From 55b6b7226e0d53b657e533ad232aa85705ec6815 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Wed, 31 Oct 2018 22:59:13 +0000 Subject: [PATCH] symm/ccm.h, symm/ccm-def.h: Implement the CCM authenticated encryption mode. This is pretty grim, really. --- symm/Makefile.am | 4 +- symm/ccm-def.h | 902 ++++++++++++++++++++++++++++++++++++++++++++++++++ symm/ccm.c | 201 +++++++++++ symm/ccm.h | 327 ++++++++++++++++++ symm/t/blowfish | 123 +++++++ symm/t/cast128 | 123 +++++++ symm/t/cast256.local | 123 +++++++ symm/t/des | 63 ++++ symm/t/des3 | 123 +++++++ symm/t/desx | 123 +++++++ symm/t/idea | 33 ++ symm/t/mars.local | 123 +++++++ symm/t/noekeon | 33 ++ symm/t/rc2 | 123 +++++++ symm/t/rc5 | 123 +++++++ symm/t/rijndael.local | 371 +++++++++++++++++++++ symm/t/rijndael192 | 123 +++++++ symm/t/rijndael256 | 123 +++++++ symm/t/safer | 63 ++++ symm/t/safersk | 63 ++++ symm/t/serpent.local | 123 +++++++ symm/t/skipjack | 33 ++ symm/t/square | 93 ++++++ symm/t/tea | 123 +++++++ symm/t/twofish.local | 123 +++++++ symm/t/xtea | 123 +++++++ utils/advmodes | 102 ++++++ 27 files changed, 4008 insertions(+), 2 deletions(-) create mode 100644 symm/ccm-def.h create mode 100644 symm/ccm.c create mode 100644 symm/ccm.h diff --git a/symm/Makefile.am b/symm/Makefile.am index 71457bd3..1aa18c0a 100644 --- a/symm/Makefile.am +++ b/symm/Makefile.am @@ -320,8 +320,8 @@ BLKCCIPHERMODES += counter BLKCMACMODES += cmac ## Various AEAD modes. -BLKCAEADMODES += eax gcm -libsymm_la_SOURCES += gcm.c +BLKCAEADMODES += ccm eax gcm +libsymm_la_SOURCES += ccm.c gcm.c ###-------------------------------------------------------------------------- ### Hash functions. diff --git a/symm/ccm-def.h b/symm/ccm-def.h new file mode 100644 index 00000000..2d864fa6 --- /dev/null +++ b/symm/ccm-def.h @@ -0,0 +1,902 @@ +/* -*-c-*- + * + * The CCM authenticated-encryption mode + * + * (c) 2017 Straylight/Edgeware + */ + +/*----- Licensing notice --------------------------------------------------* + * + * This file is part of Catacomb. + * + * Catacomb is free software; you can redistribute it and/or modify + * it under the terms of the GNU Library General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * Catacomb is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with Catacomb; if not, write to the Free + * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +#ifndef CATACOMB_CCM_DEF_H +#define CATACOMB_CCM_DEF_H + +#ifdef __cplusplus + extern "C" { +#endif + +/*----- Header files ------------------------------------------------------*/ + +#include + +#include +#include + +#ifndef CATACOMB_ARENA_H +# include "arena.h" +#endif + +#ifndef CATACOMB_BLKC_H +# include "blkc.h" +#endif + +#ifndef CATACOMB_CT_H +# include "ct.h" +#endif + +#ifndef CATACOMB_KEYSZ_H +# include "keysz.h" +#endif + +#ifndef CATACOMB_PARANOIA_H +# include "paranoia.h" +#endif + +#ifndef CATACOMB_RSVR_H +# include "rsvr.h" +#endif + +/*----- Common machinery --------------------------------------------------*/ + +/* --- @ccm_check@ --- * + * + * Arguments: @const ccm_params *p@ = pointer to parameters + * + * Returns: True (nonzero) if the parameters are OK; false (zero) if + * there's a problem. + * + * Use: Verify that the CCM parameters are acceptable. + */ + +extern int ccm_check(const ccm_params */*p*/); + +/* --- @ccm_fmthdr@ --- * + * + * Arguments: @const ccm_params *p@ = pointer to parameters + * @octet *b@ = block-size buffer to write header + * @const void *n@ = pointer to nonce + * + * Returns: --- + * + * Use: Format a MAC header block. + */ + +extern void ccm_fmthdr(const ccm_params */*p*/, + octet */*b*/, const void */*n*/); + +/* --- @ccm_fmtctr@ --- * + * + * Arguments: @const ccm_params *p@ = pointer to parameters + * @octet *b@ = block-size buffer to write header + * @const void *n@ = pointer to nonce + * + * Returns: --- + * + * Use: Format an initial counter block. + */ + +extern void ccm_fmtctr(const ccm_params */*p*/, + octet */*b*/, const void */*n*/); + +/*----- Macros ------------------------------------------------------------*/ + +/* --- @CCM_DEF@ --- * + * + * Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher + * + * Use: Creates an implementation for the CCM authenticated- + * encryption mode. + */ + +#define CCM_DEF(PRE, pre) CCM_DEFX(PRE, pre, #pre, #pre) + +#define CCM_DEFX(PRE, pre, name, fname) \ + \ +const octet pre##_ccmnoncesz[] = \ + { KSZ_RANGE, PRE##_BLKSZ/2 - (PRE##_BLKSZ <= 16 ? 1 : 2), \ + CCM_NSZMIN(PRE), CCM_NSZMAX(PRE), 1 }; \ +const octet pre##_ccmtagsz[] = \ + { KSZ_RANGE, CCM_TSZMAX(PRE), \ + CCM_TSZMIN(PRE), CCM_TSZMAX(PRE), PRE##_BLKSZ == 16 ? 2 : 1 }; \ + \ +static const rsvr_policy pre##_ccmpolicy = \ + { RSVRF_FULL, PRE##_BLKSZ, PRE##_BLKSZ }; \ + \ +/* --- @pre_ccminthash@ --- * \ + * \ + * Arguments: @pre_ccmctx *ctx@ = pointer to context block \ + * @const void *p@ = pointer to material to hash \ + * @size_t sz@ = size of the input buffer \ + * \ + * Returns: --- \ + * \ + * Use: Internal operation for feeding stuff into the CBC-MAC \ + * context. \ + */ \ + \ +static void pre##_ccminthash(pre##_ccmctx *ctx, \ + const void *p, size_t sz) \ +{ \ + rsvr_state st; \ + const octet *q; \ + \ + rsvr_setup(&st, &pre##_ccmpolicy, ctx->b, &ctx->off, p, sz); \ + RSVR_DO(&st) while ((q = RSVR_NEXT(&st, PRE##_BLKSZ)) != 0) { \ + BLKC_XLOAD(PRE, ctx->a, q); \ + pre##_eblk(&ctx->k, ctx->a, ctx->a); \ + } \ +} \ + \ +/* --- @pre_ccminit@ --- * \ + * \ + * Arguments: @pre_ccmctx *aad@ = pointer to CCM context \ + * @const pre_ctx *k@ = pointer to key material \ + * @const void *n@ = pointer to nonce \ + * @size_t nsz@ = size of the nonce \ + * @size_t hsz@ = size of the AAD \ + * @size_t msz@ = size of the message/ciphertext \ + * @size_t tsz@ = size of the tag to produce \ + * \ + * Returns: Zero on success; nonzero if the parameters are invalid. \ + * \ + * Use: Initialize an CCM operation context with a given key. \ + * \ + * The original key needn't be kept around any more. \ + */ \ + \ +int pre##_ccminit(pre##_ccmctx *ctx, const pre##_ctx *k, \ + const void *n, size_t nsz, \ + size_t hsz, size_t msz, size_t tsz) \ + { ctx->k = *k; return (pre##_ccmreinit(ctx, n, nsz, hsz, msz, tsz)); } \ + \ +/* --- @pre_ccmreinit@ --- * \ + * \ + * Arguments: @pre_ccmctx *ctx@ = pointer to CCM context \ + * @const void *n@ = pointer to nonce \ + * @size_t nsz@ = size of nonce \ + * @size_t hsz@ = size of the AAD \ + * @size_t msz@ = size of the message/ciphertext \ + * @size_t tsz@ = size of the tag to produce \ + * \ + * Returns: Zero on success; nonzero if the parameters are invalid. \ + * \ + * Use: Reinitialize an CCM operation context, changing the \ + * nonce. \ + */ \ + \ +int pre##_ccmreinit(pre##_ccmctx *ctx, const void *n, size_t nsz, \ + size_t hsz, size_t msz, size_t tsz) \ +{ \ + kludge64 t; \ + octet b[12]; \ + size_t sz; \ + \ + /* Set up the parameters and check that they make sense. */ \ + ctx->p.hsz = hsz; ctx->p.msz = msz; \ + ctx->p.bsz = PRE##_BLKSZ; ctx->p.nsz = nsz; ctx->p.tsz = tsz; \ + if (!ccm_check(&ctx->p)) return (-1); \ + \ + /* Prepare the counter and the final MAC mask. The initial counter \ + * is used to make the MAC mask, so generate that, keeping it for \ + * later. \ + */ \ + ccm_fmtctr(&ctx->p, ctx->b, n); \ + BLKC_LOAD(PRE, ctx->c, ctx->b); \ + pre##_eblk(&ctx->k, ctx->c, ctx->s0); \ + \ + /* Prepare the MAC header and leave it in the buffer. */ \ + ccm_fmthdr(&ctx->p, ctx->b, n); \ + BLKC_ZERO(PRE, ctx->a); \ + \ + /* Initialize our state. The buffer is currently full (with the \ + * MAC header), and we're always awaiting AAD, though we've not yet \ + * seen any. (Even if we're not expecting AAD, this will trigger \ + * appropriate initialization when encryption or decryption begins.) \ + */ \ + ctx->off = PRE##_BLKSZ; ctx->i = 0; \ + ctx->st = CCMST_AAD; \ + \ + /* If there's AAD to come, then do the AAD framing. This aligns \ + * badly with the blocking, so feed the framing in the hard way. \ + */ \ + if (hsz) { \ + if (hsz < 0xfffe) \ + { STORE16(b, hsz); sz = 2; } \ + else if (hsz <= MASK32) \ + { b[0] = 0xff; b[1] = 0xfe; STORE32(b + 2, hsz); sz = 6; } \ + else { \ + b[0] = b[1] = 0xff; \ + ASSIGN64(t, hsz); STORE64_(b + 2, t); \ + sz = 10; \ + } \ + pre##_ccminthash(ctx, b, sz); \ + } \ + \ + /* All done. */ \ + return (0); \ +} \ + \ +/* --- @pre_ccmaadhash@ --- * \ + * \ + * Arguments: @pre_ccmctx *ctx@ = pointer to AAD context \ + * @const void *p@ = pointer to AAD material \ + * @size_t sz@ = length of AAD material \ + * \ + * Returns: --- \ + * \ + * Use: Feeds AAD into the context. This must be done before \ + * any of the message/ciphertext is processed because CCM \ + * is really annoying like that. \ + */ \ + \ +void pre##_ccmaadhash(pre##_ccmctx *ctx, const void *p, size_t sz) \ +{ \ + assert(ctx->st == CCMST_AAD); \ + assert(sz <= ctx->p.hsz - ctx->i); \ + ctx->i += sz; \ + pre##_ccminthash(ctx, p, sz); \ +} \ + \ +/* --- @pre_ccmencdecsetup@ --- * \ + * \ + * Arguments: @pre_ccmctx *ctx@ = pointer to context block \ + * @size_t sz@ = size of message block \ + * \ + * Returns: --- \ + * \ + * Use: Prepares for an encrypt or decryption operation, \ + * transitioning from the AAD state and updating the \ + * message size. \ + */ \ + \ +static void pre##_ccmencdecsetup(pre##_ccmctx *ctx, size_t sz) \ +{ \ + if (ctx->st != CCMST_MSG) { \ + /* Make sure we're currently in the AAD state and we've seen all of \ + * the AAD we expected. \ + */ \ + assert(ctx->st == CCMST_AAD); \ + assert(ctx->i == ctx->p.hsz); \ + \ + /* Pad the final AAD block out until we hit a block boundary. Note \ + * that we don't cycle the block cipher here: instead, leave the \ + * buffer full so that we do that next time. \ + */ \ + memset(ctx->b + ctx->off, 0, PRE##_BLKSZ - ctx->off); \ + ctx->off = PRE##_BLKSZ; \ + \ + /* Now we're ready to process the message text. */ \ + ctx->st = CCMST_MSG; ctx->i = 0; \ + } \ + \ + /* Update the size. */ \ + assert(sz <= ctx->p.msz - ctx->i); \ + ctx->i += sz; \ +} \ + \ +/* --- @pre_ccmencrypt@ --- * \ + * \ + * Arguments: @pre_ccmctx *ctx@ = pointer to CCM operation context \ + * @const void *src@ = pointer to plaintext message chunk \ + * @size_t sz@ = size of the plaintext \ + * @buf *dst@ = a buffer to write the ciphertext to \ + * \ + * Returns: Zero on success; @-1@ on failure. \ + * \ + * Use: Encrypts a chunk of a plaintext message, writing a \ + * chunk of ciphertext to the output buffer and updating \ + * the operation state. \ + * \ + * For CCM, we always write a ciphertext chunk the same \ + * size as the plaintext. The messing about with @buf@ \ + * objects makes the interface consistent with other AEAD \ + * schemes which can't do this. \ + */ \ + \ +int pre##_ccmencrypt(pre##_ccmctx *ctx, \ + const void *src, size_t sz, buf *dst) \ +{ \ + rsvr_plan plan; \ + uint32 t[PRE##_BLKSZ/4], u[PRE##_BLKSZ]; \ + const octet *p = src; \ + octet *q, *r, y; \ + \ + /* Allocate space for the ciphertext. */ \ + if (sz) { q = buf_get(dst, sz); if (!q) return (-1); } \ + else q = 0; \ + \ + /* Set stuff up. */ \ + pre##_ccmencdecsetup(ctx, sz); \ + \ + /* Determine the buffering plan. Our buffer is going to do double- \ + * duty here. The end portion is going to contain mask from the \ + * encrypted counter which we mix into the plaintext to encrypt it; \ + * the start portion, which originally mask bytes we've already used, \ + * will hold the input plaintext, which will eventually be \ + * collected into the CBC-MAC state. \ + */ \ + rsvr_mkplan(&plan, &pre##_ccmpolicy, ctx->off, sz); \ + \ + /* Initial portion, fulfilled from the buffer. If the buffer is \ + * empty, then that means that we haven't yet encrypted the current \ + * counter, so we should do that and advance it. \ + */ \ + if (plan.head) { \ + if (!ctx->off) { \ + BLKC_BSTEP(PRE, ctx->c); pre##_eblk(&ctx->k, ctx->c, t); \ + BLKC_STORE(PRE, ctx->b, t); \ + } \ + r = ctx->b + ctx->off; ctx->off += plan.head; \ + while (plan.head--) { y = *p++; *q++ = y ^ *r; *r++ = y; } \ + } \ + \ + /* If we've filled up the buffer then we need to cycle the MAC and \ + * reset the offset. \ + */ \ + if (plan.from_rsvr) { \ + BLKC_XLOAD(PRE, ctx->a, ctx->b); \ + pre##_eblk(&ctx->k, ctx->a, ctx->a); \ + ctx->off = 0; \ + } \ + \ + /* Now to process the main body of the input. */ \ + while (plan.from_input) { \ + BLKC_BSTEP(PRE, ctx->c); pre##_eblk(&ctx->k, ctx->c, t); \ + BLKC_LOAD(PRE, u, p); p += PRE##_BLKSZ; \ + BLKC_XSTORE(PRE, q, t, u); q += PRE##_BLKSZ; \ + BLKC_XMOVE(PRE, ctx->a, u); pre##_eblk(&ctx->k, ctx->a, ctx->a); \ + plan.from_input -= PRE##_BLKSZ; \ + } \ + \ + /* Finally, deal with any final portion. If there is one, we know \ + * that the buffer is empty: we must have filled it above, or this \ + * would all count as `initial' data. \ + */ \ + if (plan.tail) { \ + BLKC_BSTEP(PRE, ctx->c); pre##_eblk(&ctx->k, ctx->c, t); \ + BLKC_STORE(PRE, ctx->b, t); \ + r = ctx->b; ctx->off = plan.tail; \ + while (plan.tail--) { y = *p++; *q++ = y ^ *r; *r++ = y; } \ + } \ + \ + /* Done. */ \ + return (0); \ +} \ + \ +/* --- @pre_ccmdecrypt@ --- * \ + * \ + * Arguments: @pre_ccmctx *ctx@ = pointer to CCM operation context \ + * @const void *src@ = pointer to ciphertext message chunk \ + * @size_t sz@ = size of the ciphertext \ + * @buf *dst@ = a buffer to write the plaintext to \ + * \ + * Returns: Zero on success; @-1@ on failure. \ + * \ + * Use: Decrypts a chunk of a ciphertext message, writing a \ + * chunk of plaintext to the output buffer and updating \ + * the operation state. \ + * \ + * For CCM, we always write a plaintext chunk the same \ + * size as the ciphertext. The messing about with @buf@ \ + * objects makes the interface consistent with other AEAD \ + * schemes which can't do this. \ + */ \ + \ +int pre##_ccmdecrypt(pre##_ccmctx *ctx, \ + const void *src, size_t sz, buf *dst) \ +{ \ + rsvr_plan plan; \ + uint32 t[PRE##_BLKSZ/4]; \ + const octet *p = src; \ + octet *q, *r, y; \ + \ + /* Allocate space for the plaintext. */ \ + if (sz) { q = buf_get(dst, sz); if (!q) return (-1); } \ + else q = 0; \ + \ + /* Set stuff up. */ \ + pre##_ccmencdecsetup(ctx, sz); \ + \ + /* Determine the buffering plan. Our buffer is going to do double- \ + * duty here. The end portion is going to contain mask from the \ + * encrypted counter which we mix into the plaintext to encrypt it; \ + * the start portion, which originally mask bytes we've already used, \ + * will hold the recovered plaintext, which will eventually be \ + * collected into the CBC-MAC state. \ + */ \ + rsvr_mkplan(&plan, &pre##_ccmpolicy, ctx->off, sz); \ + \ + /* Initial portion, fulfilled from the buffer. If the buffer is \ + * empty, then that means that we haven't yet encrypted the current \ + * counter, so we should do that and advance it. \ + */ \ + if (plan.head) { \ + if (!ctx->off) { \ + BLKC_BSTEP(PRE, ctx->c); pre##_eblk(&ctx->k, ctx->c, t); \ + BLKC_STORE(PRE, ctx->b, t); \ + } \ + r = ctx->b + ctx->off; ctx->off += plan.head; \ + while (plan.head--) { y = *p++ ^ *r; *q++ = *r++ = y; } \ + } \ + \ + /* If we've filled up the buffer then we need to cycle the MAC and \ + * reset the offset. \ + */ \ + if (plan.from_rsvr) { \ + BLKC_XLOAD(PRE, ctx->a, ctx->b); \ + pre##_eblk(&ctx->k, ctx->a, ctx->a); \ + ctx->off = 0; \ + } \ + \ + /* Now to process the main body of the input. */ \ + while (plan.from_input) { \ + BLKC_BSTEP(PRE, ctx->c); pre##_eblk(&ctx->k, ctx->c, t); \ + BLKC_XLOAD(PRE, t, p); p += PRE##_BLKSZ; \ + BLKC_STORE(PRE, q, t); q += PRE##_BLKSZ; \ + BLKC_XMOVE(PRE, ctx->a, t); pre##_eblk(&ctx->k, ctx->a, ctx->a); \ + plan.from_input -= PRE##_BLKSZ; \ + } \ + \ + /* Finally, deal with any final portion. If there is one, we know \ + * that the buffer is empty: we must have filled it above, or this \ + * would all count as `initial' data. \ + */ \ + if (plan.tail) { \ + BLKC_BSTEP(PRE, ctx->c); pre##_eblk(&ctx->k, ctx->c, t); \ + BLKC_STORE(PRE, ctx->b, t); \ + r = ctx->b; ctx->off = plan.tail; \ + while (plan.tail--) { y = *p++ ^ *r; *q++ = *r++ = y; } \ + } \ + \ + /* Done. */ \ + return (0); \ +} \ + \ +/* --- @pre_ccmtag@ --- * \ + * \ + * Arguments: @pre_ccmctx *ctx@ = pointer to an CCM context \ + * @octet *t@ = where to write a (full-length) tag \ + * @size_t tsz@ = size of the tag (to check) \ + * \ + * Returns: --- \ + * \ + * Use: Finishes an CCM operation, by calculating the tag. \ + */ \ + \ +static void pre##_ccmtag(pre##_ccmctx *ctx, octet *t, size_t tsz) \ +{ \ + /* Make sure we're in good shape. It's just about possible that \ + * we're still in the AAD state, but there was no actual message, so \ + * handle this situation. \ + */ \ + switch (ctx->st) { \ + case CCMST_AAD: \ + assert(ctx->i == ctx->p.hsz); \ + assert(!ctx->p.msz); \ + break; \ + case CCMST_MSG: \ + /* hsz already checked in `pre_ccmencdecsetup'. */ \ + assert(ctx->i == ctx->p.msz); \ + break; \ + default: abort(); \ + } \ + assert(tsz == ctx->p.tsz); \ + \ + /* Pad the final plaintext block out and cycle the block cipher one \ + * last time. \ + */ \ + memset(ctx->b + ctx->off, 0, PRE##_BLKSZ - ctx->off); \ + BLKC_XLOAD(PRE, ctx->a, ctx->b); \ + pre##_eblk(&ctx->k, ctx->a, ctx->a); \ + \ + /* Mask the CBC-MAC tag (which prevents the standard extension \ + * attack) and store the result. \ + */ \ + BLKC_XSTORE(PRE, t, ctx->a, ctx->s0); \ +} \ + \ +/* --- @pre_ccmencryptdone@ --- * \ + * \ + * Arguments: @pre_ccmctx *ctx@ = pointer to an CCM context \ + * @buf *dst@ = buffer for remaining ciphertext \ + * @void *tag@ = where to write the tag \ + * @size_t tsz@ = length of tag to store \ + * \ + * Returns: Zero on success; @-1@ on failure. \ + * \ + * Use: Completes an CCM encryption operation. The @aad@ \ + * pointer may be null if there is no additional \ + * authenticated data. CCM doesn't buffer ciphertext, but \ + * the output buffer is provided anyway for consistency \ + * with other AEAD schemes which don't have this property; \ + * the function will fail if the output buffer is broken. \ + */ \ + \ +int pre##_ccmencryptdone(pre##_ccmctx *ctx, buf *dst, \ + void *tag, size_t tsz) \ +{ \ + octet t[PRE##_BLKSZ]; \ + \ + /* Some initial checks. */ \ + if (!BOK(dst)) return (-1); \ + \ + /* Calculate and return the tag. */ \ + pre##_ccmtag(ctx, t, tsz); \ + memcpy(tag, t, tsz); \ + \ + /* Done. */ \ + return (0); \ +} \ + \ +/* --- @pre_ccmdecryptdone@ --- * \ + * \ + * Arguments: @pre_ccmctx *ctx@ = pointer to an CCM context \ + * @buf *dst@ = buffer for remaining plaintext \ + * @const void *tag@ = tag to verify \ + * @size_t tsz@ = length of tag \ + * \ + * Returns: @+1@ for complete success; @0@ if tag verification \ + * failed; @-1@ for other kinds of errors. \ + * \ + * Use: Completes an CCM decryption operation. The @aad@ \ + * pointer may be null if there is no additional \ + * authenticated data. CCM doesn't buffer plaintext, but \ + * the output buffer is provided anyway for consistency \ + * with other AEAD schemes which don't have this property; \ + * the function will fail if the output buffer is broken. \ + */ \ + \ +int pre##_ccmdecryptdone(pre##_ccmctx *ctx, buf *dst, \ + const void *tag, size_t tsz) \ +{ \ + octet t[PRE##_BLKSZ]; \ + \ + /* Some initial checks. */ \ + if (!BOK(dst)) return (-1); \ + \ + /* Calculate and check the tag. */ \ + pre##_ccmtag(ctx, t, tsz); \ + if (!ct_memeq(tag, t, tsz)) return (0); \ + else return (+1); \ +} \ + \ +/* --- Generic AEAD interface --- */ \ + \ +typedef struct gctx { \ + gaead_aad a; \ + pre##_ccmctx ctx; \ +} gctx; \ + \ +static void gahash(gaead_aad *a, const void *h, size_t hsz) \ + { gctx *ctx = (gctx *)a; pre##_ccmaadhash(&ctx->ctx, h, hsz); } \ + \ +static void gadestroy(gaead_aad *a) { ; } \ + \ +static const gaead_aadops gaops = \ + { &pre##_ccm, 0, gahash, gadestroy }; \ + \ +typedef struct gectx { \ + gaead_enc e; \ + gctx g; \ +} gectx; \ + \ +static gaead_aad *geaad(gaead_enc *e) \ + { gectx *enc = (gectx *)e; return (&enc->g.a); } \ + \ +static int gereinit(gaead_enc *e, const void *n, size_t nsz, \ + size_t hsz, size_t msz, size_t tsz) \ +{ \ + gectx *enc = (gectx *)e; \ + return (pre##_ccmreinit(&enc->g.ctx, n, nsz, hsz, msz, tsz)); \ +} \ + \ +static int geenc(gaead_enc *e, const void *m, size_t msz, buf *b) \ +{ \ + gectx *enc = (gectx *)e; \ + return (pre##_ccmencrypt(&enc->g.ctx, m, msz, b)); \ +} \ + \ +static int gedone(gaead_enc *e, const gaead_aad *a, \ + buf *b, void *t, size_t tsz) \ +{ \ + gectx *enc = (gectx *)e; \ + assert((!a && !enc->g.ctx.p.hsz) || a == &enc->g.a); \ + return (pre##_ccmencryptdone(&enc->g.ctx, b, t, tsz)); \ +} \ + \ +static void gedestroy(gaead_enc *e) \ + { gectx *enc = (gectx *)e; BURN(*enc); S_DESTROY(enc); } \ + \ +static const gaead_encops geops = \ + { &pre##_ccm, geaad, gereinit, geenc, gedone, gedestroy }; \ + \ +typedef struct gdctx { \ + gaead_dec d; \ + gctx g; \ +} gdctx; \ + \ +static gaead_aad *gdaad(gaead_dec *d) \ + { gdctx *dec = (gdctx *)d; return (&dec->g.a); } \ + \ +static int gdreinit(gaead_dec *d, const void *n, size_t nsz, \ + size_t hsz, size_t csz, size_t tsz) \ +{ \ + gdctx *dec = (gdctx *)d; \ + return (pre##_ccmreinit(&dec->g.ctx, n, nsz, hsz, csz, tsz)); \ +} \ + \ +static int gddec(gaead_dec *d, const void *c, size_t csz, buf *b) \ +{ \ + gdctx *dec = (gdctx *)d; \ + return (pre##_ccmdecrypt(&dec->g.ctx, c, csz, b)); \ +} \ + \ +static int gddone(gaead_dec *d, const gaead_aad *a, \ + buf *b, const void *t, size_t tsz) \ +{ \ + gdctx *dec = (gdctx *)d; \ + assert((!a && !dec->g.ctx.p.hsz) || a == &dec->g.a); \ + return (pre##_ccmdecryptdone(&dec->g.ctx, b, t, tsz)); \ +} \ + \ +static void gddestroy(gaead_dec *d) \ + { gdctx *dec = (gdctx *)d; BURN(*dec); S_DESTROY(dec); } \ + \ +static const gaead_decops gdops = \ + { &pre##_ccm, gdaad, gdreinit, gddec, gddone, gddestroy }; \ + \ +typedef struct gkctx { \ + gaead_key k; \ + pre##_ctx key; \ +} gkctx; \ + \ +static gaead_enc *gkenc(const gaead_key *k, const void *n, size_t nsz, \ + size_t hsz, size_t msz, size_t tsz) \ +{ \ + gkctx *key = (gkctx *)k; \ + gectx *enc = S_CREATE(gectx); \ + \ + enc->e.ops = &geops; enc->g.a.ops = &gaops; \ + if (pre##_ccminit(&enc->g.ctx, &key->key, n, nsz, hsz, msz, tsz)) \ + { gedestroy(&enc->e); return (0); } \ + return (&enc->e); \ +} \ + \ +static gaead_dec *gkdec(const gaead_key *k, const void *n, size_t nsz, \ + size_t hsz, size_t csz, size_t tsz) \ +{ \ + gkctx *key = (gkctx *)k; \ + gdctx *dec = S_CREATE(gdctx); \ + \ + dec->d.ops = &gdops; dec->g.a.ops = &gaops; \ + if (pre##_ccminit(&dec->g.ctx, &key->key, n, nsz, hsz, csz, tsz)) \ + { gddestroy(&dec->d); return (0); } \ + return (&dec->d); \ +} \ + \ +static void gkdestroy(gaead_key *k) \ + { gkctx *key = (gkctx *)k; BURN(*key); S_DESTROY(key); } \ + \ +static const gaead_keyops gkops = \ + { &pre##_ccm, 0, gkenc, gkdec, gkdestroy }; \ + \ +static gaead_key *gckey(const void *k, size_t ksz) \ +{ \ + gkctx *key = S_CREATE(gkctx); \ + key->k.ops = &gkops; \ + pre##_init(&key->key, k, ksz); \ + return (&key->k); \ +} \ + \ +const gcaead pre##_ccm = { \ + name "-ccm", \ + pre##_keysz, pre##_ccmnoncesz, pre##_ccmtagsz, \ + PRE##_BLKSZ, 0, 0, \ + AEADF_PCHSZ | AEADF_PCMSZ | AEADF_PCTSZ | \ + AEADF_AADNDEP | AEADF_AADFIRST, \ + gckey \ +}; \ + \ +CCM_TESTX(PRE, pre, name, fname) + +/*----- Test rig ----------------------------------------------------------*/ + +#define CCM_TEST(PRE, pre) CCM_TESTX(PRE, pre, #pre, #pre) + +/* --- @CCM_TEST@ --- * + * + * Arguments: @PRE, pre@ = prefixes for the underlying block cipher + * + * Use: Standard test rig for CCM functions. + */ + +#ifdef TEST_RIG + +#include + +#include +#include +#include + +#define CCM_TESTX(PRE, pre, name, fname) \ + \ +static int ccmverify(dstr *v) \ +{ \ + pre##_ctx key; \ + pre##_ccmctx ctx; \ + int ok = 1, win; \ + int i; \ + octet *p; \ + int szs[] = { 1, 7, 192, -1, 0 }, *ip; \ + size_t hsz, msz; \ + dstr d = DSTR_INIT, t = DSTR_INIT; \ + buf b; \ + \ + dstr_ensure(&d, v[4].len > v[3].len ? v[4].len : v[3].len); \ + dstr_ensure(&t, v[5].len); t.len = v[5].len; \ + \ + pre##_init(&key, v[0].buf, v[0].len); \ + \ + for (ip = szs; *ip; ip++) { \ + \ + pre##_ccminit(&ctx, &key, (octet *)v[1].buf, v[1].len, \ + v[2].len, v[3].len, v[5].len); \ + \ + i = *ip; \ + hsz = v[2].len; \ + if (i == -1) i = hsz; \ + if (i > hsz) continue; \ + p = (octet *)v[2].buf; \ + while (hsz) { \ + if (i > hsz) i = hsz; \ + pre##_ccmaadhash(&ctx, p, i); \ + p += i; hsz -= i; \ + } \ + \ + buf_init(&b, d.buf, d.sz); \ + i = *ip; \ + msz = v[3].len; \ + if (i == -1) i = msz; \ + if (i > msz) continue; \ + p = (octet *)v[3].buf; \ + while (msz) { \ + if (i > msz) i = msz; \ + if (pre##_ccmencrypt(&ctx, p, i, &b)) { \ + puts("!! ccmencrypt reports failure"); \ + goto fail_enc; \ + } \ + p += i; msz -= i; \ + } \ + \ + if (pre##_ccmencryptdone(&ctx, &b, (octet *)t.buf, t.len)) { \ + puts("!! ccmencryptdone reports failure"); \ + goto fail_enc; \ + } \ + d.len = BLEN(&b); \ + \ + if (d.len != v[4].len || \ + memcmp(d.buf, v[4].buf, v[4].len) != 0 || \ + memcmp(t.buf, v[5].buf, v[5].len) != 0) { \ + fail_enc: \ + printf("\nfail encrypt:\n\tstep = %i", *ip); \ + fputs("\n\tkey = ", stdout); type_hex.dump(&v[0], stdout); \ + fputs("\n\tnonce = ", stdout); type_hex.dump(&v[1], stdout); \ + fputs("\n\theader = ", stdout); type_hex.dump(&v[2], stdout); \ + fputs("\n\tmessage = ", stdout); type_hex.dump(&v[3], stdout); \ + fputs("\n\texp ct = ", stdout); type_hex.dump(&v[4], stdout); \ + fputs("\n\tcalc ct = ", stdout); type_hex.dump(&d, stdout); \ + fputs("\n\texp tag = ", stdout); type_hex.dump(&v[5], stdout); \ + fputs("\n\tcalc tag = ", stdout); type_hex.dump(&t, stdout); \ + putchar('\n'); \ + ok = 0; \ + } \ + \ + pre##_ccminit(&ctx, &key, (octet *)v[1].buf, v[1].len, \ + v[2].len, v[4].len, v[5].len); \ + \ + i = *ip; \ + hsz = v[2].len; \ + if (i == -1) i = hsz; \ + if (i > hsz) continue; \ + p = (octet *)v[2].buf; \ + while (hsz) { \ + if (i > hsz) i = hsz; \ + pre##_ccmaadhash(&ctx, p, i); \ + p += i; hsz -= i; \ + } \ + \ + buf_init(&b, d.buf, d.sz); \ + i = *ip; \ + msz = v[4].len; \ + if (i == -1) i = msz; \ + if (i > msz) continue; \ + p = (octet *)v[4].buf; \ + while (msz) { \ + if (i > msz) i = msz; \ + if (pre##_ccmdecrypt(&ctx, p, i, &b)) { \ + puts("!! ccmdecrypt reports failure"); \ + win = 0; goto fail_dec; \ + } \ + p += i; msz -= i; \ + } \ + \ + win = pre##_ccmdecryptdone(&ctx, &b, (octet *)v[5].buf, v[5].len); \ + if (win < 0) { \ + puts("!! ccmdecryptdone reports failure"); \ + goto fail_dec; \ + } \ + d.len = BLEN(&b); \ + \ + if (d.len != v[3].len || !win || \ + memcmp(d.buf, v[3].buf, v[3].len) != 0) { \ + fail_dec: \ + printf("\nfail decrypt:\n\tstep = %i", *ip); \ + fputs("\n\tkey = ", stdout); type_hex.dump(&v[0], stdout); \ + fputs("\n\tnonce = ", stdout); type_hex.dump(&v[1], stdout); \ + fputs("\n\theader = ", stdout); type_hex.dump(&v[2], stdout); \ + fputs("\n\tciphertext = ", stdout); type_hex.dump(&v[4], stdout); \ + fputs("\n\texp pt = ", stdout); type_hex.dump(&v[3], stdout); \ + fputs("\n\tcalc pt = ", stdout); type_hex.dump(&d, stdout); \ + fputs("\n\ttag = ", stdout); type_hex.dump(&v[5], stdout); \ + printf("\n\tverify %s", win ? "ok" : "FAILED"); \ + putchar('\n'); \ + ok = 0; \ + } \ + } \ + \ + dstr_destroy(&d); dstr_destroy(&t); \ + return (ok); \ +} \ + \ +static test_chunk aeaddefs[] = { \ + { name "-ccm", ccmverify, \ + { &type_hex, &type_hex, &type_hex, &type_hex, \ + &type_hex, &type_hex, 0 } }, \ + { 0, 0, { 0 } } \ +}; \ + \ +int main(int argc, char *argv[]) \ +{ \ + ego(argv[0]); \ + test_run(argc, argv, aeaddefs, SRCDIR"/t/" fname); \ + return (0); \ +} + +#else +# define CCM_TESTX(PRE, pre, name, fname) +#endif + +/*----- That's all, folks -------------------------------------------------*/ + +#ifdef __cplusplus + } +#endif + +#endif diff --git a/symm/ccm.c b/symm/ccm.c new file mode 100644 index 00000000..d65e0490 --- /dev/null +++ b/symm/ccm.c @@ -0,0 +1,201 @@ +/* -*-c-*- + * + * CCM common code + * + * (c) 2018 Straylight/Edgeware + */ + +/*----- Licensing notice --------------------------------------------------* + * + * This file is part of Catacomb. + * + * Catacomb is free software: you can redistribute it and/or modify it + * under the terms of the GNU Library General Public License as published + * by the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * Catacomb is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with Catacomb. If not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + * USA. + */ + +/*----- Header files ------------------------------------------------------*/ + +#include "ccm.h" +#include "ccm-def.h" + +/*----- MAC header and counter formatting ---------------------------------* + * + * CCM's most endearing feature is its complex formatting of the MAC + * initialization vector and counter blocks. This is only specified for + * 128-bit blocks, so I've made up formats for 64-, 192-, and 256-bit blocks. + * For completeness and ease of comparison, all of the encodings are defined + * here. Encoding of the rest of the MAC input data is common. + * + * The notation is taken from the definition of CCM in NIST SP800-38C. + * + * * [x]_w = encoding of x, as w bits + * * P = plaintext/ciphertext + * * p = length of P in octets + * * Q = [p]_{8q} = encoding of p + * * q = length of Q in octets + * * N = nonce + * * H = B_0 = MAC header block + * * C_i = the i-th counter block + * * t = length of tag in octets + * + * 128-bit blocks (SP800-38C, appendix A): + * + * Let F be an octet: + * + * Bits 7 6 6:3 3:0 + * Meaning 0 AAD? [t/2 - 1]_3 [q - 1]_3 + * + * Then H = F || N || Q and C_i = 0^5 || [q - 1]_3 || N || [i]_{8q}. + * + * 64-bit blocks (new): + * + * Let F be an octet: + * + * Bits 7 6 6:3 3:0 + * Meaning 0 AAD? [t - 1]_3 [q - 1]_3 + * + * Then H = F || N || Q and C_i = 0^5 || [q - 1]_3 || N || [i]_{8q}. + * + * (i.e., almost exactly the same, except that the tag no longer needs to be + * an even number of octets). + * + * n-bit blocks, for n > 128 + * + * Let F be a 16-bit flags word: + * + * Bits 15 15:8 7 7:0 + * Meaning 0 [t]_7 AAD? [q]_7 + * + * Then H = F || N || Q and C_i = 0^9 || [q - 1]_7 || N || [i]_{8q}. + */ + +/* --- @ccm_paramsok@ --- * + * + * Arguments: @const ccm_params *p@ = pointer to parameters + * + * Returns: True (nonzero) if the parameters are OK; false (zero) if + * there's a problem. + * + * Use: Verify that the CCM parameters are acceptable. + */ + +int ccm_check(const ccm_params *p) +{ + unsigned fsz = p->bsz <= 16 ? 