 sw=4 ft=erlang noet 3%%%------------------------------------------------------------------- 4%%% @author Andrew Bennett <andrew@pixid.com> 5%%% @copyright 2014-2015, Andrew Bennett 6%%% @doc Advanced Encryption Standard (AES) 7%%% Cipher Block Chaining (CBC), as defined in NIST.800-38A 8%%% Electronic Codebook (ECB), as defined in NIST.800-38A 9%%% Galois/Counter Mode (GCM) and GMAC, as defined in NIST.800-38D 10%%% See NIST.800-38A: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf 11%%% See NIST.800-38D: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf 12%%% See http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf 13%%% See https://github.com/erlang/otp/blob/OTP-18.0/lib/crypto/test/crypto_SUITE.erl 14%%% @end 15%%% Created : 10 Aug 2015 by Andrew Bennett <andrew@pixid.com> 16%%%------------------------------------------------------------------- 17-module(jose_jwa_aes_SUITE). 18 19-include_lib("common_test/include/ct.hrl"). 20 21-include("jose.hrl"). 22 23%% Plain Text used in NIST example vectors 24-define(NIST_PLAIN_TEXT, hexstr2bin( 25 "6bc1bee22e409f96e93d7e117393172a" 26 "ae2d8a571e03ac9c9eb76fac45af8e51" 27 "30c81c46a35ce411e5fbc1191a0a52ef" 28 "f69f2445df4f9b17ad2b417be66c3710")). 29 30%% ct. 31-export([all/0]). 32-export([groups/0]). 33-export([init_per_suite/1]). 34-export([end_per_suite/1]). 35-export([init_per_group/2]). 36-export([end_per_group/2]). 37 38%% Tests. 39-export([aead/0]). 40-export([aead/1]). 41-export([block/0]). 42-export([block/1]). 43 44all() -> 45 [ 46 {group, aes_cbc128}, 47 {group, aes_cbc192}, 48 {group, aes_cbc256}, 49 {group, aes_ecb128}, 50 {group, aes_ecb192}, 51 {group, aes_ecb256}, 52 {group, aes_gcm128}, 53 {group, aes_gcm192}, 54 {group, aes_gcm256} 55 ]. 56 57groups() -> 58 [ 59 {aes_cbc128, [], [block]}, 60 {aes_cbc192, [], [block]}, 61 {aes_cbc256, [], [block]}, 62 {aes_ecb128, [], [block]}, 63 {aes_ecb192, [], [block]}, 64 {aes_ecb256, [], [block]}, 65 {aes_gcm128, [], [aead]}, 66 {aes_gcm192, [], [aead]}, 67 {aes_gcm256, [], [aead]} 68 ]. 69 70init_per_suite(Config) -> 71 application:set_env(jose, crypto_fallback, true), 72 application:set_env(jose, unsecured_signing, true), 73 _ = application:ensure_all_started(jose), 74 Config. 75 76end_per_suite(_Config) -> 77 _ = application:stop(jose), 78 ok. 79 80init_per_group(Group, Config) -> 81 jose_ct:start(Group, group_config(Group, Config)). 82 83end_per_group(_Group, Config) -> 84 jose_ct:stop(Config), 85 ok. 86 87%%==================================================================== 88%% Tests 89%%==================================================================== 90 91aead() -> 92 [{doc, "Test AEAD ciphers"}]. 93aead(Config) when is_list(Config) -> 94 AEADs = lazy_eval(proplists:get_value(aead, Config)), 95 lists:foreach(fun aead_cipher/1, AEADs). 96 97block() -> 98 [{doc, "Test block ciphers"}]. 99block(Config) when is_list(Config) -> 100 Blocks = proplists:get_value(block, Config), 101 lists:foreach(fun block_cipher/1, Blocks). 