1 : 2, q = p->bsz - p->nsz - fsz, i; + size_t msz; + + /* Check that the block size hasn't been bungled. */ + if (p->bsz < 16 && p->bsz != 8) return (0); + + /* The length-of-the-length must be representable, and its encoding must + * not be zero, since this is `reserved'. The small-block encoding stores + * %$q - 1$%, so we must have %$q \ge 2$%; the large-block encoding stores + * %$q$% directly, so only %$q = 0$% is forbidden. + */ + if (p->nsz > p->bsz - fsz - (p->bsz <= 16 ? 2 : 1)) return (0); + if (q > (p->bsz <= 16 ? 8 : 127)) return (0); + + /* Verify that the message length will fit in the space allotted. */ + for (i = 1, msz = p->msz >> 8; msz; i++, msz >>= 8); + if (i > q) return (0); + + /* The tag can't be larger than the block size. Also, it must be + * representable, and its encoding must not be zero, because otherwise it'd + * be possible for a MAC header block to look like a counter block. The + * tag encoding is fiddly: for 64-bit blocks, we store %$t - 1$%, so we + * must have %$t \ge 2$%; for 128-bit blocks, we store %$t/2 - 2$%, so + * we must have %$t \ge 4$% with %$t$% even; otherwise, we store %$t$% + * directly, so the only requirement is that %$t \ge 1$%. + */ + if (p->tsz > p->bsz) return (0); + if (p->tsz < (p->bsz == 8 ? 2 : p->bsz == 16 ? 4 : 1)) return (0); + if (p->bsz == 16 && p->tsz%2 != 0) return (0); + + /* All looks good. */ + return (1); +} + +/* --- @ccm_fmthdr@ --- * + * + * Arguments: @const ccm_params *p@ = pointer to parameters + * @octet *b@ = block-size buffer to write header + * @const void *n@ = pointer to nonce + * + * Returns: --- + * + * Use: Format a MAC header block. + */ + +void ccm_fmthdr(const ccm_params *p, octet *b, const void *n) +{ + size_t fsz = p->bsz <= 16 ? 1 : 2, q = p->bsz - p->nsz - fsz; + unsigned f0 = 0, f1 = 0; + size_t i, t; + + /* Encode whether the AAD is empty. */ + if (!p->hsz) /* do nothing */; + else if (p->bsz <= 16) f0 |= 0x40; + else f1 |= 0x80; + + /* Encode the tag size. */ + switch (p->bsz) { + case 8: f0 |= (p->tsz - 1) << 3; break; + case 16: f0 |= (p->tsz - 2) << 2; break; + default: f0 |= p->tsz; break; + } + + /* Encode the length-of-the-length. (This is the most bletcherous part of + * CCM.) + */ + if (p->bsz <= 16) f0 |= q - 1; + else f1 |= q; + + /* Insert the flags and nonce. */ + b[0] = f0; memcpy(b + fsz, n, p->nsz); + if (p->bsz > 16) b[1] = f1; + + /* Write the message length. */ + for (i = 0, t = p->msz; i < q; i++, t >>= 8) b[p->bsz - i - 1] = U8(t); +} + +/* --- @ccm_fmtctr@ --- * + * + * Arguments: @const ccm_params *p@ = pointer to parameters + * @octet *b@ = block-size buffer to write header + * @const void *n@ = pointer to nonce + * + * Returns: --- + * + * Use: Format an initial counter block. + */ + +void ccm_fmtctr(const ccm_params *p, octet *b, const void *n) +{ + size_t fsz = p->bsz <= 16 ? 1 : 2, q = p->bsz - p->nsz - fsz; + unsigned f0 = 0, f1 = 0; + + /* Encode the message length length. (Did I complain about this?) */ + if (p->bsz <= 16) f0 |= q - 1; + else f1 |= q; + + /* Insert the flags and nonce. */ + b[0] = f0; memcpy(b + fsz, n, p->nsz); + if (p->bsz > 16) b[1] = f1; + + /* Zero out the initial counter. */ + memset(b + fsz + p->nsz, 0, q); +} + +/*----- That's all, folks -------------------------------------------------*/ diff --git a/symm/ccm.h b/symm/ccm.h new file mode 100644 index 00000000..ebbcc422 --- /dev/null +++ b/symm/ccm.h @@ -0,0 +1,327 @@ +/* -*-c-*- + * + * The CCM authenticated-encryption mode + * + * (c) 2017 Straylight/Edgeware + */ + +/*----- Licensing notice --------------------------------------------------* + * + * This file is part of Catacomb. + * + * Catacomb is free software; you can redistribute it and/or modify + * it under the terms of the GNU Library General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * Catacomb is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with Catacomb; if not, write to the Free + * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +/*----- Notes on CCM ------------------------------------------------------* + * + * The name is short for `Counter with CBC-MAC'. CCM was designed in 2002 by + * Russ Housley, Doug Whiting, and Niels Ferguson to be a patent-free + * alternative to Rogaway's OCB, and is specified by NIST in SP800-38C. It's + * a classic two-pass authenticated encryption scheme, so it needs two + * blockcipher applications per message block. + * + * Unfortunately, CCM is rather annoying in actual use. The internals + * involve quite a lot of fiddly framing, which I've had to generalize for + * block sizes other than 128 bits, but that's not exposed beyond the API. + * (This does mean that it's rather unlikely that Catacomb's CCM will + * interoperate with anyone else's when using a blockcipher with a block size + * other than 128 bits.) + * + * More problematically: + * + * * The mode requires that callers precommit to the header, message, and + * tag sizes before commencing processing. If you don't know these in + * advance then you can't use CCM. + * + * * The mode requires that callers present all of the header data before + * encrypting the message. + * + * * The header data processing is dependent on the nonce (and the message + * and tag lengths), so it's not possible to preprocess a constant prefix + * of the header. + * + * * There's an uncomfortable tradeoff between nonce length and message + * length because the counter input holds both in separate fields, with a + * variably-positioned split between them. + * + * The implementation is very picky and will abort if you get things wrong. + */ + +#ifndef CATACOMB_CCM_H +#define CATACOMB_CCM_H + +#ifdef __cplusplus + extern "C" { +#endif + +/*----- Header files ------------------------------------------------------*/ + +#include + +#include +#include + +#ifndef CATACOMB_GAEAD_H +# include "gaead.h" +#endif + +/*----- Common machinery -------------------------------------------------*/ + +typedef struct ccm_params { + unsigned long hsz, msz; /* AAD and message lengths */ + unsigned bsz, nsz, tsz; /* Block, nonce and tag length */ +} ccm_params; + +enum { CCMST_AAD, CCMST_MSG }; + +/* Minimum and maximum nonce lengths. + * + * Let the block size be %$N$% bytes, and let %$q$% be the length-of-the- + * length of the messaage. The nonce length is not encoded directly; rather, + * it's what's left after the flags bytes and message length fields have been + * allocated. + * + * The maximum is always %$N - 3$%. If %$N \le 16$%, then there is one byte + * used for flags, and at least two bytes for the message length/counter: + * (since %$q$% is encoded in a 3-bit field as %$q - 1$%, %$q = 0$% cannot be + * encoded and the encoding zero, for %$q = 1$%, is reserved. If %$N > 16$ + * then there are two flags bytes, but %$q$% is encoded directly, so only + * %$q = 0$% is reserved. + * + * The minimum is more complicated. If %$N \le 16$% then we must have %$q + * \le 8$%; with one flags byte, this leaves at least %$\max\{ 0, N - 9 \}$% + * bytes for the nonce. When %$N = 8$% this is zero, but when %$N = 16$% + * this is 7. When %$N > 16$%, there are two flags bits, but %$q \le 127$% + * (since %$q$%) is encoded directly: thus the nonce may be empty if + * %$16 < N \le 129$%, and otherwise must be at least %$N - 129$% bytes. + */ +#define CCM_NSZMIN(PRE) (PRE##_BLKSZ == 16 ? 7 : \ + PRE##_BLKSZ <= 129 ? 0 : \ + PRE##_BLKSZ - 129) +#define CCM_NSZMAX(PRE) (PRE##_BLKSZ - 3) + +/* Minimum and maximum tag lengths. + * + * This is even more exasperating. Again, let the block size be %$N$% bytes; + * let %$t$% be the tag length. + * + * When %$N = 16$%, the tag length is encoded as %$t/2 - 1$% in a three-bit + * field, and the encoding zero is reserved. (The security of the scheme + * depends on this reservation to disambiguate MAC header blocks from + * counters; I'd have used the remaining flag bit.) Anyway, this leaves + * %$1 \le t/2 - 1 \le 7$%, so we must have %$4 \le t \le 16$% with %$t$% + * even. + * + * When %$N = 8$%, the tag length is encoded in three bits as %$t - 1$%; + * again, the zero encoding is reserved. This leaves %$2 \le t \le 8$%. + * + * Finally, when %$N \ge 16$%, the tag length is encoded directly in a + * seven-bit field. The zero encoding is still reserved, so we have + * %$1 \le t \le \min \{ N, 127 \}$%. + */ +#define CCM_TSZMIN(PRE) (PRE##_BLKSZ == 8 ? 2 : \ + PRE##_BLKSZ == 16 ? 4 : \ + 1) +#define CCM_TSZMAX(PRE) (PRE##_BLKSZ <= 127 ? PRE##_BLKSZ : 127) + +/*----- Macros ------------------------------------------------------------*/ + +/* --- @CCM_DECL@ --- * + * + * Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher + * + * Use: Creates declarations for CCM authenticated-encryption mode. + */ + +#define CCM_DECL(PRE, pre) \ + \ +typedef struct pre##_ccmctx { \ + /* The buffer is split into two portions during encryption/ \ + * decryption. The first N octets hold a chunk of plaintext, which \ + * will be fed into the CBC-MAC calculation; the remaining BLKSZ - N \ + * octets hold E_K(C), which is the XOR mask to apply to the \ + * plaintext or ciphertext. \ + */ \ + pre##_ctx k; /* Underlying key */ \ + ccm_params p; /* CCM parameters */ \ + unsigned long i; /* Current position in bytes */ \ + unsigned st; /* Current state */ \ + uint32 c[PRE##_BLKSZ/4]; /* Current counter value */ \ + uint32 a[PRE##_BLKSZ/4]; /* CBC-MAC accumulator */ \ + uint32 s0[PRE##_BLKSZ/4]; /* Mask for MAC tag */ \ + octet b[PRE##_BLKSZ]; /* AAD or msg/mask buffer */ \ + unsigned off; /* Crossover point in buffer */ \ +} pre##_ccmctx; \ + \ +extern const octet pre##_ccmnoncesz[], pre##_ccmtagsz[]; \ + \ +/* --- @pre_ccminit@ --- * \ + * \ + * Arguments: @pre_ccmctx *aad@ = pointer to CCM context \ + * @const pre_ctx *k@ = pointer to key material \ + * @const void *n@ = pointer to nonce \ + * @size_t nsz@ = size of the nonce \ + * @size_t hsz@ = size of the AAD \ + * @size_t msz@ = size of the message/ciphertext \ + * @size_t tsz@ = size of the tag to produce \ + * \ + * Returns: Zero on success; nonzero if the parameters are invalid. \ + * \ + * Use: Initialize an CCM operation context with a given key. \ + * \ + * The original key needn't be kept around any more. \ + */ \ + \ +extern int pre##_ccminit(pre##_ccmctx */*ctx*/, \ + const pre##_ctx */*k*/, \ + const void */*n*/, size_t /*nsz*/, \ + size_t /*hsz*/, size_t /*msz*/, \ + size_t /*tsz*/); \ + \ +/* --- @pre_ccmreinit@ --- * \ + * \ + * Arguments: @pre_ccmctx *ctx@ = pointer to CCM context \ + * @const void *n@ = pointer to nonce \ + * @size_t nsz@ = size of nonce \ + * @size_t hsz@ = size of the AAD \ + * @size_t msz@ = size of the message/ciphertext \ + * @size_t tsz@ = size of the tag to produce \ + * \ + * Returns: Zero on success; nonzero if the parameters are invalid. \ + * \ + * Use: Reinitialize an CCM operation context, changing the \ + * nonce and/or other parameters. \ + */ \ + \ +extern int pre##_ccmreinit(pre##_ccmctx */*ctx*/, \ + const void */*n*/, size_t /*nsz*/, \ + size_t /*hsz*/, size_t /*msz*/, \ + size_t /*tsz*/); \ + \ +/* --- @pre_ccmaadhash@ --- * \ + * \ + * Arguments: @pre_ccmctx *ctx@ = pointer to AAD context \ + * @const void *p@ = pointer to AAD material \ + * @size_t sz@ = length of AAD material \ + * \ + * Returns: --- \ + * \ + * Use: Feeds AAD into the context. This must be done before \ + * any of the message/ciphertext is processed because CCM \ + * is really annoying like that. \ + */ \ + \ +extern void pre##_ccmaadhash(pre##_ccmctx */*ctx*/, \ + const void */*p*/, size_t /*sz*/); \ + \ +/* --- @pre_ccmencrypt@ --- * \ + * \ + * Arguments: @pre_ccmctx *ctx@ = pointer to CCM operation context \ + * @const void *src@ = pointer to plaintext message chunk \ + * @size_t sz@ = size of the plaintext \ + * @buf *dst@ = a buffer to write the ciphertext to \ + * \ + * Returns: Zero on success; @-1@ on failure. \ + * \ + * Use: Encrypts a chunk of a plaintext message, writing a \ + * chunk of ciphertext to the output buffer and updating \ + * the operation state. \ + * \ + * For CCM, we always write a ciphertext chunk the same \ + * size as the plaintext. The messing about with @buf@ \ + * objects makes the interface consistent with other AEAD \ + * schemes which can't do this. \ + */ \ + \ +extern int pre##_ccmencrypt(pre##_ccmctx */*ctx*/, \ + const void */*src*/, size_t /*sz*/, \ + buf */*dst*/); \ + \ +/* --- @pre_ccmdecrypt@ --- * \ + * \ + * Arguments: @pre_ccmctx *ctx@ = pointer to CCM operation context \ + * @const void *src@ = pointer to ciphertext message chunk \ + * @size_t sz@ = size of the ciphertext \ + * @buf *dst@ = a buffer to write the plaintext to \ + * \ + * Returns: Zero on success; @-1@ on failure. \ + * \ + * Use: Decrypts a chunk of a ciphertext message, writing a \ + * chunk of plaintext to the output buffer and updating \ + * the operation state. \ + * \ + * For CCM, we always write a plaintext chunk the same \ + * size as the ciphertext. The messing about with @buf@ \ + * objects makes the interface consistent with other AEAD \ + * schemes which can't do this. \ + */ \ + \ +extern int pre##_ccmdecrypt(pre##_ccmctx */*ctx*/, \ + const void */*src*/, size_t /*sz*/, \ + buf */*dst*/); \ + \ +/* --- @pre_ccmencryptdone@ --- * \ + * \ + * Arguments: @pre_ccmctx *ctx@ = pointer to an CCM context \ + * @buf *dst@ = buffer for remaining ciphertext \ + * @void *tag@ = where to write the tag \ + * @size_t tsz@ = length of tag to store \ + * \ + * Returns: Zero on success; @-1@ on failure. \ + * \ + * Use: Completes an CCM encryption operation. The @aad@ \ + * pointer may be null if there is no additional \ + * authenticated data. CCM doesn't buffer ciphertext, but \ + * the output buffer is provided anyway for consistency \ + * with other AEAD schemes which don't have this property; \ + * the function will fail if the output buffer is broken. \ + */ \ + \ +extern int pre##_ccmencryptdone(pre##_ccmctx */*ctx*/, buf */*dst*/, \ + void */*tag*/, size_t /*tsz*/); \ + \ +/* --- @pre_ccmdecryptdone@ --- * \ + * \ + * Arguments: @pre_ccmctx *ctx@ = pointer to an CCM context \ + * @buf *dst@ = buffer for remaining plaintext \ + * @const void *tag@ = tag to verify \ + * @size_t tsz@ = length of tag \ + * \ + * Returns: @+1@ for complete success; @0@ if tag verification \ + * failed; @-1@ for other kinds of errors. \ + * \ + * Use: Completes an CCM decryption operation. The @aad@ \ + * pointer may be null if there is no additional \ + * authenticated data. CCM doesn't buffer plaintext, but \ + * the output buffer is provided anyway for consistency \ + * with other AEAD schemes which don't have this property; \ + * the function will