102 103%%%------------------------------------------------------------------- 104%%% Internal functions 105%%%------------------------------------------------------------------- 106 107%% @private 108aead_cipher({Type, Key, PlainText, IV, AAD, CipherText, CipherTag}) -> 109 Plain = iolist_to_binary(PlainText), 110 case jose_jwa_aes:block_encrypt(Type, Key, IV, {AAD, Plain}) of 111 {CipherText, CipherTag} -> 112 ok; 113 Other0 -> 114 ct:fail({{jose_jwa_aes, block_encrypt, [Plain, PlainText]}, {expected, {CipherText, CipherTag}}, {got, Other0}}) 115 end, 116 case jose_jwa_aes:block_decrypt(Type, Key, IV, {AAD, CipherText, CipherTag}) of 117 Plain -> 118 ok; 119 Other1 -> 120 ct:fail({{jose_jwa_aes, block_decrypt, [CipherText]}, {expected, Plain}, {got, Other1}}) 121 end. 122 123%% @private 124block_cipher({Type, Key, PlainText}) -> 125 Plain = iolist_to_binary(PlainText), 126 CipherText = jose_jwa_aes:block_encrypt(Type, Key, PlainText), 127 case jose_jwa_aes:block_decrypt(Type, Key, CipherText) of 128 Plain -> 129 ok; 130 Other -> 131 ct:fail({{jose_jwa_aes, block_decrypt, [Type, Key, CipherText]}, {expected, Plain}, {got, Other}}) 132 end; 133block_cipher({Type={aes_ecb, _}, Key, PlainText, CipherText}) -> 134 Plain = iolist_to_binary(PlainText), 135 case jose_jwa_aes:block_encrypt(Type, Key, Plain) of 136 CipherText -> 137 ok; 138 Other0 -> 139 ct:fail({{jose_jwa_aes, block_encrypt, [Type, Key, Plain]}, {expected, CipherText}, {got, Other0}}) 140 end, 141 case jose_jwa_aes:block_decrypt(Type, Key, CipherText) of 142 Plain -> 143 ok; 144 Other1 -> 145 ct:fail({{jose_jwa_aes, block_decrypt, [Type, Key, CipherText]}, {expected, Plain}, {got, Other1}}) 146 end; 147block_cipher({Type, Key, IV, PlainText}) -> 148 Plain = iolist_to_binary(PlainText), 149 CipherText = jose_jwa_aes:block_encrypt(Type, Key, IV, PlainText), 150 case jose_jwa_aes:block_decrypt(Type, Key, IV, CipherText) of 151 Plain -> 152 ok; 153 Other -> 154 ct:fail({{jose_jwa_aes, block_decrypt, [Type, Key, IV, CipherText]}, {expected, Plain}, {got, Other}}) 155 end; 156block_cipher({Type, Key, IV, PlainText, CipherText}) -> 157 Plain = iolist_to_binary(PlainText), 158 case jose_jwa_aes:block_encrypt(Type, Key, IV, Plain) of 159 CipherText -> 160 ok; 161 Other0 -> 162 ct:fail({{jose_jwa_aes, block_encrypt, [Plain, PlainText]}, {expected, CipherText}, {got, Other0}}) 163 end, 164 case jose_jwa_aes:block_decrypt(Type, Key, IV, CipherText) of 165 Plain -> 166 ok; 167 Other1 -> 168 ct:fail({{jose_jwa_aes, block_decrypt, [CipherText]}, {expected, Plain}, {got, Other1}}) 169 end. 170 171%% @private 172group_config(aes_cbc128, Config) -> 173 Block = aes_cbc128(), 174 [{block, Block} | Config]; 175group_config(aes_cbc192, Config) -> 176 Block = aes_cbc192(), 177 [{block, Block} | Config]; 178group_config(aes_cbc256, Config) -> 179 Block = aes_cbc256(), 180 [{block, Block} | Config]; 181group_config(aes_ecb128, Config) -> 182 Block = aes_ecb128(), 183 [{block, Block} | Config]; 184group_config(aes_ecb192, Config) -> 185 Block = aes_ecb192(), 186 [{block, Block} | Config]; 187group_config(aes_ecb256, Config) -> 188 Block = aes_ecb256(), 189 [{block, Block} | Config]; 190group_config(aes_gcm128, Config) -> 191 AEAD = aes_gcm128(), 192 [{aead, AEAD} | Config]; 193group_config(aes_gcm192, Config) -> 194 AEAD = aes_gcm192(), 195 [{aead, AEAD} | Config]; 196group_config(aes_gcm256, Config) -> 197 AEAD = aes_gcm256(), 198 [{aead, AEAD} | Config]. 199 200%% @private 201hexstr2bin(S) -> 202 list_to_binary(hexstr2list(S)). 203 204%% @private 205hexstr2list([X,Y|T]) -> 206 [mkint(X)*16 + mkint(Y) | hexstr2list(T)]; 207hexstr2list([]) -> 208 []. 209 210%% Building huge terms (like long_msg/0) in init_per_group seems to cause 211%% test_server crash with 'no_answer_from_tc_supervisor' sometimes on some 212%% machines. Therefore lazy evaluation when test case has started. 213lazy_eval(F) when is_function(F) -> F(); 214lazy_eval(Lst) when is_list(Lst) -> lists:map(fun lazy_eval/1, Lst); 215lazy_eval(Tpl) when is_tuple(Tpl) -> list_to_tuple(lists:map(fun lazy_eval/1, tuple_to_list(Tpl))); 216lazy_eval(Term) -> Term. 217 218%% @private 219mkint(C) when $0 =< C, C =< $9 -> 220 C - $0; 221mkint(C) when $A =< C, C =< $F -> 222 C - $A + 10; 223mkint(C) when $a =< C, C =< $f -> 224 C - $a + 10. 225 226%% @private 227%% See http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf 228aes_cbc128() -> 229 [ 230 {{aes_cbc, 128}, 231 hexstr2bin("2b7e151628aed2a6abf7158809cf4f3c"), 232 hexstr2bin("000102030405060708090a0b0c0d0e0f"), 233 hexstr2bin("6bc1bee22e409f96e93d7e117393172a")}, 234 {{aes_cbc, 128}, 235 hexstr2bin("2b7e151628aed2a6abf7158809cf4f3c"), 236 hexstr2bin("7649ABAC8119B246CEE98E9B12E9197D"), 237 hexstr2bin("ae2d8a571e03ac9c9eb76fac45af8e51")}, 238 {{aes_cbc, 128}, 239 hexstr2bin("2b7e151628aed2a6abf7158809cf4f3c"), 240 hexstr2bin("5086CB9B507219EE95DB113A917678B2"), 241 hexstr2bin("30c81c46a35ce411e5fbc1191a0a52ef")}, 242 {{aes_cbc, 128}, 243 hexstr2bin("2b7e151628aed2a6abf7158809cf4f3c"), 244 hexstr2bin("73BED6B8E3C1743B7116E69E22229516"), 245 hexstr2bin("f69f2445df4f9b17ad2b417be66c3710")}, 246 %% F.2.1 CBC-AES128.Encrypt 247 %% F.2.2 CBC-AES128.Decrypt 248 {{aes_cbc, 128}, 249 hexstr2bin("2b7e151628aed2a6abf7158809cf4f3c"), 250 hexstr2bin("000102030405060708090a0b0c0d0e0f"), 251 ?NIST_PLAIN_TEXT, 252 hexstr2bin("7649abac8119b246cee98e9b12e9197d" 253 "5086cb9b507219ee95db113a917678b2" 254 "73bed6b8e3c1743b7116e69e22229516" 255 "3ff1caa1681fac09120eca307586e1a7")} 256 ]. 257 258%% @private 259%% See http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf 260aes_cbc192() -> 261 [ 262 %% F.2.3 CBC-AES192.Encrypt 263 %% F.2.4 CBC-AES192.Decrypt 264 {{aes_cbc, 192}, 265 hexstr2bin("8e73b0f7da0e6452c810f32b809079e5" 266 "62f8ead2522c6b7b"), 267 hexstr2bin("000102030405060708090a0b0c0d0e0f"), 268 ?NIST_PLAIN_TEXT, 269 hexstr2bin("4f021db243bc633d7178183a9fa071e8" 270 "b4d9ada9ad7dedf4e5e738763f69145a" 271 "571b242012fb7ae07fa9baac3df102e0" 272 "08b0e27988598881d920a9e64f5615cd")} 273 ]. 