fail if the output buffer is broken. \ + */ \ + \ +extern int pre##_ccmdecryptdone(pre##_ccmctx */*ctx*/, buf */*dst*/, \ + const void */*tag*/, size_t /*tsz*/); \ + \ +/* --- Generic AEAD interface --- */ \ + \ +extern const gcaead pre##_ccm; + +/*----- That's all, folks -------------------------------------------------*/ + +#ifdef __cplusplus + } +#endif + +#endif diff --git a/symm/t/blowfish b/symm/t/blowfish index 4faabb55..dcc38346 100644 --- a/symm/t/blowfish +++ b/symm/t/blowfish @@ -169,6 +169,129 @@ blowfish-cmac { a54fb7e239aeec4c; } +blowfish-ccm { + 60d7bcda163547d348b7551195e77022907dd1dff7dac5c9941d26d0c6eb14ad568f86edd1dc9268eeee533285a6ed810c9b689daaa906 + 0d2d4b + "" + "" + "" + c25c474f; + 6003062365b0a54364c76c160f11896c4794846ecfa14a7130c9f137120634c9519848a877ff77bf79192a5b50ade5d9cd739a3d1f337f + 29549e + 6b + "" + "" + 57a5a9c3; + 0d27a4ba234085406a6136512061f7080cc07df0591d8fa21f2dd88374d8cde8e160ad10997a21635c6d62c9269029df3e6057acc87638 + f50804 + "" + 67 + f4 + 62383997; + 33d9ff61cdbda3b3e9878731ebfedd4705e505da1435dceaa7b1cc49ae1d50c38201a894476b3f102b752eb9529533966f27043eb621b7 + f65b000961 + 040ef2f9b2fc5fa450727a9b542cde52ebfda19d0ccc520f + 215eb57bb3a4f3ebbbb18ac6c95a97a48030370c33d090c5 + 71ecbda26749ad4076aec1c63db0b7dcec21cf7a4861d69c + fb8186360d67254d; + 4215abd6b3ad54efc9a38378c5b93bf4f2aad2605faee2b03fb648e27fff63102758fe2b69ac26afa3349829b94586306fed54154f8f28 + 523c03d4de + 1600157846b710ee72807a2219bfb474fd71d8 + 91f24bb65d1563259f9eb53b571ea629c54d57dd2d42f70800df9fcbac + fa1e4cf72580563be4989ec3530f64fe6b897d54ed59da433615948331 + 93d5c6d564e86652; + a48b77dba189196d1ebba1 + 0b0467 + "" + "" + "" + 63379d2c; + cb9fc2712a199e533fa915 + 6308cd + ec + "" + "" + 0a7f855f; + 3f768281e040a9b9a222bd + 689aef + "" + 66 + 96 + d2ba74d4; + f5306ceb0c6b08ac8b0a22 + 260c571b4a + 42bb8fdb233bfa6a5cfb0bad7d95214ade49cb3b6f5fe836 + 8131115c037ba323fe1dc8151784873f0eb5b647da6794c1 + 458b929afd86f86db6c134400b0d1522882e10660e925b2d + 0c69aa29dde98aa1; + 8b5337685a96ed65b9aca3 + 38527ef19b + 09c063c46f88de9fd41e72d7b97e23e6eabdff + 3bcd211499268878dbf30f1dad89d4b9b12012e4713df46795630e7952 + 5b680782d41f7d46c44d3811c313892f486f1597ed60dc10f15d1c43d5 + 327a56fa715955fc; + d22bb02d71 + 00b8b6 + "" + "" + "" + 6eaeedf7; + 49377d20a8 + f08345 + 5b + "" + "" + eb64c104; + 663e4ee131 + 5f3c8f + "" + 2a + 22 + 87151792; + ebfa921451 + dcd1af5813 + b70d30ce2f1fef6ef315d0798391805da08da3aefc5f8584 + b7c5e617669c0f16e39815d4e9cfce3ed1ecdf3d264a7f16 + 58be2a1ed2225be8ef09f86202a312b01b829eb7e326b926 + 88f7ac759bdd6989; + cb16c2e815 + f422cdf0c8 + e30308be3c31e6bc58c0b7cadcb658b970e474 + 79a684b5aefa69a4cd52147ed12ca986981a874498ad0abef8bc4fcb70 + 49058d3fde34557441cc9b3e231c87043a5741c3eb99cc2bc58b5f4b6f + 87c25970fcee3bba; + e27e98ef1f0446b42fb144d44b6d00f06dc188d472a784 + e0c6f2 + "" + "" + "" + 16bd95ba; + 1195a3b9f4ae985511265febd11c164720eef9eb1c8dd0 + b00951 + f2 + "" + "" + 44763b0a; + 84649016ed00456331854bc78bf43966eb0cfa9138ddc3 + 990844 + "" + 56 + b4 + 8072f963; + 08fe95e81c2533e31c9c1a9851bc2810d858cbbc8424d1 + 26b807e6da + a089c3f9099c5ffb824173d7634c04226f30cbb7f0e4a973 + a8cd190107314717a77456f3ff669c732b58db8f48af65f7 + 86876ace214551f65de8ef07460bc5c70638989bc14365c7 + 1347b1b46e131d8e; + cc9e3fb90e1721b730374ffc9bc597f56ccbb2f294b387 + 66fc69f6a9 + f2c0945ffd505003cc0cae9ce021a5f1fa4ffa + 91544485f1a1258b2b9b8f0911e32d65cc1770a18cbfe6effd1ff67785 + 0f2d12a0832a56f1640d37b17c901d899e2fa4678c867664380cd31062 + 596d1ddc3b997e5a; +} + blowfish-eax { 60d7bcda163547d348b7551195e77022907dd1dff7dac5c9941d26d0c6eb14ad568f86edd1dc9268eeee533285a6ed810c9b689daaa906 "" diff --git a/symm/t/cast128 b/symm/t/cast128 index 17a8e658..aef585a6 100644 --- a/symm/t/cast128 +++ b/symm/t/cast128 @@ -65,6 +65,129 @@ cast128-cmac { 10bd2c18c3337a4f; } +cast128-ccm { + 60d7bcda163547d348b7551195 + e77022 + "" + "" + "" + 4905fdcf; + 907dd1dff7dac5c9941d26d0c6 + eb14ad + 56 + "" + "" + 327786b3; + 8f86edd1dc9268eeee533285a6 + ed810c + "" + 9b + 7d + 9d869519; + 689daaa9060d2d4b6003062365 + b0a54364c7 + 6c160f11896c4794846ecfa14a7130c9f137120634c95198 + 48a877ff77bf79192a5b50ade5d9cd739a3d1f337f29549e + c935111d2f5913c3a992e7b11d538a1f5750237258739dd7 + ccae7a45efc12caf; + 6b0d27a4ba234085406a613651 + 2061f7080c + c07df0591d8fa21f2dd88374d8cde8e160ad10 + 997a21635c6d62c9269029df3e6057acc87638f508046733d9ff61cdbd + 9bd2a0c0f027a5a1b56974b85be03dd3ffe81b5f2a2381170fb7eca747 + 711646ef1dde6cad; + a3b3e9878731eb + fedd47 + "" + "" + "" + af3e6347; + 05e505da1435dc + eaa7b1 + cc + "" + "" + 571ec017; + 49ae1d50c38201 + a89447 + "" + 6b + 1b + 1859fcd4; + 3f102b752eb952 + 9533966f27 + 043eb621b7f65b000961040ef2f9b2fc5fa450727a9b542c + de52ebfda19d0ccc520f215eb57bb3a4f3ebbbb18ac6c95a + 63f409a8d0dba1ec4c090efd260b557d0359482f69d62126 + 7d4b85fb7d13bf0c; + 97a48030370c33 + d090c54215 + abd6b3ad54efc9a38378c5b93bf4f2aad2605f + aee2b03fb648e27fff63102758fe2b69ac26afa3349829b94586306fed + 018425effd80fbb802f204bdefb41d4b2fa140dd2b2149580b72428bab + 53bd8b75c9a3bc09; + 54154f8f28523c03d4de + 160015 + "" + "" + "" + 4397bfc8; + 7846b710ee72807a2219 + bfb474 + fd + "" + "" + a28f8e1e; + 71d891f24bb65d156325 + 9f9eb5 + "" + 3b + cf + 185c4f64; + 571ea629c54d57dd2d42 + f70800df9f + cbaca48b77dba189196d1ebba10b0467cb9fc2712a199e53 + 3fa9156308cdec3f768281e040a9b9a222bd689aef66f530 + 030e417475032f357c1257444a95486a4e0e652beb78ee50 + a36e60d6e4fffa0d; + 6ceb0c6b08ac8b0a2226 + 0c571b4a42 + bb8fdb233bfa6a5cfb0bad7d95214ade49cb3b + 6f5fe8368131115c037ba323fe1dc8151784873f0eb5b647da6794c18b + ae6c8d1d32a0ecff25eb9c81ff41dc0f31a9e9df6d96d7aa499a001ad1 + cad9b682638f7a11; + 5337685a96ed65b9ac + a33852 + "" + "" + "" + cee2fb45; + 7ef19b09c063c46f88 + de9fd4 + 1e + "" + "" + f82a2ce3; + 72d7b97e23e6eabdff + 3bcd21 + "" + 14 + 8e + cf442fcb; + 99268878dbf30f1dad + 89d4b9b120 + 12e4713df46795630e7952d22bb02d7100b8b649377d20a8 + f083455b663e4ee1315f3c8f2aebfa921451dcd1af5813b7 + d3216e8ddc4bae39da814c7541496567ad7669f3ebfafba7 + ffef801deb5ef8fd; + 0d30ce2f1fef6ef315 + d079839180 + 5da08da3aefc5f8584b7c5e617669c0f16e398 + 15d4e9cfce3ed1ecdf3d264a7f16cb16c2e815f422cdf0c8e30308be3c + d9f3345b6b1782cd1db09c53d2076a2b84f4cc16e94c58cb46cbd5d85e + c46139beb639552b; +} + cast128-eax { 60d7bcda163547d348b7551195 "" diff --git a/symm/t/cast256.local b/symm/t/cast256.local index 4d4f6195..2768387b 100644 --- a/symm/t/cast256.local +++ b/symm/t/cast256.local @@ -51,6 +51,129 @@ cast256-cmac { 4e21bb0835d28d84b50e6db35757d672; } +cast256-ccm { + 60d7bcda163547d348b7551195 + e77022907dd1dff7dac5c9 + "" + "" + "" + aa9a4a79; + 941d26d0c6eb14ad568f86edd1 + dc9268eeee533285a6ed81 + 0c + "" + "" + c8a39dd0; + 9b689daaa9060d2d4b60030623 + 65b0a54364c76c160f1189 + "" + 6c + 2d + 73e78af5; + 4794846ecfa14a7130c9f13712 + 0634c9519848a877ff + 77bf79192a5b50ade5d9cd739a3d1f337f29549e6b0d27a4ba234085406a6136512061f7080cc07df0591d8fa21f2dd8 + 8374d8cde8e160ad10997a21635c6d62c9269029df3e6057acc87638f508046733d9ff61cdbda3b3e9878731ebfedd47 + af2bcbe02785e26888000200221db7ec8a96262bd4ac58f98de028ac5f0ab12ff4a6525254d7f78215727c2796d9de34 + d83e04bccd4cc28ee89db0528d559b4c; + 05e505da1435dceaa7b1cc49ae + 1d50c38201a894476b + 3f102b752eb9529533966f27043eb621b7f65b000961040ef2f9b2fc5fa450727a9b542cde52ebfda19d0c + cc520f215eb57bb3a4f3ebbbb18ac6c95a97a48030370c33d090c54215abd6b3ad54efc9a38378c5b93bf4f2aad2605faee2b03fb6 + ae26d7c0fe93d7f36b4fe471099e64f0da7e0436df67adc9fbccbb9d12e26b9f086c3176ed28861c7d9afcfdb181dddb5b337c84b9 + 4eb8907ccd4025021d7117364de8c4f9; + 48e27fff63102758fe2b69ac + 26afa3349829b94586306f + "" + "" + "" + dcee39b3; + ed54154f8f28523c03d4de16 + 00157846b710ee72807a22 + 19 + "" + "" + d0f09e35; + bfb474fd71d891f24bb65d15 + 63259f9eb53b571ea629c5 + "" + 4d + b1 + 20282dc8; + 57dd2d42f70800df9fcbaca4 + 8b77dba189196d1ebb + a10b0467cb9fc2712a199e533fa9156308cdec3f768281e040a9b9a222bd689aef66f5306ceb0c6b08ac8b0a22260c57 + 1b4a42bb8fdb233bfa6a5cfb0bad7d95214ade49cb3b6f5fe8368131115c037ba323fe1dc8151784873f0eb5b647da67 + 9991d3ac6a6931127145d2ce4106eae3f0e588ed0e6a1c24d015d595640fe427ebb5753e1955ea8cfeca3dd0638b8e0b + a2dc9d2ee323e912007d462871314715; + 94c18b5337685a96ed65b9ac + a338527ef19b09c063 + c46f88de9fd41e72d7b97e23e6eabdff3bcd211499268878dbf30f1dad89d4b9b12012e4713df46795630e + 7952d22bb02d7100b8b649377d20a8f083455b663e4ee1315f3c8f2aebfa921451dcd1af5813b70d30ce2f1fef6ef315d079839180 + 1691f3064921baaa57137b92ce00739789fad53203a0c5c0683cad9da5e2a54c15b6ea69870a807b40fa2006fd631f790f43a88a86 + d5f6f01586bd510672cd9f062d846013; + 5da08da3aefc5f85 + 84b7c5e617669c0f16e398 + "" + "" + "" + 7104d66a; + 15d4e9cfce3ed1ec + df3d264a7f16cb16c2e815 + f4 + "" + "" + d82c0d6e; + 22cdf0c8e30308be + 3c31e6bc58c0b7cadcb658 + "" + b9 + a6 + cb4b7117; + 70e47479a684b5ae + fa69a4cd52147ed12c + a986981a874498ad0abef8bc4fcb70e27e98ef1f0446b42fb144d44b6d00f06dc188d472a784e0c6f21195a3b9f4ae98 + 5511265febd11c164720eef9eb1c8dd0b00951f284649016ed00456331854bc78bf43966eb0cfa9138ddc39908445608 + 4763b77f7a624a9d1453034bea8d9c5061a93708adf6badc0e7372623212c427f6539c36f053398d051510adee65048f + 79884b4232ec8611c3e862865e3d60ec; + fe95e81c2533e31c + 9c1a9851bc2810d858 + cbbc8424d126b807e6daa089c3f9099c5ffb824173d7634c04226f30cbb7f0e4a973a8cd190107314717a7 + 7456f3ff669c732b58db8f48af65f7cc9e3fb90e1721b730374ffc9bc597f56ccbb2f294b38766fc69f6a9f2c0945ffd505003cc0c + fdfefeef8313360ebe5d7c5448129278ab19acbb0625d7e0675ce22a334269067523466c1cbad10c0a8630ae2d94d3b9a38dfe3db0 + 2ba0749d5c88e7dde18a94a99bcc3b69; + ae9ce021a5f1fa4ffa91544485f1a1258b + 2b9b8f0911e32d65cc1770 + "" + "" + "" + be73551e; + a18cbfe6effd1ff6778554acf1270485b2 + 03a3c1c4c967c0a458cb94 + 8b + "" + "" + 922ec10b; + dd409b687fa3a6827b480aa3a4c84cef64 + f6c9b53bf8f957f4b03cf4 + "" + 3e + 9e + ceadc769; + 89957f9a3e8128f8743d16687b7bb8deb9 + bd205b70e04c091d20 + 5cdad9e9a79b1abf91b0851e5ca605ac8451399587011677508a15dde524af3e2bee0646541a42c2ecccb44d65bad397 + abfaf529ee41cf9a05c7efedef3401539c51d2a90bbf7f1bfc338ab0ef5746ea8fdcccd213e33f7e8a5718fd25014107 + 882d1a8dcf897a5fd0b0a23aed8016eb4ba2290f47c51ffbb244fd10614dc98bdd072c8dd2607ccb0a8509c13141fc03 + 541f7a6fcf2c319c9bdf291490aabd96; + c8e7d715a92add9589d1f5c054b2d98351 + 4605ec590294a319b9 + 802068a9f891bc5ba5afabf8c3122d12d7ff3c41122d70d17d4569eaff59a332ba58d5d5589bfe079753ee + 1a957eb6d6699e6b7ea2725cb2dac07ecde95759ac46fee6dda7abc8ad68daac90cfe22d2f1f2968cc42fa8b669ed3bb3542a9cf44 + 87aacdd16e3d3bcd52d8bbbe6226bd5b405fd7ec9d93334a5ca599dfa600927a1270c54700d1d7ceb1fe25a033321359e98889bf74 + 9c7c6db5629007318783e4fadc1f1d67; +} + cast256-eax { 60d7bcda163547d348b7551195 "" diff --git a/symm/t/des b/symm/t/des index a5238aa3..e3eee4ab 100644 --- a/symm/t/des +++ b/symm/t/des @@ -88,6 +88,69 @@ des-cmac { 2b5a2cec413de519; } +des-ccm { + bef260d7bcda1635 + 47d348 + "" + "" + "" + 97684266; + b7551195e7702290 + 7dd1df + f7 + "" + "" + 46cb911b; + dac5c9941d26d0c6 + eb14ad + "" + 56 + da + 952bf9f2; + 8f86edd1dc9268ee + ee533285a6 + ed810c9b689daaa9060d2d4b6003062365b0a54364c76c16 + 0f11896c4794846ecfa14a7130c9f137120634c9519848a8 + cfdc3c0afd5fdd440f0e1898cb7cc518539e54d77a406117 + 2c49a88b22b8108b; + 77ff77bf79192a5b + 50ade5d9cd + 739a3d1f337f29549e6b0d27a4ba234085406a + 6136512061f7080cc07df0591d8fa21f2dd88374d8cde8e160ad10997a + fcd66aee455ff8c114978554c7a9debc11b642cff67c13f54f43c84302 + 7c38973da8da2aec; + 21635c6d62c926 + 9029df + "" + "" + "" + ce0d4ebc; + 3e6057acc87638 + f50804 + 67 + "" + "" + 3e4ba751; + 33d9ff61cdbda3 + b3e987 + "" + 87 + 41 + 2a565655; + 31ebfedd4705e5 + 05da1435dc + eaa7b1cc49ae1d50c38201a894476b3f102b752eb9529533 + 966f27043eb621b7f65b000961040ef2f9b2fc5fa450727a + e1eaaf9f5e53008063e0e21e064025aa423fb9a0a86996d0 + e257ab7ac4bc8b67; + 9b542cde52ebfd + a19d0ccc52 + 0f215eb57bb3a4f3ebbbb18ac6c95a97a48030 + 370c33d090c54215abd6b3ad54efc9a38378c5b93bf4f2aad2605faee2 + 52f8b409665916709096ea1116886f51d56d6f48f3e0c298f8ded5d660 + 5d9404a726617d55; +} + des-eax { bef260d7bcda1635 "" diff --git a/symm/t/des3 b/symm/t/des3 index 87ed8a7a..32945cbc 100644 --- a/symm/t/des3 +++ b/symm/t/des3 @@ -120,6 +120,129 @@ des3-cmac { 2753a7135b48898f; } +des3-ccm { + 60d7bcda163547d348b7551195e7 + 702290 + "" + "" + "" + aa48bfd6; + 7dd1dff7dac5c9941d26d0c6eb14 + ad568f + 86 + "" + "" + 06de8798; + edd1dc9268eeee533285a6ed810c + 9b689d + "" + aa + 67 + 35d148d9; + a9060d2d4b6003062365b0a54364 + c76c160f11 + 896c4794846ecfa14a7130c9f137120634c9519848a877ff + 77bf79192a5b50ade5d9cd739a3d1f337f29549e6b0d27a4 + a0cbf7ade835afc80d0244a41b72699e7f135479dcbf06f7 + 9d8fd60bbb5deed9; + ba234085406a6136512061f7080c + c07df0591d + 8fa21f2dd88374d8cde8e160ad10997a21635c + 6d62c9269029df3e6057acc87638f508046733d9ff61cdbda3b3e98787 + 09be940770a72970058ad3f06c973a2b58a7cc912892bc397eff73662e + 9146a93e7398cddb; + 31ebfedd4705e505 + da1435 + "" + "" + "" + 92740192; + dceaa7b1cc49ae1d + 50c382 + 01 + "" + "" + d1803413; + a894476b3f102b75 + 2eb952 + "" + 95 + 63 + c416162e; + 33966f27043eb621 + b7f65b0009 + 61040ef2f9b2fc5fa450727a9b542cde52ebfda19d0ccc52 + 0f215eb57bb3a4f3ebbbb18ac6c95a97a48030370c33d090 + b70fe9f3c530c75595207f22867614779980e9ada1c35be5 + 236101f21d127547; + c54215abd6b3ad54 + efc9a38378 + c5b93bf4f2aad2605faee2b03fb648e27fff63 + 102758fe2b69ac26afa3349829b94586306fed54154f8f28523c03d4de + ffc2c6c900f35a8d4c0bc244cf5ebff8f9999f4ce5759b39131585d376 + 9661947e6ea6d306; + 1600157846b710ee72807a2219bfb474 + fd71d8 + "" + "" + "" + 1afd62e9; + 91f24bb65d1563259f9eb53b571ea629 + c54d57 + dd + "" + "" + 9be5f1b8; + 2d42f70800df9fcbaca48b77dba18919 + 6d1ebb + "" + a1 + 2f + 8ec7e387; + 0b0467cb9fc2712a199e533fa9156308 + cdec3f7682 + 81e040a9b9a222bd689aef66f5306ceb0c6b08ac8b0a2226 + 0c571b4a42bb8fdb233bfa6a5cfb0bad7d95214ade49cb3b + 479741dd816d10d912b027aa913872636fc029c5b3b5e786 + b52afd4780869038; + 6f5fe8368131115c037ba323fe1dc815 + 1784873f0e + b5b647da6794c18b5337685a96ed65b9aca338 + 527ef19b09c063c46f88de9fd41e72d7b97e23e6eabdff3bcd21149926 + 2659d885994c1c74498d5caa2a19430c3622f508c1754794f736759134 + 1fd64bfce60b9b7c; + 8878dbf30f1dad89d4b9b12012e4713df46795630e + 7952d2 + "" + "" + "" + cbf3fe95; + 2bb02d7100b8b649377d20a8f083455b663e4ee131 + 5f3c8f + 2a + "" + "" + 622e5637; + ebfa921451dcd1af5813b70d30ce2f1fef6ef315d0 + 798391 + "" + 80 + 71 + 1a8cd2c7; + 5da08da3aefc5f8584b7c5e617669c0f16e39815d4 + e9cfce3ed1 + ecdf3d264a7f16cb16c2e815f422cdf0c8e30308be3c31e6 + bc58c0b7cadcb658b970e47479a684b5aefa69a4cd52147e + 820f2b98a0887f75cabdd9085299ba9d20e0c02e0e997019 + 4b2b92958f792723; + d12ca986981a874498ad0abef8bc4fcb70e27e98ef + 1f0446b42f + b144d44b6d00f06dc188d472a784e0c6f21195 + a3b9f4ae985511265febd11c164720eef9eb1c8dd0b00951f284649016 + 04baa89b0f016a9eb9f9f555b539e33fde914515ab13f2506927f4a0db + 266553d3216d3444; +} + des3-eax { 60d7bcda163547d348b7551195e7 "" diff --git a/symm/t/desx b/symm/t/desx index a51fad0b..14b8e311 100644 --- a/symm/t/desx +++ b/symm/t/desx @@ -72,6 +72,129 @@ desx-cmac { ebda61b856727ef6; } +desx-ccm { + 60d7bcda163547d348b7551195e770 + 