274 275%% @private 276%% See http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf 277aes_cbc256() -> 278 [ 279 {{aes_cbc, 256}, 280 hexstr2bin("603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"), 281 hexstr2bin("000102030405060708090A0B0C0D0E0F"), 282 hexstr2bin("6bc1bee22e409f96e93d7e117393172a")}, 283 {{aes_cbc, 256}, 284 hexstr2bin("603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"), 285 hexstr2bin("F58C4C04D6E5F1BA779EABFB5F7BFBD6"), 286 hexstr2bin("ae2d8a571e03ac9c9eb76fac45af8e51")}, 287 {{aes_cbc, 256}, 288 hexstr2bin("603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"), 289 hexstr2bin("9CFC4E967EDB808D679F777BC6702C7D"), 290 hexstr2bin("30c81c46a35ce411e5fbc1191a0a52ef")}, 291 {{aes_cbc, 256}, 292 hexstr2bin("603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"), 293 hexstr2bin("39F23369A9D9BACFA530E26304231461"), 294 hexstr2bin("f69f2445df4f9b17ad2b417be66c3710")}, 295 %% F.2.5 CBC-AES256.Encrypt 296 %% F.2.6 CBC-AES256.Decrypt 297 {{aes_cbc, 256}, 298 hexstr2bin("603deb1015ca71be2b73aef0857d7781" 299 "1f352c073b6108d72d9810a30914dff4"), 300 hexstr2bin("000102030405060708090a0b0c0d0e0f"), 301 ?NIST_PLAIN_TEXT, 302 hexstr2bin("f58c4c04d6e5f1ba779eabfb5f7bfbd6" 303 "9cfc4e967edb808d679f777bc6702c7d" 304 "39f23369a9d9bacfa530e26304231461" 305 "b2eb05e2c39be9fcda6c19078c6a9d1b")} 306 ]. 307 308%% @private 309%% See http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf 310aes_ecb128() -> 311 [ 312 {{aes_ecb, 128}, 313 <<"YELLOW SUBMARINE">>, 314 <<"YELLOW SUBMARINE">>}, 315 {{aes_ecb, 128}, 316 <<"0000000000000000">>, 317 <<"0000000000000000">>}, 318 {{aes_ecb, 128}, 319 <<"FFFFFFFFFFFFFFFF">>, 320 <<"FFFFFFFFFFFFFFFF">>}, 321 {{aes_ecb, 128}, 322 <<"3000000000000000">>, 323 <<"1000000000000001">>}, 324 {{aes_ecb, 128}, 325 <<"1111111111111111">>, 326 <<"1111111111111111">>}, 327 {{aes_ecb, 128}, 328 <<"0123456789ABCDEF">>, 329 <<"1111111111111111">>}, 330 {{aes_ecb, 128}, 331 <<"0000000000000000">>, 332 <<"0000000000000000">>}, 333 {{aes_ecb, 128}, 334 <<"FEDCBA9876543210">>, 335 <<"0123456789ABCDEF">>}, 336 {{aes_ecb, 128}, 337 <<"7CA110454A1A6E57">>, 338 <<"01A1D6D039776742">>}, 339 {{aes_ecb, 128}, 340 <<"0131D9619DC1376E">>, 341 <<"5CD54CA83DEF57DA">>}, 342 {{aes_ecb, 128}, 343 <<"07A1133E4A0B2686">>, 344 <<"0248D43806F67172">>}, 345 {{aes_ecb, 128}, 346 <<"3849674C2602319E">>, 347 <<"51454B582DDF440A">>}, 348 {{aes_ecb, 128}, 349 <<"04B915BA43FEB5B6">>, 350 <<"42FD443059577FA2">>}, 351 {{aes_ecb, 128}, 352 <<"0113B970FD34F2CE">>, 353 <<"059B5E0851CF143A">>}, 354 {{aes_ecb, 128}, 355 <<"0170F175468FB5E6">>, 356 <<"0756D8E0774761D2">>}, 357 {{aes_ecb, 128}, 358 <<"43297FAD38E373FE">>, 359 <<"762514B829BF486A">>}, 360 {{aes_ecb, 128}, 361 <<"07A7137045DA2A16">>, 362 <<"3BDD119049372802">>}, 363 {{aes_ecb, 128}, 364 <<"04689104C2FD3B2F">>, 365 <<"26955F6835AF609A">>}, 366 {{aes_ecb, 128}, 367 <<"37D06BB516CB7546">>, 368 <<"164D5E404F275232">>}, 369 {{aes_ecb, 128}, 370 <<"1F08260D1AC2465E">>, 371 <<"6B056E18759F5CCA">>}, 372 {{aes_ecb, 128}, 373 <<"584023641ABA6176">>, 374 <<"004BD6EF09176062">>}, 375 {{aes_ecb, 128}, 376 <<"025816164629B007">>, 377 <<"480D39006EE762F2">>}, 378 {{aes_ecb, 128}, 379 <<"49793EBC79B3258F">>, 380 <<"437540C8698F3CFA">>}, 381 {{aes_ecb, 128}, 382 <<"018310DC409B26D6">>, 383 <<"1D9D5C5018F728C2">>}, 384 {{aes_ecb, 128}, 385 <<"1C587F1C13924FEF">>, 386 <<"305532286D6F295A">>}, 387 {{aes_ecb, 128}, 388 <<"0101010101010101">>, 389 <<"0123456789ABCDEF">>}, 390 {{aes_ecb, 128}, 391 <<"1F1F1F1F0E0E0E0E">>, 392 <<"0123456789ABCDEF">>}, 393 {{aes_ecb, 128}, 394 <<"E0FEE0FEF1FEF1FE">>, 395 <<"0123456789ABCDEF">>}, 396 {{aes_ecb, 128}, 397 <<"0000000000000000">>, 398 <<"FFFFFFFFFFFFFFFF">>}, 399 {{aes_ecb, 128}, 400 <<"FFFFFFFFFFFFFFFF">>, 401 <<"0000000000000000">>}, 402 {{aes_ecb, 128}, 403 <<"0123456789ABCDEF">>, 404 <<"0000000000000000">>}, 405 {{aes_ecb, 128}, 406 <<"FEDCBA9876543210">>, 407 <<"FFFFFFFFFFFFFFFF">>}, 408 %% F.1.1 ECB-AES128.Encrypt 409 %% F.1.2 ECB-AES128.Decrypt 410 {{aes_ecb, 128}, 411 hexstr2bin("2b7e151628aed2a6abf7158809cf4f3c"), 412 ?NIST_PLAIN_TEXT, 413 hexstr2bin("3ad77bb40d7a3660a89ecaf32466ef97" 414 "f5d3d58503b9699de785895a96fdbaaf" 415 "43b1cd7f598ece23881b00e3ed030688" 416 "7b0c785e27e8ad3f8223207104725dd4")} 417 ]. 418 419%% @private 420%% See http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf 421aes_ecb192() -> 422 [ 423 %% F.1.3 ECB-AES192.Encrypt 424 %% F.1.4 ECB-AES192.Decrypt 425 {{aes_ecb, 192}, 426 hexstr2bin("8e73b0f7da0e6452c810f32b809079e5" 427 "62f8ead2522c6b7b"), 428 ?NIST_PLAIN_TEXT, 429 hexstr2bin("bd334f1d6e45f25ff712a214571fa5cc" 430 "974104846d0ad3ad7734ecb3ecee4eef" 431 "ef7afd2270e2e60adce0ba2face6444e" 432 "9a4b41ba738d6c72fb16691603c18e0e")} 433 ]. 434 435%% @private 436%% See http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf 437aes_ecb256() -> 438 [ 439 %% F.1.5 ECB-AES256.Encrypt 440 %% F.1.6 ECB-AES256.Decrypt 441 {{aes_ecb, 256}, 442 hexstr2bin("603deb1015ca71be2b73aef0857d7781" 443 "1f352c073b6108d72d9810a30914dff4"), 444 ?NIST_PLAIN_TEXT, 445 hexstr2bin("f3eed1bdb5d2a03c064b5a7e3db181f8" 446 "591ccb10d410ed26dc5ba74a31362870" 447 "b6ed21b99ca6f4f9f153e7b1beafed1d" 448 "23304b7a39f9f3ff067d8d8f9e24ecc7")} 449 ]. 450 451%% AES GCM test vectors from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf 452aes_gcm128() -> 453 [ 454 %% Test Case 1 455 {{aes_gcm, 128}, 456 hexstr2bin("00000000000000000000000000000000"), %% Key 457 hexstr2bin(""), %% PlainText 458 hexstr2bin("000000000000000000000000"), %% IV 459 hexstr2bin(""), %% AAD 460 hexstr2bin(""), %% CipherText 461 hexstr2bin("58e2fccefa7e3061367f1d57a4e7455a")}, %% CipherTag 462 463 %% Test Case 2 464 {{aes_gcm, 128}, 465 hexstr2bin("00000000000000000000000000000000"), %% Key 466 hexstr2bin("00000000000000000000000000000000"), %% PlainText 467 hexstr2bin("000000000000000000000000"), %% IV 468 hexstr2bin(""), %% AAD 469 hexstr2bin("0388dace60b6a392f328c2b971b2fe78"), %% CipherText 470 hexstr2bin("ab6e47d42cec13bdf53a67b21257bddf")}, %% CipherTag 471 472 %% Test Case 3 473 {{aes_gcm, 128}, 474 hexstr2bin("feffe9928665731c6d6a8f9467308308"), %% Key 475 hexstr2bin("d9313225f88406e5a55909c5aff5269a" %% PlainText 476 "86a7a9531534f7da2e4c303d8a318a72" 477 "1c3c0c95956809532fcf0e2449a6b525" 478 "b16aedf5aa0de657ba637b391aafd255"), 479 hexstr2bin("cafebabefacedbaddecaf888"), %% IV 480 hexstr2bin(""), %% AAD 481 hexstr2bin("42831ec2217774244b7221b784d0d49c" %% CipherText 482 "e3aa212f2c02a4e035c17e2329aca12e" 483 "21d514b25466931c7d8f6a5aac84aa05" 484 "1ba30b396a0aac973d58e091473f5985"), 485 