22907d + "" + "" + "" + 8ec46476; + d1dff7dac5c9941d26d0c6eb14ad56 + 8f86ed + d1 + "" + "" + 5f3af780; + dc9268eeee533285a6ed810c9b689d + aaa906 + "" + 0d + 81 + 6bf70ba0; + 2d4b6003062365b0a54364c76c160f + 11896c4794 + 846ecfa14a7130c9f137120634c9519848a877ff77bf7919 + 2a5b50ade5d9cd739a3d1f337f29549e6b0d27a4ba234085 + 0d411f5b72112442088bee58587f1b0acc6cdc2609b38528 + 263feadb0d5a70aa; + 406a6136512061f7080cc07df0591d + 8fa21f2dd8 + 8374d8cde8e160ad10997a21635c6d62c92690 + 29df3e6057acc87638f508046733d9ff61cdbda3b3e9878731ebfedd47 + 0b9ff20737a20741c3caa6bdad16930cce5fdbe1754d211e15701f547f + 97f1a547f1179100; + 05e505da1435dcea + a7b1cc + "" + "" + "" + 001cf051; + 49ae1d50c38201a8 + 94476b + 3f + "" + "" + f4d9c98e; + 102b752eb9529533 + 966f27 + "" + 04 + a0 + a8ed8162; + 3eb621b7f65b0009 + 61040ef2f9 + b2fc5fa450727a9b542cde52ebfda19d0ccc520f215eb57b + b3a4f3ebbbb18ac6c95a97a48030370c33d090c54215abd6 + ab9b7c746d2bc3d9987a625049e1e17f09268f61914db075 + af163edd14717f26; + b3ad54efc9a38378 + c5b93bf4f2 + aad2605faee2b03fb648e27fff63102758fe2b + 69ac26afa3349829b94586306fed54154f8f28523c03d4de1600157846 + 222e460a7c0c877a3c3043bf46cd87c4b76b2dd7491d3d4dd22c8ea42f + c0d94d90dade32cb; + b710ee72807a2219bfb474fd71d891f2 + 4bb65d + "" + "" + "" + bd9bb6dc; + 1563259f9eb53b571ea629c54d57dd2d + 42f708 + 00 + "" + "" + f24fb66d; + df9fcbaca48b77dba189196d1ebba10b + 0467cb + "" + 9f + cc + 099a7f96; + c2712a199e533fa9156308cdec3f7682 + 81e040a9b9 + a222bd689aef66f5306ceb0c6b08ac8b0a22260c571b4a42 + bb8fdb233bfa6a5cfb0bad7d95214ade49cb3b6f5fe83681 + 15c1c73b28a6b905f4b301d941b961156ea6f145334295df + b81b11f44423b169; + 31115c037ba323fe1dc8151784873f0e + b5b647da67 + 94c18b5337685a96ed65b9aca338527ef19b09 + c063c46f88de9fd41e72d7b97e23e6eabdff3bcd211499268878dbf30f + 3999f0ebfb02f3e9163b462d325a844ada24367ab139617a32a4ac7f69 + d7d9bc4926dce5fe; + 1dad89d4b9b12012e4713df46795630e7952d22bb02d71 + 00b8b6 + "" + "" + "" + e2278b44; + 49377d20a8f083455b663e4ee1315f3c8f2aebfa921451 + dcd1af + 58 + "" + "" + eb62b54e; + 13b70d30ce2f1fef6ef315d0798391805da08da3aefc5f + 8584b7 + "" + c5 + d7 + 72d0dd81; + e617669c0f16e39815d4e9cfce3ed1ecdf3d264a7f16cb + 16c2e815f4 + 22cdf0c8e30308be3c31e6bc58c0b7cadcb658b970e47479 + a684b5aefa69a4cd52147ed12ca986981a874498ad0abef8 + e709032bd184e5104714acdbd444b4ba1242692f504e8bbd + 0e8982b121c86359; + bc4fcb70e27e98ef1f0446b42fb144d44b6d00f06dc188 + d472a784e0 + c6f21195a3b9f4ae985511265febd11c164720 + eef9eb1c8dd0b00951f284649016ed00456331854bc78bf43966eb0cfa + 157111d7f22ece6942850acb95f131f9749eb8625c0b6cef13fc859b62 + 690bf035ddf2b2db; +} + desx-eax { 60d7bcda163547d348b7551195e770 "" diff --git a/symm/t/idea b/symm/t/idea index e9a85f6c..a77126ba 100644 --- a/symm/t/idea +++ b/symm/t/idea @@ -40,6 +40,39 @@ idea-cmac { c17895f93dd73a8a; } +idea-ccm { + e4bef260d7bcda163547d348b7551195 + e77022 + "" + "" + "" + 42939dba; + 907dd1dff7dac5c9941d26d0c6eb14ad + 568f86 + ed + "" + "" + 3facc6db; + d1dc9268eeee533285a6ed810c9b689d + aaa906 + "" + 0d + 7e + 4f9519dd; + 2d4b6003062365b0a54364c76c160f11 + 896c479484 + 6ecfa14a7130c9f137120634c9519848a877ff77bf79192a + 5b50ade5d9cd739a3d1f337f29549e6b0d27a4ba23408540 + 53683900f166af9bfd8a3e46e63e8e38af27b1c46816b6ae + 5e8bd4980b4efd9c; + 6a6136512061f7080cc07df0591d8fa2 + 1f2dd88374 + d8cde8e160ad10997a21635c6d62c9269029df + 3e6057acc87638f508046733d9ff61cdbda3b3e9878731ebfedd4705e5 + ea20e70bc5af22eece46f5b4adb9148a716a08fe014fd8e603cbad4b05 + df275b1d8b433882; +} + idea-eax { e4bef260d7bcda163547d348b7551195 "" diff --git a/symm/t/mars.local b/symm/t/mars.local index 13436bc8..2b0dcb47 100644 --- a/symm/t/mars.local +++ b/symm/t/mars.local @@ -51,6 +51,129 @@ mars-cmac { 797407de4940048d366f408567a0b4ca; } +mars-ccm { + 60d7bcda163547d348b75511 + 95e77022907dd1dff7dac5 + "" + "" + "" + d9863a89; + c9941d26d0c6eb14ad568f86 + edd1dc9268eeee533285a6 + ed + "" + "" + 291967b1; + 810c9b689daaa9060d2d4b60 + 03062365b0a54364c76c16 + "" + 0f + f7 + b93f6b02; + 11896c4794846ecfa14a7130 + c9f137120634c95198 + 48a877ff77bf79192a5b50ade5d9cd739a3d1f337f29549e6b0d27a4ba234085406a6136512061f7080cc07df0591d8f + a21f2dd88374d8cde8e160ad10997a21635c6d62c9269029df3e6057acc87638f508046733d9ff61cdbda3b3e9878731 + 9828628579a7dd487f473888502c5c84369b7c3a4c760eca290e95d6ecc9f0eeff551a28e55ab8f07a3b3058263e6590 + 232a8e27bf269e09d6ca6691858e03d3; + ebfedd4705e505da1435dcea + a7b1cc49ae1d50c382 + 01a894476b3f102b752eb9529533966f27043eb621b7f65b000961040ef2f9b2fc5fa450727a9b542cde52 + ebfda19d0ccc520f215eb57bb3a4f3ebbbb18ac6c95a97a48030370c33d090c54215abd6b3ad54efc9a38378c5b93bf4f2aad2605f + 983ddf84477174e42ff5e4d86e34a4dba2cda48b0d9cc34dca96cae438508ea257ae6e4d0f34e6c38612bc4044d30e3f44550b49eb + aece86043084433dff242601596ec036; + aee2b03fb648e27fff63102758fe2b69ac26afa3 + 349829b94586306fed5415 + "" + "" + "" + c9700d28; + 4f8f28523c03d4de1600157846b710ee72807a22 + 19bfb474fd71d891f24bb6 + 5d + "" + "" + 86ac2560; + 1563259f9eb53b571ea629c54d57dd2d42f70800 + df9fcbaca48b77dba18919 + "" + 6d + ce + 7396d0ff; + 1ebba10b0467cb9fc2712a199e533fa9156308cd + ec3f768281e040a9b9 + a222bd689aef66f5306ceb0c6b08ac8b0a22260c571b4a42bb8fdb233bfa6a5cfb0bad7d95214ade49cb3b6f5fe83681 + 31115c037ba323fe1dc8151784873f0eb5b647da6794c18b5337685a96ed65b9aca338527ef19b09c063c46f88de9fd4 + 2e78ed36197ee0fbe02aaf850ca07cef75d83137dfa779a043f43ad6207cb71df53b3bc72ec31947217f1131f9a7219f + 38d70bb7304992be2073bd3ded9589ad; + 1e72d7b97e23e6eabdff3bcd211499268878dbf3 + 0f1dad89d4b9b12012 + e4713df46795630e7952d22bb02d7100b8b649377d20a8f083455b663e4ee1315f3c8f2aebfa921451dcd1 + af5813b70d30ce2f1fef6ef315d0798391805da08da3aefc5f8584b7c5e617669c0f16e39815d4e9cfce3ed1ecdf3d264a7f16cb16 + 91a4428db21b6870c8bed64235a802123bebc572b852321902ffa4e1f9197eab5a4e2d6e37587f493a77dc78355556ecf4078f6963 + 2ca5ad4c8de48446dacc9ef0f8ed8ac6; + c2e815f422cdf0c8 + e30308be3c31e6bc58c0b7 + "" + "" + "" + e55b1e3d; + cadcb658b970e474 + 79a684b5aefa69a4cd5214 + 7e + "" + "" + 8e9f4277; + d12ca986981a8744 + 98ad0abef8bc4fcb70e27e + "" + 98 + da + 94060c3c; + ef1f0446b42fb144 + d44b6d00f06dc188d4 + 72a784e0c6f21195a3b9f4ae985511265febd11c164720eef9eb1c8dd0b00951f284649016ed00456331854bc78bf439 + 66eb0cfa9138ddc39908445608fe95e81c2533e31c9c1a9851bc2810d858cbbc8424d126b807e6daa089c3f9099c5ffb + a845f5b258e7b48dfbf165716b84ab9d44a6fb31ae2db3969ab9236937b52c81e38427414b61004125cd07ee50001947 + 053ae04c909fb9c1202dc16d15d93890; + 824173d7634c0422 + 6f30cbb7f0e4a973a8 + cd190107314717a77456f3ff669c732b58db8f48af65f7cc9e3fb90e1721b730374ffc9bc597f56ccbb2f2 + 94b38766fc69f6a9f2c0945ffd505003cc0cae9ce021a5f1fa4ffa91544485f1a1258b2b9b8f0911e32d65cc1770a18cbfe6effd1f + 7bc1f6ba933f20ea05b7b6eeed69b99dfb31c21c77a46690e151e756c0af9555851d17700b27ac7d1104a4ce197bb4d3e5d596ed37 + 5b81abd7dea2c26dfdb3dd4fbb3679c9; + f6778554acf1270485b203a3c1c4c967c0a458cb948bdd409b687fa3a6827b480aa3a4c8 + 4cef64f6c9b53bf8f957f4 + "" + "" + "" + 5702f7ae; + b03cf43e89957f9a3e8128f8743d16687b7bb8deb9bd205b70e04c091d205cdad9e9a79b + 1abf91b0851e5ca605ac84 + 51 + "" + "" + d5c802e3; + 399587011677508a15dde524af3e2bee0646541a42c2ecccb44d65bad397abfaf529ee41 + cf9a05c7efedef3401539c + "" + 51 + df + bf7584e3; + d2a90bbf7f1bfc338ab0ef5746ea8fdcccd213e33f7e8a5718fd25014107c8e7d715a92a + dd9589d1f5c054b2d9 + 83514605ec590294a319b9802068a9f891bc5ba5afabf8c3122d12d7ff3c41122d70d17d4569eaff59a332ba58d5d558 + 9bfe079753ee1a957eb6d6699e6b7ea2725cb2dac07ecde95759ac46fee6dda7abc8ad68daac90cfe22d2f1f2968cc42 + 332eb9ba36705464ae13b42c953572119f3bd26d623fe066fa9eb42a3aa5222fc7a39367b997e903b8471ded7b4e1250 + b10fea22e3e1c7cbdf334e2e66986200; + fa8b669ed3bb3542a9cf44bbc8c6254d980398bd94e66eb4563d405e51881e99027b8ab9 + aea3ccf860b0009740 + 763d96836c5f87b95460938de1288c69d80ea12ff4bb5f069b8a2e86041c1b9fc214e9ca2186ddf1f6a7a3 + aa7e740da967828e3604b35b15ffaa6c36800d9645563a308ba60076817523bd2abf1261b089d8f23a9c2835076a23faac2cdd6777 + 2efcfbce25279f45598c9d5dff6821a9b6bdea37fc7c376e8a65c0d6182392b15de9832a2477f5c446b3028872892061a213cd7f51 + e44e2d82e160ef2cd7d28cb80fc74194; +} + mars-eax { 60d7bcda163547d348b75511 "" diff --git a/symm/t/noekeon b/symm/t/noekeon index c51b4a77..91fd76a0 100644 --- a/symm/t/noekeon +++ b/symm/t/noekeon @@ -24,6 +24,39 @@ noekeon-cmac { c123e79e5caf935e4534444d32d814d3; } +noekeon-ccm { + e4bef260d7bcda163547d348b7551195 + e77022907dd1dff7dac5c9 + "" + "" + "" + 49ba308e; + 941d26d0c6eb14ad568f86edd1dc9268 + eeee533285a6ed810c9b68 + 9d + "" + "" + bf7a3a76; + aaa9060d2d4b6003062365b0a54364c7 + 6c160f11896c4794846ecf + "" + a1 + 07 + f4749361; + 4a7130c9f137120634c9519848a877ff + 77bf79192a5b50ade5 + d9cd739a3d1f337f29549e6b0d27a4ba234085406a6136512061f7080cc07df0591d8fa21f2dd88374d8cde8e160ad10 + 997a21635c6d62c9269029df3e6057acc87638f508046733d9ff61cdbda3b3e9878731ebfedd4705e505da1435dceaa7 + 4c78845e20c686f9ff85982d36d3e9aa511ca2e24d03978efbcc2728d499114cfec92bac5f9913c6fab485e7dced9599 + ed048b86e5dbb933f5893750dc0634cd; + b1cc49ae1d50c38201a894476b3f102b + 752eb9529533966f27 + 043eb621b7f65b000961040ef2f9b2fc5fa450727a9b542cde52ebfda19d0ccc520f215eb57bb3a4f3ebbb + b18ac6c95a97a48030370c33d090c54215abd6b3ad54efc9a38378c5b93bf4f2aad2605faee2b03fb648e27fff63102758fe2b69ac + 0c825df862df85bf1bb99434c39ce83a392f0e03ca915677bfc6f7de8cf1643c70f679f8dc8d245fb2c84be5f05b5e6064ff017589 + c9d921b8c460e2dab218d13a0609a344; +} + noekeon-eax { e4bef260d7bcda163547d348b7551195 "" diff --git a/symm/t/rc2 b/symm/t/rc2 index 7a9df082..476eec3e 100644 --- a/symm/t/rc2 +++ b/symm/t/rc2 @@ -63,6 +63,129 @@ rc2-cmac { 9ffecd00a5ce33b6; } +rc2-ccm { + 60d7bcda163547d348b7551195e77022907dd1dff7dac5c9941d26d0c6eb14ad568f86edd1dc9268ee + ee5332 + "" + "" + "" + 0e756e3d; + 85a6ed810c9b689daaa9060d2d4b6003062365b0a54364c76c160f11896c4794846ecfa14a7130c9f1 + 371206 + 34 + "" + "" + 88075561; + c9519848a877ff77bf79192a5b50ade5d9cd739a3d1f337f29549e6b0d27a4ba234085406a61365120 + 61f708 + "" + 0c + e4 + 677a1fdd; + c07df0591d8fa21f2dd88374d8cde8e160ad10997a21635c6d62c9269029df3e6057acc87638f50804 + 6733d9ff61 + cdbda3b3e9878731ebfedd4705e505da1435dceaa7b1cc49 + ae1d50c38201a894476b3f102b752eb9529533966f27043e + aa2e353749ab572e5ea55be5be368bae0ca3cd5604ec9c06 + bbdce19a0df3c05b; + b621b7f65b000961040ef2f9b2fc5fa450727a9b542cde52ebfda19d0ccc520f215eb57bb3a4f3ebbb + b18ac6c95a + 97a48030370c33d090c54215abd6b3ad54efc9 + a38378c5b93bf4f2aad2605faee2b03fb648e27fff63102758fe2b69ac + a1b2416f66d57ca9034827ff55b17cfac62108e8a10a62c3aec1de6d6a + af60612dfed6edb3; + 26afa3349829b94586306fed54154f8f28523c03d4de1600157846b710ee72807a2219bfb474fd71d891f24bb65d1563259f9eb53b571ea629c54d57dd2d42f70800df9fcbaca48b77dba189196d1ebba10b0467cb9fc2712a199e533fa9156308cdec3f768281e040a9b9a222bd689aef66f5306ceb0c + 6b08ac + "" + "" + "" + ef7e40ab; + 8b0a22260c571b4a42bb8fdb233bfa6a5cfb0bad7d95214ade49cb3b6f5fe8368131115c037ba323fe1dc8151784873f0eb5b647da6794c18b5337685a96ed65b9aca338527ef19b09c063c46f88de9fd41e72d7b97e23e6eabdff3bcd211499268878dbf30f1dad89d4b9b12012e4713df46795630e79 + 52d22b + b0 + "" + "" + 9cef3d08; + 2d7100b8b649377d20a8f083455b663e4ee1315f3c8f2aebfa921451dcd1af5813b70d30ce2f1fef6ef315d0798391805da08da3aefc5f8584b7c5e617669c0f16e39815d4e9cfce3ed1ecdf3d264a7f16cb16c2e815f422cdf0c8e30308be3c31e6bc58c0b7cadcb658b970e47479a684b5aefa69a4cd + 52147e + "" + d1 + a9 + 0e3165e9; + 2ca986981a874498ad0abef8bc4fcb70e27e98ef1f0446b42fb144d44b6d00f06dc188d472a784e0c6f21195a3b9f4ae985511265febd11c164720eef9eb1c8dd0b00951f284649016ed00456331854bc78bf43966eb0cfa9138ddc39908445608fe95e81c2533e31c9c1a9851bc2810d858cbbc8424d1 + 26b807e6da + a089c3f9099c5ffb824173d7634c04226f30cbb7f0e4a973 + a8cd190107314717a77456f3ff669c732b58db8f48af65f7 + 79a7ec7b8d3aad1c29ce22222d9089766c6892e25284af53 + 1a749a4b280e03eb; + cc9e3fb90e1721b730374ffc9bc597f56ccbb2f294b38766fc69f6a9f2c0945ffd505003cc0cae9ce021a5f1fa4ffa91544485f1a1258b2b9b8f0911e32d65cc1770a18cbfe6effd1ff6778554acf1270485b203a3c1c4c967c0a458cb948bdd409b687fa3a6827b480aa3a4c84cef64f6c9b53bf8f957 + f4b03cf43e + 89957f9a3e8128f8743d16687b7bb8deb9bd20 + 5b70e04c091d205cdad9e9a79b1abf91b0851e5ca605ac845139958701 + c1255583506986b100df1504190df39ec531be3506347bc3db4ab4ec82 + 993490ca3359ed04; + 1677508a15dde524af3e2bee0646541a42c2ec + ccb44d + "" + "" + "" + 2848a767; + 65bad397abfaf529ee41cf9a05c7efedef3401 + 539c51 + d2 + "" + "" + e0651099; + a90bbf7f1bfc338ab0ef5746ea8fdcccd213e3 + 3f7e8a + "" + 57 + a9 + 9135e83e; + 18fd25014107c8e7d715a92add9589d1f5c054 + b2d9835146 + 05ec590294a319b9802068a9f891bc5ba5afabf8c3122d12 + d7ff3c41122d70d17d4569eaff59a332ba58d5d5589bfe07 + a0219d75977a704b34340dae9a6f96be4baaa1ad3ee96afa + b1e6a4f9015ad908; + 9753ee1a957eb6d6699e6b7ea2725cb2dac07e + cde95759ac + 46fee6dda7abc8ad68daac90cfe22d2f1f2968 + cc42fa8b669ed3bb3542a9cf44bbc8c6254d980398bd94e66eb4563d40 + 612f7d0ab987bbd987e78707fa59388a40cd95b609e3b0df2298712134 + 242d9a4c7c587d14; + 5e51881e99027b8ab9aea3ccf860b0009740763d96836c5f87b954 + 60938d + "" + "" + "" + 9ebdeb8f; + e1288c69d80ea12ff4bb5f069b8a2e86041c1b9fc214e9ca2186dd + f1f6a7 + a3 + "" + "" + c53713f3; + aa7e740da967828e3604b35b15ffaa6c36800d9645563a308ba600 + 768175 + "" + 23 + ca + 704b73f9; + bd2abf1261b089d8f23a9c2835076a23faac2cdd67771cc667a833 + 1f0a170b66 + 283e4f834a06148f302c3973accd56f6f24e33958b8c2e23 + 52fd61e4fa8fec816ac861a8b33779f09e7a10fc02a8f48a + 49e3c85b0d02dd9f89914d75405cfac2f343deccb9d98391 + 95c00f9b22962366; + fa3080ee119a52a9a817e4f2b94b0820cab383a8cffeea7c486315 + 799dc875fb + a578c8ec4837898a92142b5b0677da1ac27311 + 7b45bcfff5d5f8b6fde2893232a9f81d14517ffae475f6b94a43a67b3d + 8eccebfa67d50519fadda30deee9c4d16575a61eb68adf6157271bdabd + 1dbaccd5b26fc6e2; +} + rc2-eax { 60d7bcda163547d348b7551195e77022907dd1dff7dac5c9941d26d0c6eb14ad568f86edd1dc9268ee "" diff --git a/symm/t/rc5 b/symm/t/rc5 index 921c438a..f574d6b6 100644 --- a/symm/t/rc5 +++ b/symm/t/rc5 @@ -65,6 +65,129 @@ rc5-cmac { 029a65f6ecedeaec; } +rc5-ccm { + 60d7bcda163547d348b7551195e77022907dd1dff7dac5c9941d26d0c6eb14ad568f86edd1dc9268eeee533285a6ed810c9b689daaa9060d2d4b6003062365b0a54364c76c160f11896c4794846ecfa14a7130c9f137120634c9519848a877ff77bf79192a5b50ade5d9cd739a3d1f337f29549e6b0d27a4ba234085406a6136512061f7080cc07df0591d8fa21f2dd88374d8cde8e160ad10997a21635c6d62c9269029df3e6057 + acc876 + "" + "" + "" + 7c254f77; + 38f508046733d9ff61cdbda3b3e9878731ebfedd4705e505da1435dceaa7b1cc49ae1d50c38201a894476b3f102b752eb9529533966f27043eb621b7f65b000961040ef2f9b2fc5fa450727a9b542cde52ebfda19d0ccc520f215eb57bb3a4f3ebbbb18ac6c95a97a48030370c33d090c54215abd6b3ad54efc9a38378c5b93bf4f2aad2605faee2b03fb648e27fff63102758fe2b69ac26afa3349829b94586306fed54154f8f28 + 523c03 + d4 + "" + "" + 1bee7cd9; + de1600157846b710ee72807a2219bfb474fd71d891f24bb65d1563259f9eb53b571ea629c54d57dd2d42f70800df9fcbaca48b77dba189196d1ebba10b0467cb9fc2712a199e533fa9156308cdec3f768281e040a9b9a222bd689aef66f5306ceb0c6b08ac8b0a22260c571b4a42bb8fdb233bfa6a5cfb0bad7d95214ade49cb3b6f5fe8368131115c037ba323fe1dc8151784873f0eb5b647da6794c18b5337685a96ed65b9aca3 + 38527e + "" + f1 + b4 + 2a4035c8; + 9b09c063c46f88de9fd41e72d7b97e23e6eabdff3bcd211499268878dbf30f1dad89d4b9b12012e4713df46795630e7952d22bb02d7100b8b649377d20a8f083455b663e4ee1315f3c8f2aebfa921451dcd1af5813b70d30ce2f1fef6ef315d0798391805da08da3aefc5f8584b7c5e617669c0f16e39815d4e9cfce3ed1ecdf3d264a7f16cb16c2e815f422cdf0c8e30308be3c31e6bc58c0b7cadcb658b970e47479a684b5aefa + 69a4cd5214 + 7ed12ca986981a874498ad0abef8bc4fcb70e27e98ef1f04 + 46b42fb144d44b6d00f06dc188d472a784e0c6f21195a3b9 + 27b471cdc900d7c1cecdbccbe0c791d0894881688285dc18 + 0c52bf2c8519e396; + f4ae985511265febd11c164720eef9eb1c8dd0b00951f284649016ed00456331854bc78bf43966eb0cfa9138ddc39908445608fe95e81c2533e31c9c1a9851bc2810d858cbbc8424d126b807e6daa089c3f9099c5ffb824173d7634c04226f30cbb7f0e4a973a8cd190107314717a77456f3ff669c732b58db8f48af65f7cc9e3fb90e1721b730374ffc9bc597f56ccbb2f294b38766fc69f6a9f2c0945ffd505003cc0cae9ce021 + a5f1fa4ffa + 91544485f1a1258b2b9b8f0911e32d65cc1770 + a18cbfe6effd1ff6778554acf1270485b203a3c1c4c967c0a458cb948b + 4c97911b3e34ed74ca84d41573f434210e43911778a77caa1bb64b5d52 + 329a8ae6ba7b6150; + dd409b687fa3a6827b480aa3a4c84cef64f6c9b53bf8f957f4b03cf43e89957f9a3e8128f8743d16687b7bb8deb9bd205b70e04c091d205cdad9e9a79b1abf91b0851e5ca605ac8451399587011677508a15dde524af3e2bee0646541a42c2ecccb44d65bad397abfaf529ee41cf9a05c7efedef3401539c51d2a90bbf7f1bfc338ab0ef5746ea8fdcccd213e33f7e8a5718fd25014107c8e7d715a92add9589d1f5c054b2d983514605ec590294a319b9802068a9f891bc5ba5afabf8c3122d12d7ff3c41122d70d17d4569eaff59a332ba58d5d5589bfe079753ee1a + 957eb6 + "" + "" + "" + 83c54227; + d6699e6b7ea2725cb2dac07ecde95759ac46fee6dda7abc8ad68daac90cfe22d2f1f2968cc42fa8b669ed3bb3542a9cf44bbc8c6254d980398bd94e66eb4563d405e51881e99027b8ab9aea3ccf860b0009740763d96836c5f87b95460938de1288c69d80ea12ff4bb5f069b8a2e86041c1b9fc214e9ca2186ddf1f6a7a3aa7e740da967828e3604b35b15ffaa6c36800d9645563a308ba60076817523bd2abf1261b089d8f23a9c2835076a23faac2cdd67771cc667a8331f0a170b66283e4f834a06148f302c3973accd56f6f24e33958b8c2e2352fd61e4fa8fec81 + 6ac861 + a8 + "" + "" + d11cd472; + b33779f09e7a10fc02a8f48afa3080ee119a52a9a817e4f2b94b0820cab383a8cffeea7c486315799dc875fba578c8ec4837898a92142b5b0677da1ac273117b45bcfff5d5f8b6fde2893232a9f81d14517ffae475f6b94a43a67b3d380d2f9aaafe2dd721c0095c8808847689211450ba8095ffab1eaadf66fd22ac1976063e113ab61f813e28a1397a7974a1d7f4220c785fe426a5a0e80f678d404147842941feeffdc2eb44dc8c0d5e8f444f7f4e0c893959b74dc23a7bb40e7e0013e5150686d2301b43a15a84e81d7f5cedaa49e2414ebf47970e560475cff206 + 877de6 + "" + 91 + d7 + 75a2a5f9; + 46acc3ab6cf8556b7aa776945948d1b8834df2196c92ec1718dcdeee0d52d9539726d2810391b3f9d10c39b07ae8f08ce7cee4758a386a9943e97dedfbe61e737882cd09c2b9a80f34c0fde11c2481b11fc76bfa4dbf710a9e544e0c536ca1e040f9ad5b04140d98edabe08485290a4d87d13b07398a1458c2c6b61dbdbc1cccada8c1a0a9aabb6c4e3c3554f8fb1ef61614c270295dfc0ca6551ca4bdb75359f91cb9d921056b7de74fc9a9b37154ce6c0b396179d31f06a1dd5982cbc0d7cb23841da1ae8f4ae480cda98ad6cf2bacf6f9fd3f821330c43f3df6c2b3 + fac7cbcf96 + 523d4723f91801325eb8553236651c96788d73d192ee53b3 + f3ebd66ddd98cedbe88e245de25b1593b70f8601562d90a9 + 740ab29287b8db09e16309ab92186c430c2c71905ef788db + 16ed39d411395c7f; + b59ed034a867642d25d54756fa5c47f16f64b837bb4926214211a1c696ba172010abb433922a22d9fd881519165eb9d85197a21cc34ac0d5ae7be8dbf98e4ffed2cf6b1372a5aa47b54fd9d70c70e117bf1cae71b3a56f0e7d839ea59cc783443d64f2ed6a29b96856beca34fd6544bcf86b799e2a1681160ccf055f0fd3001da597a1406d465b7b1419ea51cf858f938f6daafbd656445a09898eaa96ffc3d1d2e31e4e34c94b8bfae64825ecd75a66d88eedb969ffe07669845ebb7a24c69f13d099f47166edf54538e88fbf433a7ff212085179e79771f6eee7283a + b178ef2b80 + 0d7b969da05780ffc1ba78c70dda7a4ca2a25e + 771702fb1901ecfc8a959cb8e75079bb018ccc8c54f31b450e88f8e900 + b630304c8082405cd416ec56b4b32cd188cb81075a1df8e7ded7042e84 + 15c392aa9df0ff73; + 2926ad0284c738f4cb0f58a1e34c8b15ad930c1b627235a2cb84241986c251f5b70be2367f0472 + 65264e + "" + "" + "" + 5c63c12d; + 0da72efe8995e6c932a17eab511eddb8e4ba463c663035a6ae8a7a899e4279d54d03f0e0f3e961 + dcfd40 + 08 + "" + "" + 8ec0a5a4; + 8d5be74088e4097efb0368c7e2f431ee6988cf2a0e9ebeb3de79c4f86c9e4fba61339d6d907eab + 7707ca + "" + 48 + 61 + d74da629; + ff5ba1ae93d16225d469de5747bc1addf5748729720a320fe14fd29cfc59314fe2079c0a2535de + d56112d6e3 + d33dcf7c71cd7d130323794e3da84a9df69703a9caf02d2a + 8f57ac71e554a6850d55882f8c7ae6994fc8528bd18c374f + 12ebdfc275cb1ad1926629dec9765ecde238384b6b77aed3 + 91dd4e2e2acf63f7; + c43581d2f72a89584a2404a059f7f99c7241a0c879d6d4455b382a9ce757b3e7a1d07585ad9d7e + a9c7c9cf54 + f3bc6d94238ab56d738e02abd651477cd726d6 + f3ebcd6fadeab50906642a7de6496247060e7be3632ed9bd94bb42f45a + a0cbde9a036ed8857dec5ad4dce61b29ec4a9c304fe386afefe3aee97f + 84fbd4d0f0710fea; + 8733b2cd2df9d1d905cfdb29983050d6bcdb686a0c897031ad09a5b8fa687ec3bad8e18dc2ad361f1e226e78876cd35f86c639733c5cd84aed8aaebabb7e0f24edfd9710b7bca91b612ea37fc5 + cc09f7 + "" + "" + "" + b8580130; + f62f66b423fcd2dec5de24d264f2c839839c1b06319f687dbc68d9f07fd41ccb4f8cde8de201ec2680332bbded4883deea0b58b54bdd13c17ef292b0ded3caeb5e57fd21df10bc6186265ee6ea + 45907d + e6 + "" + "" + aa6fedbc; + cb822fb2ef953aea358a03e0fce2e1b9511bd332c86e67f123377a8f0256b8dcc73ae1b3c6cd3f104e3cb24284cfed17811d64d492d39ea7496993a25b072945d83f923e66b0a6689cf0969c00 + 3a8fca + "" + 80 + b5 + 0b3d21e2; + e322a4b1bf050c1220450433efb6b6d8a2d820cf27a64b9d47f636845dac557bb3e75f3a18fb8e173416867fcd0ee78ddd9236beec76d55ed58b10f91d07a037791ab96e83c4bf2fb5b205e592 + c172a5cbc1 + 9456c95c1bea6079f3867e52d663cb3884b2a0a8ff825df7 + 52423f3179bfeb89eca385f20ddce5f1f23564672e370ffc + 704a2f85040f89ae682fc9fe222d1514c8a6ee4c83621978 + bd37c7f24ffd34dd; + 37d400a31e8aac1d426ce10df73c5ee478b3b63d91024780e974a8a2a0e7a36f84ab1286b627e7d01b38a84a6de738721ed80fd0d7f69fa658abb5a440d304128719b541a9451cead18e4c61d9 + 3d1f8fcc53 + 574427767396322b3bf7d02cec05093696cec0 + 7591ada462271b1d1519eedde0df37a330fe8c22ebd77705917b7e32ae + a81b6872abcb10bf73091054448aa06f5713d2da96a21467a86272aae7 + 3acb5a6ac60a7d69; +} + rc5-eax { 60d7bcda163547d348b7551195e77022907dd1dff7dac5c9941d26d0c6eb14ad568f86edd1dc9268eeee533285a6ed810c9b689daaa9060d2d4b6003062365b0a54364c76c160f11896c4794846ecfa14a7130c9f137120634c9519848a877ff77bf79192a5b50ade5d9cd739a3d1f337f29549e6b0d27a4ba234085406a6136512061f7080cc07df0591d8fa21f2dd88374d8cde8e160ad10997a21635c6d62c9269029df3e6057 "" diff --git a/symm/t/rijndael.local b/symm/t/rijndael.local index 4039dbbb..3060c55e 100644 --- a/symm/t/rijndael.local +++ b/symm/t/rijndael.local @@ -92,6 +92,377 @@ rijndael-cmac { 9c0f16e39815d4e9cfce3ed1ecdf3d264a7f16cb16c2e815f422cdf0c8e30308be3c31e6bc58c0b7cadcb6 3a2d6cd3d65ba29059613d7e6b6e1278; } + +rijndael-ccm { + ## From the Housley, Whiting, and Ferguson submission to NIST, somewhat + ## rearranged because of the bizarre (and undocumented) nonce structure. + + c0c1c2c3c4c5c6c7c8c9cacbcccdcecf + 00000003020100a0a1a2a3a4a5 + 0001020304050607 + 08090a0b0c0d0e0f101112131415161718191a1b1c1d1e + 588c979a61c663d2f066d0c2c0f989806d5f6b61dac384 + 17e8d12cfdf926e0; + c0c1c2c3c4c5c6c7c8c9cacbcccdcecf + 00000004030201a0a1a2a3a4a5 + 0001020304050607 + 08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f + 72c91a36e135f8cf291ca894085c87e3cc15c439c9e43a3b + a091d56e10400916; + c0c1c2c3c4c5c6c7c8c9cacbcccdcecf + 00000005040302a0a1a2a3a4a5 + 0001020304050607 + 08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20 + 51b1e5f44a197d1da46b0f8e2d282ae871e838bb64da859657 + 4adaa76fbd9fb0c5; + c0c1c2c3c4c5c6c7c8c9cacbcccdcecf + 00000006050403a0a1a2a3a4a5 + 000102030405060708090a0b + 0c0d0e0f101112131415161718191a1b1c1d1e + a28c6865939a9a79faaa5c4c2a9d4a91cdac8c + 96c861b9c9e61ef1; + c0c1c2c3c4c5c6c7c8c9cacbcccdcecf + 00000007060504a0a1a2a3a4a5 + 000102030405060708090a0b + 0c0d0e0f101112131415161718191a1b1c1d1e1f + dcf1fb7b5d9e23fb9d4e131253658ad86ebdca3e + 51e83f077d9c2d93; + c0c1c2c3c4c5c6c7c8c9cacbcccdcecf + 00000008070605a0a1a2a3a4a5 + 000102030405060708090a0b + 0c0d0e0f101112131415161718191a1b1c1d1e1f20 + 6fc1b011f006568b5171a42d953d469b2570a4bd87 + 405a0443ac91cb94; + c0c1c2c3c4c5c6c7c8c9cacbcccdcecf + 00000009080706a0a1a2a3a4a5 + 0001020304050607 + 08090a0b0c0d0e0f101112131415161718191a1b1c1d1e + 0135d1b2c95f41d5d1d4fec185d166b8094e999dfed96c + 048c56602c97acbb7490; + c0c1c2c3c4c5c6c7c8c9cacbcccdcecf + 0000000a090807a0a1a2a3a4a5 + 0001020304050607 + 08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f + 7b75399ac0831dd2f0bbd75879a2fd8f6cae6b6cd9b7db24 + c17b4433f434963f34b4; + c0c1c2c3c4c5c6c7c8c9cacbcccdcecf + 0000000b0a0908a0a1a2a3a4a5 + 0001020304050607 + 08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20 + 82531a60cc24945a4b8279181ab5c84df21ce7f9b73f42e197 + ea9c07e56b5eb17e5f4e; + c0c1c2c3c4c5c6c7c8c9cacbcccdcecf + 0000000c0b0a09a0a1a2a3a4a5 + 000102030405060708090a0b + 0c0d0e0f101112131415161718191a1b1c1d1e + 07342594157785152b074098330abb141b947b + 566aa9406b4d999988dd; + c0c1c2c3c4c5c6c7c8c9cacbcccdcecf + 0000000d0c0b0aa0a1a2a3a4a5 + 000102030405060708090a0b + 0c0d0e0f101112131415161718191a1b1c1d1e1f + 676bb20380b0e301e8ab79590a396da78b834934 + f53aa2e9107a8b6c022c; + c0c1c2c3c4c5c6c7c8c9cacbcccdcecf + 0000000e0d0c0ba0a1a2a3a4a5 + 000102030405060708090a0b + 0c0d0e0f101112131415161718191a1b1c1d1e1f20 + c0ffa0d6f05bdb67f24d43a4338d2aa4bed7b20e43 + cd1aa31662e7ad65d6db; + aca23752615c82c1d454c4fc1462dcf3 + 00b9965d963ec163c54530549a + 20f2c84a078983d6 + d9215a08e37911f08e13e868d561fd8de3bc968e0978ae + 8ca7df83589d89f1e2f9633a4e219e4e8c4daf918cbd4a + 795fa85da6e5711c; + aca23752615c82c1d454c4fc1462dcf3 + 0044144a825d7363c54530549a + 23bc9db76f5e4761 + 5297b4a9984845b03b01cf4794fa66cf27cc89c002ff4a4b + c7d563f1e02eb4f54919ae707d6cc9573ca85434f3559b30 + 78aeda0f601d877e; + aca23752615c82c1d454c4fc1462dcf3 + 00aaf7bf9d75c663c54530549a + 86eec4ba8409465f + 875547667e2424abb2a30fde33b6e81c2b5c1c5629b262555c + a15c03b3d37d1f5fba858d394997e935c44985212cfaed5037 + bd7dd7a68f95a476; + aca23752615c82c1d454c4fc1462dcf3 + 0040da4cf416fc63c54530549a + 15801a12adb41e13223d9c4f + f1d25ee5bd3014d5eb7254c3c62ded9d1dbb7d + 0c9c100d74193c6d5679cd01b6418fff3a4fe4 + 7cf0866237842658; + aca23752615c82c1d454c4fc1462dcf3 + 002c2cbdfa28bf63c54530549a + d9808ff2b59b6a89bf9c4a82 + 05bba8822b40f4803253fb91f0b5bcf60ee5dd95 + b5b3b7fab03d662e1842333328466dd81dd8fe3d + 6f8c861ab1617dc3; + aca23752615c82c1d454c4fc1462dcf3 + 0016230909f7cc63c54530549a + 9b85df31226b387fdf8ddd4d + 4eb993044b71beddc6ef3f287197e4d46e9f29e427 + a0e19481ba549ce66fadd81937a09a4f542b2f421d + 12695462fd931591; + aca23752615c82c1d454c4fc1462dcf3 + 00797b71e3c96963c54530549a + e7e6473a07dacca4 + 9436254b379e38d73861ca027fc79b0440aba519e9e1dc + 0d22d68dc1d39934f8e5882c2058436a0cc58e03258b4e + 2bb39e01a568aba1f1ba; + aca23752615c82c1d454c4fc1462dcf3 + 0083ae22deb9b163c54530549a + a1c6b900678806b8 + 37709803b3fff94ffac1150b28a3cef1bf4feea0ff19541c + 3103c511e43dc5e01aba07db0b84a443a1e3425983c3fe7e + 19c626fd947eafb9c1b3; + aca23752615c82c1d454c4fc1462dcf3 + 006541e08f013463c54530549a + ea6abbb54793ecc2 + eb0e990f88cfb0e78c1d6196890f8b6fa7787fe2dd85a72355 + a449f8b7a3c9d0c3fca9a6e7a89953fdbbb5d4d05dc77f67ae + 4efbc470d8a0b1c4f967; + aca23752615c82c1d454c4fc1462dcf3 + 00ede32aa3875a63c54530549a + 869cbaf565fbb429d4603ace + 6cd5e33d9e5ff526e21b24f40d6b15e5ed25fb + 450c728aac9be3105cbe74653ffd52feb4a5ad + d6db7bc4dfdfc165dd93; + aca23752615c82c1d454c4fc1462dcf3 + 0073331529b3db63c54530549a + 934cae407d3e300ae7111b43 + e9a5e8b187d1e7baa3ad94fcf9e1b25aff726259 + 5f7716b16a6218b2a44033c29260df1d75caadd4 + 583c50b41845b3867f21; + aca23752615c82c1d454c4fc1462dcf3 + 00cdf8f729be7363c54530549a + 6dbf3223e9758ce37ed8e2a9 + ab8db40bc61588976d79d96e3012f0ff60e37e0732 + 220bb8f4aba55c7d573f1f2fbd3d78a4361c665f51 + 659f6d2e866db4de0e97; + + ## From NIST SP800-38C. + 404142434445464748494a4b4c4d4e4f + 10111213141516 + 0001020304050607 + 20212223 + 7162015b + 4dac255d; + 404142434445464748494a4b4c4d4e4f + 1011121314151617 + 000102030405060708090a0b0c0d0e0f + 202122232425262728292a2b2c2d2e2f + d2a1f0e051ea5f62081a7792073d593d + 1fc64fbfaccd; + 404142434445464748494a4b4c4d4e4f + 101112131415161718191a1b + 000102030405060708090a0b0c0d0e0f10111213 + 202122232425262728292a2b2c2d2e2f3031323334353637 + e3b201a9f5b71a7a9b1ceaeccd97e70b6176aad9a4428aa5 + 484392fbc1b09951; + + ## Other NIST examples. + 404142434445464748494a4b4c4d4e4f + 10111213141516 + "" + 202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f + 7162015bc051951e5918aeaf3c11f3d4ac363f8d5b6af3d369603b04f24cae29964e2f2bf9d31143f72527ce2db402eab7660e4a10b08e82266517cdf60267f9 + c66b655c; + 404142434445464748494A4B4C4D4E4F + 10111213141516 + 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f + "" + "" + e84023f8; + 404142434445464748494a4b4c4d4e4f5051525354555657 + 10111213141516 + 0001020304050607 + 20212223 + 18ee1730 + c8c326d5; + 404142434445464748494a4b4c4d4e4f5051525354555657 + 1011121314151617 + 000102030405060708090a0b0c0d0e0f + 202122232425262728292a2b2c2d2e2f + 2232b6e0924148ae7239bcbd1a0f7ecb + 56e9cc28aa67; + 404142434445464748494a4b4c4d4e4f5051525354555657 + 101112131415161718191a1b + 000102030405060708090a0b0c0d0e0f10111213 + 202122232425262728292a2b2c2d2e2f3031323334353637 + 8081316fd89624d62ce7637fb94995b6631c50d61586de01 + 42366952505f995a; + 404142434445464748494a4b4c4d4e4f5051525354555657 + 10111213141516 + "" + 202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f + 18ee1730f4490ea847a8e9c532c69f9c0a539a585c1e7b6a5af919f4819088a96ed632555098d3007e7d963c7bd013eb307671d0fbc39a0df4a26a9f4b9e4dad + c9ce2fbc; + 404142434445464748494a4b4c4d4e4f5051525354555657 + 10111213141516 + 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f + "" + "" + f1fb2a57; + 404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f + 10111213141516 + 0001020304050607 + 20212223 + 8ab1a874 + 95fc0820; + + 404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f + 1011121314151617 + 000102030405060708090a0b0c0d0e0f + 202122232425262728292a2b2c2d2e2f + af1785fc0f5ea7d0cfba837246484497 + 94b826c8849e; + + 404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f + 101112131415161718191a1b + 000102030405060708090a0b0c0d0e0f10111213 + 202122232425262728292a2b2c2d2e2f3031323334353637 + 04f883aeb3bd0730eaf50bb6de4fa2212034e4e41b0e75e5 + 2b48c8766f7e7649; + + 404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f + 10111213141516 + "" + 202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f + 8ab1a874f6853f2443a59500f78d17272d6d39dfa6d0e65107b10700c2ce9ee8663d3e2a01c2e12c32e9377442231920be53278f4f60a972b709bb16932936ba + 3fbd0fae; + + 404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f + 10111213141516 + 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f + "" + "" + a6cf8230; + + ## Locally generated tests. + 60d7bcda163547d348b7551195e77022 + 907dd1dff7dac5c9941d26 + "" + "" + "" + cf28ba78; + d0c6eb14ad568f86edd1dc9268eeee53 + 3285a6ed810c9b689daaa9 + 06 + "" + "" + f258e4d7; + 0d2d4b6003062365b0a54364c76c160f + 11896c4794846ecfa14a71 + "" + 30 + d6 + 0c31647b; + c9f137120634c9519848a877ff77bf79 + 192a5b50ade5d9cd73 + 