hexstr2bin("4d5c2af327cd64a62cf35abd2ba6fab4")}, %% CipherTag 486 487 %% Test Case 4 488 {{aes_gcm, 128}, 489 hexstr2bin("feffe9928665731c6d6a8f9467308308"), %% Key 490 hexstr2bin("d9313225f88406e5a55909c5aff5269a" %% PlainText 491 "86a7a9531534f7da2e4c303d8a318a72" 492 "1c3c0c95956809532fcf0e2449a6b525" 493 "b16aedf5aa0de657ba637b39"), 494 hexstr2bin("cafebabefacedbaddecaf888"), %% IV 495 hexstr2bin("feedfacedeadbeeffeedfacedeadbeef" %% AAD 496 "abaddad2"), 497 hexstr2bin("42831ec2217774244b7221b784d0d49c" %% CipherText 498 "e3aa212f2c02a4e035c17e2329aca12e" 499 "21d514b25466931c7d8f6a5aac84aa05" 500 "1ba30b396a0aac973d58e091"), 501 hexstr2bin("5bc94fbc3221a5db94fae95ae7121a47")}, %% CipherTag 502 503 %% Test Case 5 504 {{aes_gcm, 128}, 505 hexstr2bin("feffe9928665731c6d6a8f9467308308"), %% Key 506 hexstr2bin("d9313225f88406e5a55909c5aff5269a" %% PlainText 507 "86a7a9531534f7da2e4c303d8a318a72" 508 "1c3c0c95956809532fcf0e2449a6b525" 509 "b16aedf5aa0de657ba637b39"), 510 hexstr2bin("cafebabefacedbad"), %% IV 511 hexstr2bin("feedfacedeadbeeffeedfacedeadbeef" %% AAD 512 "abaddad2"), 513 hexstr2bin("61353b4c2806934a777ff51fa22a4755" %% CipherText 514 "699b2a714fcdc6f83766e5f97b6c7423" 515 "73806900e49f24b22b097544d4896b42" 516 "4989b5e1ebac0f07c23f4598"), 517 hexstr2bin("3612d2e79e3b0785561be14aaca2fccb")}, %% CipherTag 518 519 %% Test Case 6 520 {{aes_gcm, 128}, 521 hexstr2bin("feffe9928665731c6d6a8f9467308308"), %% Key 522 hexstr2bin("d9313225f88406e5a55909c5aff5269a" %% PlainText 523 "86a7a9531534f7da2e4c303d8a318a72" 524 "1c3c0c95956809532fcf0e2449a6b525" 525 "b16aedf5aa0de657ba637b39"), 526 hexstr2bin("9313225df88406e555909c5aff5269aa" %% IV 527 "6a7a9538534f7da1e4c303d2a318a728" 528 "c3c0c95156809539fcf0e2429a6b5254" 529 "16aedbf5a0de6a57a637b39b"), 530 hexstr2bin("feedfacedeadbeeffeedfacedeadbeef" %% AAD 531 "abaddad2"), 532 hexstr2bin("8ce24998625615b603a033aca13fb894" %% CipherText 533 "be9112a5c3a211a8ba262a3cca7e2ca7" 534 "01e4a9a4fba43c90ccdcb281d48c7c6f" 535 "d62875d2aca417034c34aee5"), 536 hexstr2bin("619cc5aefffe0bfa462af43c1699d050")} %% CipherTag 537 ]. 538 539%% AES GCM test vectors from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf 540aes_gcm192() -> 541 [ 542 %% Test Case 7 543 {{aes_gcm, 192}, 544 hexstr2bin("00000000000000000000000000000000" %% Key 545 "0000000000000000"), 546 hexstr2bin(""), %% PlainText 547 hexstr2bin("000000000000000000000000"), %% IV 548 hexstr2bin(""), %% AAD 549 hexstr2bin(""), %% CipherText 550 hexstr2bin("cd33b28ac773f74ba00ed1f312572435")}, %% CipherTag 551 552 %% Test Case 8 553 {{aes_gcm, 192}, 554 hexstr2bin("00000000000000000000000000000000" %% Key 555 "0000000000000000"), 556 hexstr2bin("00000000000000000000000000000000"), %% PlainText 557 hexstr2bin("000000000000000000000000"), %% IV 558 hexstr2bin(""), %% AAD 559 hexstr2bin("98e7247c07f0fe411c267e4384b0f600"), %% CipherText 560 hexstr2bin("2ff58d80033927ab8ef4d4587514f0fb")}, %% CipherTag 561 562 %% Test Case 9 563 {{aes_gcm, 192}, 564 hexstr2bin("feffe9928665731c6d6a8f9467308308" %% Key 565 "feffe9928665731c"), 566 hexstr2bin("d9313225f88406e5a55909c5aff5269a" %% PlainText 567 "86a7a9531534f7da2e4c303d8a318a72" 568 "1c3c0c95956809532fcf0e2449a6b525" 569 "b16aedf5aa0de657ba637b391aafd255"), 570 hexstr2bin("cafebabefacedbaddecaf888"), %% IV 571 hexstr2bin(""), %% ADD 572 hexstr2bin("3980ca0b3c00e841eb06fac4872a2757" %% CipherText 573 "859e1ceaa6efd984628593b40ca1e19c" 574 "7d773d00c144c525ac619d18c84a3f47" 575 "18e2448b2fe324d9ccda2710acade256"), 576 hexstr2bin("9924a7c8587336bfb118024db8674a14")}, %% CipherTag 577 578 %% Test Case 10 579 {{aes_gcm, 192}, 580 hexstr2bin("feffe9928665731c6d6a8f9467308308" %% Key 581 "feffe9928665731c"), 582 hexstr2bin("d9313225f88406e5a55909c5aff5269a" %% PlainText 583 "86a7a9531534f7da2e4c303d8a318a72" 584 "1c3c0c95956809532fcf0e2449a6b525" 585 "b16aedf5aa0de657ba637b39"), 586 hexstr2bin("cafebabefacedbaddecaf888"), %% IV 587 hexstr2bin("feedfacedeadbeeffeedfacedeadbeef" %% AAD 588 "abaddad2"), 589 hexstr2bin("3980ca0b3c00e841eb06fac4872a2757" %% CipherText 590 "859e1ceaa6efd984628593b40ca1e19c" 591 "7d773d00c144c525ac619d18c84a3f47" 592 "18e2448b2fe324d9ccda2710"), 593 hexstr2bin("2519498e80f1478f37ba55bd6d27618c")}, %% CipherTag 594 595 %% Test Case 11 596 {{aes_gcm, 192}, 597 hexstr2bin("feffe9928665731c6d6a8f9467308308" %% Key 598 "feffe9928665731c"), 599 hexstr2bin("d9313225f88406e5a55909c5aff5269a" %% PlainText 600 "86a7a9531534f7da2e4c303d8a318a72" 601 "1c3c0c95956809532fcf0e2449a6b525" 602 "b16aedf5aa0de657ba637b39"), 603 hexstr2bin("cafebabefacedbad"), %% IV 604 hexstr2bin("feedfacedeadbeeffeedfacedeadbeef" %% AAD 605 "abaddad2"), 606 hexstr2bin("0f10f599ae14a154ed24b36e25324db8" %% CipherText 607 "c566632ef2bbb34f8347280fc4507057" 608 "fddc29df9a471f75c66541d4d4dad1c9" 609 "e93a19a58e8b473fa0f062f7"), 610 hexstr2bin("65dcc57fcf623a24094fcca40d3533f8")}, %% CipherTag 611 612 %% Test Case 12 613 {{aes_gcm, 192}, 614 hexstr2bin("feffe9928665731c6d6a8f9467308308" %% Key 615 "feffe9928665731c"), 616 hexstr2bin("d9313225f88406e5a55909c5aff5269a" %% PlainText 617 "86a7a9531534f7da2e4c303d8a318a72" 618 "1c3c0c95956809532fcf0e2449a6b525" 619 "b16aedf5aa0de657ba637b39"), 620 hexstr2bin("9313225df88406e555909c5aff5269aa" %% IV 621 "6a7a9538534f7da1e4c303d2a318a728" 622 "c3c0c95156809539fcf0e2429a6b5254" 623 "16aedbf5a0de6a57a637b39b"), 624 hexstr2bin("feedfacedeadbeeffeedfacedeadbeef" %% AAD 625 "abaddad2"), 626 hexstr2bin("d27e88681ce3243c4830165a8fdcf9ff" %% CipherText 627 "1de9a1d8e6b447ef6ef7b79828666e45" 628 "81e79012af34ddd9e2f037589b292db3" 629 "e67c036745fa22e7e9b7373b"), 630 hexstr2bin("dcf566ff291c25bbb8568fc3d376a6d9")} %% CipherTag 631 ]. 632 633%% AES GCM test vectors from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf 634aes_gcm256() -> 635 [ 636 %% Test Case 13 637 {{aes_gcm, 256}, 638 hexstr2bin("00000000000000000000000000000000" %% Key 639 "00000000000000000000000000000000"), 640 hexstr2bin(""), %% PlainText 641 hexstr2bin("000000000000000000000000"), %% IV 642 hexstr2bin(""), %% AAD 643 hexstr2bin(""), %% CipherText 644 hexstr2bin("530f8afbc74536b9a963b4f1c4cb738b")}, %% CipherTag 645 646 %% Test Case 14 647 {{aes_gcm, 256}, 648 hexstr2bin("00000000000000000000000000000000" %% Key 