9a3d1f337f29549e6b0d27a4ba234085406a6136512061f7080cc07df0591d8fa21f2dd88374d8cde8e160ad10997a21 + 635c6d62c9269029df3e6057acc87638f508046733d9ff61cdbda3b3e9878731ebfedd4705e505da1435dceaa7b1cc49 + 41b97c9616d0af69288f13e20d74901645bc9b5263044121e5562fa5b0e5ef40a2639909c2e07e329cc50737613a2c53 + e992acc597653980b46bc43fd471eb5f; + ae1d50c38201a894476b3f102b752eb9 + 529533966f27043eb6 + 21b7f65b000961040ef2f9b2fc5fa450727a9b542cde52ebfda19d0ccc520f215eb57bb3a4f3ebbbb18ac6 + c95a97a48030370c33d090c54215abd6b3ad54efc9a38378c5b93bf4f2aad2605faee2b03fb648e27fff63102758fe2b69ac26afa3 + 8c314091d48b18dba473f0180ebfa878c920562f0d3c63303cafd8b92e31c35ca8e30e5dde711d30e7360b70030864de8d8156be5e + 672d9df3a0e99ed948e4f598a913b421; + 349829b94586306fed54154f8f28523c03d4de16 + 00157846b710ee72807a22 + "" + "" + "" + 9205b2da; + 19bfb474fd71d891f24bb65d1563259f9eb53b57 + 1ea629c54d57dd2d42f708 + 00 + "" + "" + 9ae9b8a9; + df9fcbaca48b77dba189196d1ebba10b0467cb9f + c2712a199e533fa9156308 + "" + cd + 19 + fab4799d; + ec3f768281e040a9b9a222bd689aef66f5306ceb + 0c6b08ac8b0a22260c + 571b4a42bb8fdb233bfa6a5cfb0bad7d95214ade49cb3b6f5fe8368131115c037ba323fe1dc8151784873f0eb5b647da + 6794c18b5337685a96ed65b9aca338527ef19b09c063c46f88de9fd41e72d7b97e23e6eabdff3bcd211499268878dbf3 + a11307a1d9df486ff782f6643324950ec651e2df47bab6ef1254fa7d04b59bca5f509bc9e781ed797105d39fb509de45 + 27d12d4fb2bc29dc306d5c2240e4894c; + 0f1dad89d4b9b12012e4713df46795630e7952d2 + 2bb02d7100b8b64937 + 7d20a8f083455b663e4ee1315f3c8f2aebfa921451dcd1af5813b70d30ce2f1fef6ef315d0798391805da0 + 8da3aefc5f8584b7c5e617669c0f16e39815d4e9cfce3ed1ecdf3d264a7f16cb16c2e815f422cdf0c8e30308be3c31e6bc58c0b7ca + 45adc79632d8fdc8470e9ea47e2523d2a9ad568b2817b5295c078756df3d7f584aaf4b4e9667023b719c1ef7ad9cb72bdf31746f56 + f1855db5745f0561fd8113b2ff6006ce; + dcb658b970e47479a684b5aefa69a4cd52147ed12ca986981a874498 + ad0abef8bc4fcb70e27e98 + "" + "" + "" + a84a331d; + ef1f0446b42fb144d44b6d00f06dc188d472a784e0c6f21195a3b9f4 + ae985511265febd11c1647 + 20 + "" + "" + e4256cb2; + eef9eb1c8dd0b00951f284649016ed00456331854bc78bf43966eb0c + fa9138ddc39908445608fe + "" + 95 + 52 + 87c71b52; + e81c2533e31c9c1a9851bc2810d858cbbc8424d126b807e6daa089c3 + f9099c5ffb824173d7 + 634c04226f30cbb7f0e4a973a8cd190107314717a77456f3ff669c732b58db8f48af65f7cc9e3fb90e1721b730374ffc + 9bc597f56ccbb2f294b38766fc69f6a9f2c0945ffd505003cc0cae9ce021a5f1fa4ffa91544485f1a1258b2b9b8f0911 + b000328931c8a1484cae26f4f7be0415d58858fcff326136d37fd981492c5851163f68326cac9d4b80f29f5c157a28c2 + 9b9c5705e2d569fc1b280731e4286027; + e32d65cc1770a18cbfe6effd1ff6778554acf1270485b203a3c1c4c9 + 67c0a458cb948bdd40 + 9b687fa3a6827b480aa3a4c84cef64f6c9b53bf8f957f4b03cf43e89957f9a3e8128f8743d16687b7bb8de + b9bd205b70e04c091d205cdad9e9a79b1abf91b0851e5ca605ac8451399587011677508a15dde524af3e2bee0646541a42c2ecccb4 + d038ac6646cb2b6da23963eac488def0a233d63e097f9b981d322f96d6cad2d2c2be978d566a5afd8b20ecff4f1c8765ee5446c2a3 + 28b572f708c9a6eb036444c0a9e8818c; + 4d65bad397abfaf529ee41cf + 9a05c7efedef3401539c51 + "" + "" + "" + 66c301e7; + d2a90bbf7f1bfc338ab0ef57 + 46ea8fdcccd213e33f7e8a + 57 + "" + "" + df5a4e4e; + 18fd25014107c8e7d715a92a + dd9589d1f5c054b2d98351 + "" + 46 + 2a + 0c3bbfb2; + 05ec590294a319b9802068a9 + f891bc5ba5afabf8c3 + 122d12d7ff3c41122d70d17d4569eaff59a332ba58d5d5589bfe079753ee1a957eb6d6699e6b7ea2725cb2dac07ecde9 + 5759ac46fee6dda7abc8ad68daac90cfe22d2f1f2968cc42fa8b669ed3bb3542a9cf44bbc8c6254d980398bd94e66eb4 + 5c4a984366df29ee88817bba556a52b0c17ce5c3a337caac667c792cd1d7b705e3db87734963b51d606d8022346fc267 + 1494a9ba0a649a71409b719d821d546f; + 563d405e51881e99027b8ab9 + aea3ccf860b0009740 + 763d96836c5f87b95460938de1288c69d80ea12ff4bb5f069b8a2e86041c1b9fc214e9ca2186ddf1f6a7a3 + aa7e740da967828e3604b35b15ffaa6c36800d9645563a308ba60076817523bd2abf1261b089d8f23a9c2835076a23faac2cdd6777 + 73f618f0bfb917a6ca4f6b7872dbd148fa97bbf8ab044f3331410eef1be00037e9293d851e99ee70c65cad306c4fc0cee754ee1e5c + f1c35f66bbb6b69b6c7aa3e7ed23e47e; +} + rijndael-eax { ## From Mihir Bellare, Phillip Rogaway, David Wagner, `The EAX Mode of ## Operation (A Two-Pass Authenticated-Encryption Scheme Optimized for diff --git a/symm/t/rijndael192 b/symm/t/rijndael192 index ceee24d4..248cbc36 100644 --- a/symm/t/rijndael192 +++ b/symm/t/rijndael192 @@ -2934,6 +2934,129 @@ rijndael192-cmac { 3848a7fc35a38ec5c202692eb9cc03067f1e3a587996a2fe; } +rijndael192-ccm { + 60d7bcda163547d348b7551195e77022 + 907dd1dff7dac5c9941d26d0c6eb14ad568f86 + "" + "" + "" + eb328a4c; + edd1dc9268eeee533285a6ed810c9b68 + 9daaa9060d2d4b6003062365b0a54364c76c16 + 0f + "" + "" + b2ac3bb1; + 11896c4794846ecfa14a7130c9f13712 + 0634c9519848a877ff77bf79192a5b50ade5d9 + "" + cd + d3 + 2fe24f74; + 739a3d1f337f29549e6b0d27a4ba2340 + 85406a6136512061f7080cc07d + f0591d8fa21f2dd88374d8cde8e160ad10997a21635c6d62c9269029df3e6057acc87638f508046733d9ff61cdbda3b3e9878731ebfedd4705e505da1435dceaa7b1cc49ae1d50c3 + 8201a894476b3f102b752eb9529533966f27043eb621b7f65b000961040ef2f9b2fc5fa450727a9b542cde52ebfda19d0ccc520f215eb57bb3a4f3ebbbb18ac6c95a97a48030370c + 6d7e47a271f0a9140ab83f9874698af802509e3ce08ae633274ec72ba7fc0439a766245ae5ea7e1581432240c5e9400e5d4da1d9f3ab8d203cf35bbc9bdc48354be9ab81d3c97197 + fa0923d87206b84258099d69261e1f86f7da4740051c5087; + 33d090c54215abd6b3ad54efc9a38378 + c5b93bf4f2aad2605faee2b03f + b648e27fff63102758fe2b69ac26afa3349829b94586306fed54154f8f28523c03d4de1600157846b710ee72807a2219bfb474fd71d891f24bb65d1563259f9eb53b57 + 1ea629c54d57dd2d42f70800df9fcbaca48b77dba189196d1ebba10b0467cb9fc2712a199e533fa9156308cdec3f768281e040a9b9a222bd689aef66f5306ceb0c6b08ac8b0a22260c571b4a42 + 3fc60a985fd9a0b75ff268e4dbf8c87195dcd97029ed59b6a8592fac9a954fd250025e1cb3fb3c7d509e327ceedf08d3c90467a66f23c7a45369ce96c0450e44b09434979c7962c4485c2b2bbf + 54ae41dbd56b7171107397fa7f4aa3a81f889a179161bcee; + bb8fdb233bfa6a5cfb0bad7d95214ade49cb3b6f + 5fe8368131115c037ba323fe1dc8151784873f + "" + "" + "" + b65bbb04; + 0eb5b647da6794c18b5337685a96ed65b9aca338 + 527ef19b09c063c46f88de9fd41e72d7b97e23 + e6 + "" + "" + d1f9ef31; + eabdff3bcd211499268878dbf30f1dad89d4b9b1 + 2012e4713df46795630e7952d22bb02d7100b8 + "" + b6 + f8 + 3b797ce2; + 49377d20a8f083455b663e4ee1315f3c8f2aebfa + 921451dcd1af5813b70d30ce2f + 1fef6ef315d0798391805da08da3aefc5f8584b7c5e617669c0f16e39815d4e9cfce3ed1ecdf3d264a7f16cb16c2e815f422cdf0c8e30308be3c31e6bc58c0b7cadcb658b970e474 + 79a684b5aefa69a4cd52147ed12ca986981a874498ad0abef8bc4fcb70e27e98ef1f0446b42fb144d44b6d00f06dc188d472a784e0c6f21195a3b9f4ae985511265febd11c164720 + 7b80a5b2f5259f81e3e755ac7afcaf2dfc39714c0b17a69c8a126fcf854ce88936114c5309af3ebc4d06437399884d56edcd0d5d89c0106326b3f801ac391c6ecfd167efc7d1b7d7 + 4b5a71ab534a4ae72dd6709be87c69173467728ed407de1f; + eef9eb1c8dd0b00951f284649016ed0045633185 + 4bc78bf43966eb0cfa9138ddc3 + 9908445608fe95e81c2533e31c9c1a9851bc2810d858cbbc8424d126b807e6daa089c3f9099c5ffb824173d7634c04226f30cbb7f0e4a973a8cd190107314717a77456 + f3ff669c732b58db8f48af65f7cc9e3fb90e1721b730374ffc9bc597f56ccbb2f294b38766fc69f6a9f2c0945ffd505003cc0cae9ce021a5f1fa4ffa91544485f1a1258b2b9b8f0911e32d65cc + 24d3d61a7ec5951c8e7687bf216082e306d71c7a9351d45e7272418a2e4a22c8d5f5255abc0f1f081919b0910596727bc3ac57f0f4e55d562144ea20ccac5c640ea08baf53f71e35faaa8d75f0 + 65337469537455c0488f31bdad41f2bd174c2b890dad1d33; + 1770a18cbfe6effd1ff6778554acf1270485b203a3c1c4c967c0a458 + cb948bdd409b687fa3a6827b480aa3a4c84cef + "" + "" + "" + 773f8182; + 64f6c9b53bf8f957f4b03cf43e89957f9a3e8128f8743d16687b7bb8 + deb9bd205b70e04c091d205cdad9e9a79b1abf + 91 + "" + "" + 1bad4133; + b0851e5ca605ac8451399587011677508a15dde524af3e2bee064654 + 1a42c2ecccb44d65bad397abfaf529ee41cf9a + "" + 05 + 41 + fdcd5753; + c7efedef3401539c51d2a90bbf7f1bfc338ab0ef5746ea8fdcccd213 + e33f7e8a5718fd25014107c8e7 + d715a92add9589d1f5c054b2d983514605ec590294a319b9802068a9f891bc5ba5afabf8c3122d12d7ff3c41122d70d17d4569eaff59a332ba58d5d5589bfe079753ee1a957eb6d6 + 699e6b7ea2725cb2dac07ecde95759ac46fee6dda7abc8ad68daac90cfe22d2f1f2968cc42fa8b669ed3bb3542a9cf44bbc8c6254d980398bd94e66eb4563d405e51881e99027b8a + 7f1ac5936bacdff5ab2339c74028aedc3266926aaa6685e9b688b5ac499d1a6912f4c957dbad07dc747ea4b9855f7656fd6952cbddb4a0296cf2e58227e0c05fad7d373f3a6a081f + bc33380a30663863f7d96afb80b51b7e89b08bbe5d523f62; + b9aea3ccf860b0009740763d96836c5f87b95460938de1288c69d80e + a12ff4bb5f069b8a2e86041c1b + 9fc214e9ca2186ddf1f6a7a3aa7e740da967828e3604b35b15ffaa6c36800d9645563a308ba60076817523bd2abf1261b089d8f23a9c2835076a23faac2cdd67771cc6 + 67a8331f0a170b66283e4f834a06148f302c3973accd56f6f24e33958b8c2e2352fd61e4fa8fec816ac861a8b33779f09e7a10fc02a8f48afa3080ee119a52a9a817e4f2b94b0820cab383a8cf + 055eaaabcac3b8d64c9d744eb534ea4259d6c114554cf28dee96aa729da5b70556f4a9a8724506b42fe6b2d266db7cd0b904881f7dcd312ea17e9d256e14fc40d8d6a6286cbcc3772cb3c79f25 + 72c96466655bf5d891fab5d415bc6065d3902ca0b8f95a40; + feea7c486315799dc875fba5 + 78c8ec4837898a92142b5b0677da1ac273117b + "" + "" + "" + bcaf4c92; + 45bcfff5d5f8b6fde2893232 + a9f81d14517ffae475f6b94a43a67b3d380d2f + 9a + "" + "" + 25f9961e; + aafe2dd721c0095c88088476 + 89211450ba8095ffab1eaadf66fd22ac197606 + "" + 3e + 10 + e0be6bf8; + 113ab61f813e28a1397a7974 + a1d7f4220c785fe426a5a0e80f + 678d404147842941feeffdc2eb44dc8c0d5e8f444f7f4e0c893959b74dc23a7bb40e7e0013e5150686d2301b43a15a84e81d7f5cedaa49e2414ebf47970e560475cff206877de691 + 46acc3ab6cf8556b7aa776945948d1b8834df2196c92ec1718dcdeee0d52d9539726d2810391b3f9d10c39b07ae8f08ce7cee4758a386a9943e97dedfbe61e737882cd09c2b9a80f + 633bd657368c964b774d76c9a8deef5e79c2db8c3ba300ff01b9a1685cb5688f8477c50bf62f380d5dcbf7e9fef05b73415e446f8675dcbd02c9a182b3647d7fc7e5320b9fc480bb + f3a1b675f8b96ce151ef507f6a587f4f9d78db3df352eef2; + 34c0fde11c2481b11fc76bfa + 4dbf710a9e544e0c536ca1e040 + f9ad5b04140d98edabe08485290a4d87d13b07398a1458c2c6b61dbdbc1cccada8c1a0a9aabb6c4e3c3554f8fb1ef61614c270295dfc0ca6551ca4bdb75359f91cb9d9 + 21056b7de74fc9a9b37154ce6c0b396179d31f06a1dd5982cbc0d7cb23841da1ae8f4ae480cda98ad6cf2bacf6f9fd3f821330c43f3df6c2b3fac7cbcf96523d4723f91801325eb8553236651c + 77d68b7c74c11fa6f23cab03c8e20965e7362191f15a359371f06954d0a8673d43d291db49563e5775d590a5b66a4de2c79fa96da0bbe7b18ff98fadead8cdc6bf8f559ed3675d46cca4cb27f3 + 828d1b75c068055451d00b6a0e8a5b0e5672f780c282a170; +} + rijndael192-eax { 60d7bcda163547d348b7551195e77022 "" diff --git a/symm/t/rijndael256 b/symm/t/rijndael256 index be3edb12..a4cd638f 100644 --- a/symm/t/rijndael256 +++ b/symm/t/rijndael256 @@ -2947,6 +2947,129 @@ rijndael256-cmac { 3e8977f205b75e6fae2105cbb8cdb26f3e8057957ce69b9e6be62362bd225924; } +rijndael256-ccm { + 60d7bcda163547d348b7551195e77022 + 907dd1dff7dac5c9941d26d0c6eb14ad568f86edd1dc9268eeee53 + "" + "" + "" + 39e9b611; + 3285a6ed810c9b689daaa9060d2d4b60 + 03062365b0a54364c76c160f11896c4794846ecfa14a7130c9f137 + 12 + "" + "" + 2de43d0d; + 0634c9519848a877ff77bf79192a5b50 + ade5d9cd739a3d1f337f29549e6b0d27a4ba234085406a61365120 + "" + 61 + af + 8b7456f9; + f7080cc07df0591d8fa21f2dd88374d8 + cde8e160ad10997a21635c6d62c9269029 + df3e6057acc87638f508046733d9ff61cdbda3b3e9878731ebfedd4705e505da1435dceaa7b1cc49ae1d50c38201a894476b3f102b752eb9529533966f27043eb621b7f65b000961040ef2f9b2fc5fa450727a9b542cde52ebfda19d0ccc520f + 215eb57bb3a4f3ebbbb18ac6c95a97a48030370c33d090c54215abd6b3ad54efc9a38378c5b93bf4f2aad2605faee2b03fb648e27fff63102758fe2b69ac26afa3349829b94586306fed54154f8f28523c03d4de1600157846b710ee72807a22 + 87e66fdcee4d517cac9c5df8c9a1250f9b4c4661766cc1f92ac99e539d615f16e9e922ed9a2858ec999c25a625c576360c99583babc0f0a2730dae7a28d505f72933cac1614ff406b2e57a81e42f6d939201ce863d146cea017de5759a440f99 + c225cb11adf2da0fe435a56b3c32692e9b469cd9a3d596e980fd06753fae46e6; + 19bfb474fd71d891f24bb65d1563259f + 9eb53b571ea629c54d57dd2d42f70800df + 9fcbaca48b77dba189196d1ebba10b0467cb9fc2712a199e533fa9156308cdec3f768281e040a9b9a222bd689aef66f5306ceb0c6b08ac8b0a22260c571b4a42bb8fdb233bfa6a5cfb0bad7d95214ade49cb3b6f5fe8368131115c + 037ba323fe1dc8151784873f0eb5b647da6794c18b5337685a96ed65b9aca338527ef19b09c063c46f88de9fd41e72d7b97e23e6eabdff3bcd211499268878dbf30f1dad89d4b9b12012e4713df46795630e7952d22bb02d7100b8b649377d20a8f083455b + c16a37dd487a042d5ef9f8e37dd62300e0f990b5d8b4475610726cc6c1f459079618a0e57a0c1a7edac73d37fc0b34772afc4db80db4b0955fcbe20cec2f09396f6b6935df5ba6a663eeda17386b5c2415a5ceba8da9f024d7ed0375d172cb64539a55c133 + 997e534457f57e31ac0bac767af4763e3289abe713dbe1b044dcd9d06e587077; + 663e4ee1315f3c8f2aebfa921451dcd1af5813b7 + 0d30ce2f1fef6ef315d0798391805da08da3aefc5f8584b7c5e617 + "" + "" + "" + c17f8532; + 669c0f16e39815d4e9cfce3ed1ecdf3d264a7f16 + cb16c2e815f422cdf0c8e30308be3c31e6bc58c0b7cadcb658b970 + e4 + "" + "" + 9238fb01; + 7479a684b5aefa69a4cd52147ed12ca986981a87 + 4498ad0abef8bc4fcb70e27e98ef1f0446b42fb144d44b6d00f06d + "" + c1 + 55 + a72c2d2c; + 88d472a784e0c6f21195a3b9f4ae985511265feb + d11c164720eef9eb1c8dd0b00951f28464 + 9016ed00456331854bc78bf43966eb0cfa9138ddc39908445608fe95e81c2533e31c9c1a9851bc2810d858cbbc8424d126b807e6daa089c3f9099c5ffb824173d7634c04226f30cbb7f0e4a973a8cd190107314717a77456f3ff669c732b58db + 8f48af65f7cc9e3fb90e1721b730374ffc9bc597f56ccbb2f294b38766fc69f6a9f2c0945ffd505003cc0cae9ce021a5f1fa4ffa91544485f1a1258b2b9b8f0911e32d65cc1770a18cbfe6effd1ff6778554acf1270485b203a3c1c4c967c0a4 + 58aa01bd9e621d51a56834475abe47e312b92c5cbc9ba2bda0b6c93f8205dd034dc7ea07fff025df7357c96de86f1abb81b7acd50c8152c2cc0b858a1a2269ef527b5b29b58b365e85e6a0c86c38f84484dbdb52451e8b9f3045b87d027d4274 + b0c5980dd1d865f66cf8afcab40eef4768d8eae4e3df3af89474ba26805dc97f; + 58cb948bdd409b687fa3a6827b480aa3a4c84cef + 64f6c9b53bf8f957f4b03cf43e89957f9a + 3e8128f8743d16687b7bb8deb9bd205b70e04c091d205cdad9e9a79b1abf91b0851e5ca605ac8451399587011677508a15dde524af3e2bee0646541a42c2ecccb44d65bad397abfaf529ee41cf9a05c7efedef3401539c51d2a90b + bf7f1bfc338ab0ef5746ea8fdcccd213e33f7e8a5718fd25014107c8e7d715a92add9589d1f5c054b2d983514605ec590294a319b9802068a9f891bc5ba5afabf8c3122d12d7ff3c41122d70d17d4569eaff59a332ba58d5d5589bfe079753ee1a957eb6d6 + d60e61dc2da592c48e916f6185dc2f21f8f81967a0606a90d65d2cd698eb7a496483fd545a49496f140faa6f9faa01ba37877b389f62827032b6f212f454415fe8b55511cbe76dd33304342e41def358962982d37f447e45ebdf80e1da9e971926bb261b8f + 2d6f1893de28ec8fe81d627c746bef1734bdbf70342adf8366fd9ee123893f8b; + 699e6b7ea2725cb2dac07ecde95759ac46fee6dda7abc8ad68daac90 + cfe22d2f1f2968cc42fa8b669ed3bb3542a9cf44bbc8c6254d9803 + "" + "" + "" + d5c932ed; + 98bd94e66eb4563d405e51881e99027b8ab9aea3ccf860b000974076 + 3d96836c5f87b95460938de1288c69d80ea12ff4bb5f069b8a2e86 + 04 + "" + "" + cc3630f9; + 1c1b9fc214e9ca2186ddf1f6a7a3aa7e740da967828e3604b35b15ff + aa6c36800d9645563a308ba60076817523bd2abf1261b089d8f23a + "" + 9c + a9 + 893c9eb6; + 2835076a23faac2cdd67771cc667a8331f0a170b66283e4f834a0614 + 8f302c3973accd56f6f24e33958b8c2e23 + 52fd61e4fa8fec816ac861a8b33779f09e7a10fc02a8f48afa3080ee119a52a9a817e4f2b94b0820cab383a8cffeea7c486315799dc875fba578c8ec4837898a92142b5b0677da1ac273117b45bcfff5d5f8b6fde2893232a9f81d14517ffae4 + 