649 "00000000000000000000000000000000"), 650 hexstr2bin("00000000000000000000000000000000"), %% PlainText 651 hexstr2bin("000000000000000000000000"), %% IV 652 hexstr2bin(""), %% AAD 653 hexstr2bin("cea7403d4d606b6e074ec5d3baf39d18"), %% CipherText 654 hexstr2bin("d0d1c8a799996bf0265b98b5d48ab919")}, %% CipherTag 655 656 %% Test Case 15 657 {{aes_gcm, 256}, 658 hexstr2bin("feffe9928665731c6d6a8f9467308308" %% Key 659 "feffe9928665731c6d6a8f9467308308"), 660 hexstr2bin("d9313225f88406e5a55909c5aff5269a" %% PlainText 661 "86a7a9531534f7da2e4c303d8a318a72" 662 "1c3c0c95956809532fcf0e2449a6b525" 663 "b16aedf5aa0de657ba637b391aafd255"), 664 hexstr2bin("cafebabefacedbaddecaf888"), %% IV 665 hexstr2bin(""), %% AAD 666 hexstr2bin("522dc1f099567d07f47f37a32a84427d" %% CipherText 667 "643a8cdcbfe5c0c97598a2bd2555d1aa" 668 "8cb08e48590dbb3da7b08b1056828838" 669 "c5f61e6393ba7a0abcc9f662898015ad"), 670 hexstr2bin("b094dac5d93471bdec1a502270e3cc6c")}, %% CipherTag 671 672 %% Test Case 16 673 {{aes_gcm, 256}, 674 hexstr2bin("feffe9928665731c6d6a8f9467308308" %% Key 675 "feffe9928665731c6d6a8f9467308308"), 676 hexstr2bin("d9313225f88406e5a55909c5aff5269a" %% PlainText 677 "86a7a9531534f7da2e4c303d8a318a72" 678 "1c3c0c95956809532fcf0e2449a6b525" 679 "b16aedf5aa0de657ba637b39"), 680 hexstr2bin("cafebabefacedbaddecaf888"), %% IV 681 hexstr2bin("feedfacedeadbeeffeedfacedeadbeef" %% AAD 682 "abaddad2"), 683 hexstr2bin("522dc1f099567d07f47f37a32a84427d" %% CipherText 684 "643a8cdcbfe5c0c97598a2bd2555d1aa" 685 "8cb08e48590dbb3da7b08b1056828838" 686 "c5f61e6393ba7a0abcc9f662"), 687 hexstr2bin("76fc6ece0f4e1768cddf8853bb2d551b")}, %% CipherTag 688 689 %% Test Case 17 690 {{aes_gcm, 256}, 691 hexstr2bin("feffe9928665731c6d6a8f9467308308" %% Key 692 "feffe9928665731c6d6a8f9467308308"), 693 hexstr2bin("d9313225f88406e5a55909c5aff5269a" %% PlainText 694 "86a7a9531534f7da2e4c303d8a318a72" 695 "1c3c0c95956809532fcf0e2449a6b525" 696 "b16aedf5aa0de657ba637b39"), 697 hexstr2bin("cafebabefacedbad"), %% IV 698 hexstr2bin("feedfacedeadbeeffeedfacedeadbeef" %% AAD 699 "abaddad2"), 700 hexstr2bin("c3762df1ca787d32ae47c13bf19844cb" %% CipherText 701 "af1ae14d0b976afac52ff7d79bba9de0" 702 "feb582d33934a4f0954cc2363bc73f78" 703 "62ac430e64abe499f47c9b1f"), 704 hexstr2bin("3a337dbf46a792c45e454913fe2ea8f2")}, %% CipherTag 705 706 %% Test Case 18 707 {{aes_gcm, 256}, 708 hexstr2bin("feffe9928665731c6d6a8f9467308308" %% Key 709 "feffe9928665731c6d6a8f9467308308"), 710 hexstr2bin("d9313225f88406e5a55909c5aff5269a" %% PlainText 711 "86a7a9531534f7da2e4c303d8a318a72" 712 "1c3c0c95956809532fcf0e2449a6b525" 713 "b16aedf5aa0de657ba637b39"), 714 hexstr2bin("9313225df88406e555909c5aff5269aa" %% IV 715 "6a7a9538534f7da1e4c303d2a318a728" 716 "c3c0c95156809539fcf0e2429a6b5254" 717 "16aedbf5a0de6a57a637b39b"), 718 hexstr2bin("feedfacedeadbeeffeedfacedeadbeef" %% AAD 719 "abaddad2"), 720 hexstr2bin("5a8def2f0c9e53f1f75d7853659e2a20" %% CipherText 721 "eeb2b22aafde6419a058ab4f6f746bf4" 722 "0fc0c3b780f244452da3ebf1c5d82cde" 723 "a2418997200ef82e44ae7e3f"), 724 hexstr2bin("a44a8266ee1c8eb0c8b5d4cf5ae9f19a")} %% CipherTag 725 ]. 726