75f6b94a43a67b3d380d2f9aaafe2dd721c0095c8808847689211450ba8095ffab1eaadf66fd22ac1976063e113ab61f813e28a1397a7974a1d7f4220c785fe426a5a0e80f678d404147842941feeffdc2eb44dc8c0d5e8f444f7f4e0c893959 + 696865f6691e1d423ef29c34769d153e154cf60958dca4671f95cd3e798b078ac5bb61ac610a204ae8fa705e0049e67e33524939589b79f2dd0a4afb1af3de3be22f63024fbeb4114fe9d63599cbb6bbeb46b6dfbff4c4c4045a195a9f6e841f + 2f8b9f3db32f5ac54b01d587c12a62439f1c211ae0d95749c8c6307a53f94832; + b74dc23a7bb40e7e0013e5150686d2301b43a15a84e81d7f5cedaa49 + e2414ebf47970e560475cff206877de691 + 46acc3ab6cf8556b7aa776945948d1b8834df2196c92ec1718dcdeee0d52d9539726d2810391b3f9d10c39b07ae8f08ce7cee4758a386a9943e97dedfbe61e737882cd09c2b9a80f34c0fde11c2481b11fc76bfa4dbf710a9e544e + 0c536ca1e040f9ad5b04140d98edabe08485290a4d87d13b07398a1458c2c6b61dbdbc1cccada8c1a0a9aabb6c4e3c3554f8fb1ef61614c270295dfc0ca6551ca4bdb75359f91cb9d921056b7de74fc9a9b37154ce6c0b396179d31f06a1dd5982cbc0d7cb + a6c5eba6167038a4cad7ba1d4b56486454220bbb137441c9dce2aeaeff28d7483ed42af4e09ada32dd9378f098f84a1490feb1b69fde424336de7ee13cf3d78e98b06d4c256ea7b2c8d09a844183d4fbd9ab8cb1e5daaa68065c654f913cf993f24352ea79 + d12d64dd43380368b4c96be31ed6506d5062d06db2b9feddd8eeaab6e1e05328; + 23841da1ae8f4ae480cda98a + d6cf2bacf6f9fd3f821330c43f3df6c2b3fac7cbcf96523d4723f9 + "" + "" + "" + acf8fba1; + 1801325eb8553236651c9678 + 8d73d192ee53b3f3ebd66ddd98cedbe88e245de25b1593b70f8601 + 56 + "" + "" + 3ed65cbc; + 2d90a9b59ed034a867642d25 + d54756fa5c47f16f64b837bb4926214211a1c696ba172010abb433 + "" + 92 + e3 + 1e19bf8c; + 2a22d9fd881519165eb9d851 + 97a21cc34ac0d5ae7be8dbf98e4ffed2cf + 6b1372a5aa47b54fd9d70c70e117bf1cae71b3a56f0e7d839ea59cc783443d64f2ed6a29b96856beca34fd6544bcf86b799e2a1681160ccf055f0fd3001da597a1406d465b7b1419ea51cf858f938f6daafbd656445a09898eaa96ffc3d1d2e3 + 1e4e34c94b8bfae64825ecd75a66d88eedb969ffe07669845ebb7a24c69f13d099f47166edf54538e88fbf433a7ff212085179e79771f6eee7283ab178ef2b800d7b969da05780ffc1ba78c70dda7a4ca2a25e771702fb1901ecfc8a959cb8e7 + 0a55d15edec4262afac43ca1fe8e3d9ef79463234eaa45795af83c017e36d9238ccb373eb40a3eac59f2759558e25e60769170f0f38a433a24587c8c525db9af75cb4a3e91f0dd7cc0d59599eeb07761a35ccfa9c548b681e2353c743f60a4e4 + 9995e65234d6516ca613e75bf36b740df93c28e99cf02c5b1b9ac12479373025; + 5079bb018ccc8c54f31b450e + 88f8e9002926ad0284c738f4cb0f58a1e3 + 4c8b15ad930c1b627235a2cb84241986c251f5b70be2367f047265264e0da72efe8995e6c932a17eab511eddb8e4ba463c663035a6ae8a7a899e4279d54d03f0e0f3e961dcfd40088d5be74088e4097efb0368c7e2f431ee6988cf + 2a0e9ebeb3de79c4f86c9e4fba61339d6d907eab7707ca48ff5ba1ae93d16225d469de5747bc1addf5748729720a320fe14fd29cfc59314fe2079c0a2535ded56112d6e3d33dcf7c71cd7d130323794e3da84a9df69703a9caf02d2a8f57ac71e554a6850d + 69a364a10ea53ab96e931e5c449427a40d2d571e8beb2dbb7577edd3c581456358be681655e7490b139a138ba9ffcf95636344a6886ae4e222f46ea7e5e6e4529c75276734895d322770de34b9919b2e7add2bfab0952d053b8991f39198ad4c61391d691e + 77bab4bc3ed79b9a7d89be7f7a3f82f34628063596ce73129905c0020b9bc0ad; +} + rijndael256-eax { 60d7bcda163547d348b7551195e77022 "" diff --git a/symm/t/safer b/symm/t/safer index 7f907a62..c4abf0bc 100644 --- a/symm/t/safer +++ b/symm/t/safer @@ -39,6 +39,69 @@ safer-cmac { fe61dbd63946d430; } +safer-ccm { + bef260d7bcda163547d348b7551195e7 + 702290 + "" + "" + "" + 74955b21; + 7dd1dff7dac5c9941d26d0c6eb14ad56 + 8f86ed + d1 + "" + "" + 64c48de4; + dc9268eeee533285a6ed810c9b689daa + a9060d + "" + 2d + fe + a0c2fe72; + 4b6003062365b0a54364c76c160f1189 + 6c4794846e + cfa14a7130c9f137120634c9519848a877ff77bf79192a5b + 50ade5d9cd739a3d1f337f29549e6b0d27a4ba234085406a + 0f78a0e09e9cf67419d6cec4139324f10d8b36dc7b0cc47a + 4495b1b7dac09ecb; + 6136512061f7080cc07df0591d8fa21f + 2dd88374d8 + cde8e160ad10997a21635c6d62c9269029df3e + 6057acc87638f508046733d9ff61cdbda3b3e9878731ebfedd4705e505 + d231d706e1a93d3f14c39ffb9b4e7d849e5daa713039d171cd99e50314 + 1b755d09c0126620; + da1435dceaa7b1cc + 49ae1d + "" + "" + "" + cd1b5bbc; + 50c38201a894476b + 3f102b + 75 + "" + "" + c2096bb2; + 2eb9529533966f27 + 043eb6 + "" + 21 + 53 + 25a20612; + b7f65b000961040e + f2f9b2fc5f + a450727a9b542cde52ebfda19d0ccc520f215eb57bb3a4f3 + ebbbb18ac6c95a97a48030370c33d090c54215abd6b3ad54 + 226b9bb081738ba5f6626653861db3f32832d8551f5a1b96 + 11e255d4c06111f5; + efc9a38378c5b93b + f4f2aad260 + 5faee2b03fb648e27fff63102758fe2b69ac26 + afa3349829b94586306fed54154f8f28523c03d4de1600157846b710ee + e06ad69863c7d36838a811277e746eb2319191c405682d38ccdff9654b + d3160250b4828281; +} + safer-eax { bef260d7bcda163547d348b7551195e7 "" diff --git a/symm/t/safersk b/symm/t/safersk index 6c91da18..92cddeb7 100644 --- a/symm/t/safersk +++ b/symm/t/safersk @@ -27,6 +27,69 @@ safersk-cmac { d85e3e89ce01118c; } +safersk-ccm { + bef260d7bcda163547d348b7551195e7 + 702290 + "" + "" + "" + 9a4a828c; + 7dd1dff7dac5c9941d26d0c6eb14ad56 + 8f86ed + d1 + "" + "" + 41f68f45; + dc9268eeee533285a6ed810c9b689daa + a9060d + "" + 2d + 7b + acc985bb; + 4b6003062365b0a54364c76c160f1189 + 6c4794846e + cfa14a7130c9f137120634c9519848a877ff77bf79192a5b + 50ade5d9cd739a3d1f337f29549e6b0d27a4ba234085406a + aa629c01eb3b15ede6c2e4366419b5e5f40469d538d373ed + a136e047cf4a68b0; + 6136512061f7080cc07df0591d8fa21f + 2dd88374d8 + cde8e160ad10997a21635c6d62c9269029df3e + 6057acc87638f508046733d9ff61cdbda3b3e9878731ebfedd4705e505 + 1c34203b3161577c889c9db08bf34b20a3e5da5857a94d09e73edf7210 + 953f9c31334dfede; + da1435dceaa7b1cc + 49ae1d + "" + "" + "" + b5ad4f52; + 50c38201a894476b + 3f102b + 75 + "" + "" + f69a75fd; + 2eb9529533966f27 + 043eb6 + "" + 21 + 14 + 72b85363; + b7f65b000961040e + f2f9b2fc5f + a450727a9b542cde52ebfda19d0ccc520f215eb57bb3a4f3 + ebbbb18ac6c95a97a48030370c33d090c54215abd6b3ad54 + b65cbf23154b9798e5250e96f51659df1024bf6b0ffd859b + 9616166b0ae5320f; + efc9a38378c5b93b + f4f2aad260 + 5faee2b03fb648e27fff63102758fe2b69ac26 + afa3349829b94586306fed54154f8f28523c03d4de1600157846b710ee + 6d0ac961eed6fa2cad9f51d293bad02ecc7a8effe3511cb9aae4935bbd + 96dee0d7ba957d24; +} + safersk-eax { bef260d7bcda163547d348b7551195e7 "" diff --git a/symm/t/serpent.local b/symm/t/serpent.local index b41ebef7..30f40064 100644 --- a/symm/t/serpent.local +++ b/symm/t/serpent.local @@ -51,6 +51,129 @@ serpent-cmac { 8ef0d030ddb7bd4c700e15efc563f5cf; } +serpent-ccm { + 60d7bcda163547d348b7551195 + e77022907dd1dff7dac5c9 + "" + "" + "" + dc912161; + 941d26d0c6eb14ad568f86edd1 + dc9268eeee533285a6ed81 + 0c + "" + "" + 5499b369; + 9b689daaa9060d2d4b60030623 + 65b0a54364c76c160f1189 + "" + 6c + 52 + ea1be4b3; + 4794846ecfa14a7130c9f13712 + 0634c9519848a877ff + 77bf79192a5b50ade5d9cd739a3d1f337f29549e6b0d27a4ba234085406a6136512061f7080cc07df0591d8fa21f2dd8 + 8374d8cde8e160ad10997a21635c6d62c9269029df3e6057acc87638f508046733d9ff61cdbda3b3e9878731ebfedd47 + 1d58fa7d358e6d619c942eb0285e79dbce0aee4e671ef19021d80ece2710a144ae511c8f973ff2f06d8c6f0cc2942c5e + 18d3a010e72c36fd75d6c2379c947385; + 05e505da1435dceaa7b1cc49ae + 1d50c38201a894476b + 3f102b752eb9529533966f27043eb621b7f65b000961040ef2f9b2fc5fa450727a9b542cde52ebfda19d0c + cc520f215eb57bb3a4f3ebbbb18ac6c95a97a48030370c33d090c54215abd6b3ad54efc9a38378c5b93bf4f2aad2605faee2b03fb6 + 7b48d588bb1af8f0eff0e80c692d51010b7f3b1d6655b2e18c1241862819d1a25631053d5eea17417a5b5c928d32eb181043df7dde + 8e0224854ea7153f52e096633776fc97; + 48e27fff63102758fe2b69ac + 26afa3349829b94586306f + "" + "" + "" + 940a7ecd; + ed54154f8f28523c03d4de16 + 00157846b710ee72807a22 + 19 + "" + "" + 99081a6e; + bfb474fd71d891f24bb65d15 + 63259f9eb53b571ea629c5 + "" + 4d + 95 + 67001f0c; + 57dd2d42f70800df9fcbaca4 + 8b77dba189196d1ebb + a10b0467cb9fc2712a199e533fa9156308cdec3f768281e040a9b9a222bd689aef66f5306ceb0c6b08ac8b0a22260c57 + 1b4a42bb8fdb233bfa6a5cfb0bad7d95214ade49cb3b6f5fe8368131115c037ba323fe1dc8151784873f0eb5b647da67 + 59c14232f48220ad1f3966d9d52d9b9b9ae739c4fa6a690c445716eb73951b229de71b78e83b03ac3401f58adaafd1bd + 2f3304e936c26f3998308ceb36022d3a; + 94c18b5337685a96ed65b9ac + a338527ef19b09c063 + c46f88de9fd41e72d7b97e23e6eabdff3bcd211499268878dbf30f1dad89d4b9b12012e4713df46795630e + 7952d22bb02d7100b8b649377d20a8f083455b663e4ee1315f3c8f2aebfa921451dcd1af5813b70d30ce2f1fef6ef315d079839180 + 99574f4879d83e020a18b5133a5c97d0c7fc72a37e787d16e6d8e959df0cc8d9b62cb8f54d74208c140f13abce1dc058829dc0bd01 + 0dd232275c64fcfc8b5d0fc2bf948ebe; + 5da08da3aefc5f85 + 84b7c5e617669c0f16e398 + "" + "" + "" + e6725fe0; + 15d4e9cfce3ed1ec + df3d264a7f16cb16c2e815 + f4 + "" + "" + ad7b2fe0; + 22cdf0c8e30308be + 3c31e6bc58c0b7cadcb658 + "" + b9 + 6e + f2943ec1; + 70e47479a684b5ae + fa69a4cd52147ed12c + a986981a874498ad0abef8bc4fcb70e27e98ef1f0446b42fb144d44b6d00f06dc188d472a784e0c6f21195a3b9f4ae98 + 5511265febd11c164720eef9eb1c8dd0b00951f284649016ed00456331854bc78bf43966eb0cfa9138ddc39908445608 + e1e63326b5795e04360ba24658defb1216302976c9a921ea18adf8b1723a91a6a8095e1d2b49a9e48cd603dd707d881e + 1b69dccc1f344f1ca9d04a725b5481bc; + fe95e81c2533e31c + 9c1a9851bc2810d858 + cbbc8424d126b807e6daa089c3f9099c5ffb824173d7634c04226f30cbb7f0e4a973a8cd190107314717a7 + 7456f3ff669c732b58db8f48af65f7cc9e3fb90e1721b730374ffc9bc597f56ccbb2f294b38766fc69f6a9f2c0945ffd505003cc0c + 61ad6fd5019e1229ae86cd9840357861473a647ec3a939e9e68113c289e1f917e658651cf2217aa46837c404632b1feabb16939df0 + 6881e216ee5fd2da76529e9019027188; + ae9ce021a5f1fa4ffa91544485f1a1258b + 2b9b8f0911e32d65cc1770 + "" + "" + "" + 6679e4e9; + a18cbfe6effd1ff6778554acf1270485b2 + 03a3c1c4c967c0a458cb94 + 8b + "" + "" + c6460f74; + dd409b687fa3a6827b480aa3a4c84cef64 + f6c9b53bf8f957f4b03cf4 + "" + 3e + 83 + b85403e7; + 89957f9a3e8128f8743d16687b7bb8deb9 + bd205b70e04c091d20 + 5cdad9e9a79b1abf91b0851e5ca605ac8451399587011677508a15dde524af3e2bee0646541a42c2ecccb44d65bad397 + abfaf529ee41cf9a05c7efedef3401539c51d2a90bbf7f1bfc338ab0ef5746ea8fdcccd213e33f7e8a5718fd25014107 + 2651fec0d8fcff49d1f5df59bf41bd0c6fef0e7d49c915bd20f775ffd8af47be58f20ed9f7a5709978e5af892ff52ea6 + 8247a18e44f3a38840a6c98db85a10e3; + c8e7d715a92add9589d1f5c054b2d98351 + 4605ec590294a319b9 + 802068a9f891bc5ba5afabf8c3122d12d7ff3c41122d70d17d4569eaff59a332ba58d5d5589bfe079753ee + 1a957eb6d6699e6b7ea2725cb2dac07ecde95759ac46fee6dda7abc8ad68daac90cfe22d2f1f2968cc42fa8b669ed3bb3542a9cf44 + f060d6a432737be40681731d964ae4310460967fab931db70fd394d02c4f2691b14891986837af0342d9d01e688498e161ce84598a + 6db772689af25f8ebba8ad1966dfa1ea; +} + serpent-eax { ## Taken from Secnet, with thanks to Ian Jackson. diff --git a/symm/t/skipjack b/symm/t/skipjack index 9c7704b7..50531295 100644 --- a/symm/t/skipjack +++ b/symm/t/skipjack @@ -115,6 +115,39 @@ skipjack-cmac { cffcc55881902725; } +skipjack-ccm { + e4bef260d7bcda163547 + d348b7 + "" + "" + "" + a8e3e588; + 551195e77022907dd1df + f7dac5 + c9 + "" + "" + 3b47dc26; + 941d26d0c6eb14ad568f + 86edd1 + "" + dc + fe + 61bfe011; + 9268eeee533285a6ed81 + 0c9b689daa + a9060d2d4b6003062365b0a54364c76c160f11896c479484 + 6ecfa14a7130c9f137120634c9519848a877ff77bf79192a + 3599e35441a20dab5e973151a0f3d8dbde983d9a896d3463 + dee97ef167dde431; + 5b50ade5d9cd739a3d1f + 337f29549e + 6b0d27a4ba234085406a6136512061f7080cc0 + 7df0591d8fa21f2dd88374d8cde8e160ad10997a21635c6d62c9269029 + a72ba97fe436bdad5e7416aa41b733be94324faf2d70cc67a31559f7d7 + d14f0eba040f800d; +} + skipjack-eax { e4bef260d7bcda163547 "" diff --git a/symm/t/square b/symm/t/square index 5a183dd8..de1c6dbb 100644 --- a/symm/t/square +++ b/symm/t/square @@ -561,6 +561,99 @@ square-cmac { a1fa99cf13347b5b803ccc6c2e183381; } +square-ccm { + f260d7bc + da163547d348b7551195e7 + "" + "" + "" + 6f6ddeb0; + 7022907d + d1dff7dac5c9941d26d0c6 + eb + "" + "" + bba9ea11; + 14ad568f + 86edd1dc9268eeee533285 + "" + a6 + 0a + 507bd8ea; + ed810c9b + 689daaa9060d2d4b60 + 03062365b0a54364c76c160f11896c4794846ecfa14a7130c9f137120634c9519848a877ff77bf79192a5b50ade5d9cd + 739a3d1f337f29549e6b0d27a4ba234085406a6136512061f7080cc07df0591d8fa21f2dd88374d8cde8e160ad10997a + 2de5299d997f5a95d32115f84b8cbc072043580e27bb6ace6654173512e0d464ce4358899c43ac2befe5cbe68155797b + 217a8c66edf6aad2f17f555c8936028b; + 21635c6d + 62c9269029df3e6057 + acc87638f508046733d9ff61cdbda3b3e9878731ebfedd4705e505da1435dceaa7b1cc49ae1d50c38201a8 + 94476b3f102b752eb9529533966f27043eb621b7f65b000961040ef2f9b2fc5fa450727a9b542cde52ebfda19d0ccc520f215eb57b + f88c7d34053cc7278c3e3b09715ab3dec3aa050aa70aa6dcd560a9ea58ddd10857b9bcffb98e2af8a3c851f60f540ab8872af0df1d + a65b843ead57238ecd6bf0eea46d6fbe; + b3a4f3ebbbb18ac6c95a97a4 + 8030370c33d090c54215ab + "" + "" + "" + 345fc32c; + d6b3ad54efc9a38378c5b93b + f4f2aad2605faee2b03fb6 + 48 + "" + "" + 89dc30e5; + e27fff63102758fe2b69ac26 + afa3349829b94586306fed + "" + 54 + ba + 595a1d50; + 154f8f28523c03d4de160015 + 7846b710ee72807a22 + 19bfb474fd71d891f24bb65d1563259f9eb53b571ea629c54d57dd2d42f70800df9fcbaca48b77dba189196d1ebba10b + 0467cb9fc2712a199e533fa9156308cdec3f768281e040a9b9a222bd689aef66f5306ceb0c6b08ac8b0a22260c571b4a + 562758f6a2b849784695d8f36b992eb75a439f9e4daaffff462c1c0e2ed738ae81857040c7bc33093d5d962635b162b3 + de5af35682b227c7c585fd7ac841b903; + 42bb8fdb233bfa6a5cfb0bad + 7d95214ade49cb3b6f + 5fe8368131115c037ba323fe1dc8151784873f0eb5b647da6794c18b5337685a96ed65b9aca338527ef19b + 09c063c46f88de9fd41e72d7b97e23e6eabdff3bcd211499268878dbf30f1dad89d4b9b12012e4713df46795630e7952d22bb02d71 + ef06fd51aee9d8dc17ae50cb1aede6b88f5a5f0e2bfa12f825ef09a757e06a1fd2571bc34e3d6796ea05613d6323cf0ea90dfe15c8 + efd15ead8ef69008007fb696c5e0de7b; + 00b8b649377d20a8 + f083455b663e4ee1315f3c + "" + "" + "" + 6f0d9e5d; + 8f2aebfa921451dc + d1af5813b70d30ce2f1fef + 6e + "" + "" + 76d11bad; + f315d0798391805d + a08da3aefc5f8584b7c5e6 + "" + 17 + 0f + 8aa0fb43; + 669c0f16e39815d4 + e9cfce3ed1ecdf3d26 + 4a7f16cb16c2e815f422cdf0c8e30308be3c31e6bc58c0b7cadcb658b970e47479a684b5aefa69a4cd52147ed12ca986 + 981a874498ad0abef8bc4fcb70e27e98ef1f0446b42fb144d44b6d00f06dc188d472a784e0c6f21195a3b9f4ae985511 + b98ec80c9bfcbbf817b03abb770cb6121b7dbf4b497b1af44e9c910bfa324279416423f51b97738f01f27c70436330ef + 4d5d0ebb6586b5e8405e66fed4c0361e; + 265febd11c164720 + eef9eb1c8dd0b00951 + f284649016ed00456331854bc78bf43966eb0cfa9138ddc39908445608fe95e81c2533e31c9c1a9851bc28 + 10d858cbbc8424d126b807e6daa089c3f9099c5ffb824173d7634c04226f30cbb7f0e4a973a8cd190107314717a77456f3ff669c73 + e948dd0b7f57ae2f94ed538207db42a1f4e3e743aa1105e600284b3b92ce82b4c99ee0a2db8f7f51d17a7084aa068eba1a1f0cd0a7 + 401f2e64af6c6d18382d1546abe984e4; +} + square-eax { f260d7bc "" diff --git a/symm/t/tea b/symm/t/tea index ede8865f..a7d03d58 100644 --- a/symm/t/tea +++ b/symm/t/tea @@ -124,6 +124,129 @@ tea-cmac { ac308d1e150a1c6e; } +tea-ccm { + 60d7bcda163547d348b7551195 + e77022 + "" + "" + "" + 530b9b73; + 907dd1dff7dac5c9941d26d0c6 + eb14ad + 56 + "" + "" + 0b824023; + 8f86edd1dc9268eeee533285a6 + ed810c + "" + 9b + 61 + 1cfad40f; + 689daaa9060d2d4b6003062365 + b0a54364c7 + 6c160f11896c4794846ecfa14a7130c9f137120634c95198 + 48a877ff77bf79192a5b50ade5d9cd739a3d1f337f29549e + 9e8ba32c68560a3f15c30cf5a03a842fd9b0fa0efe2cab90 + 1380f2213a0ab1b6; + 6b0d27a4ba234085406a613651 + 2061f7080c + c07df0591d8fa21f2dd88374d8cde8e160ad10 + 997a21635c6d62c9269029df3e6057acc87638f508046733d9ff61cdbd + eb7a05983eb9b9015770af0d2c48f693102f1b74249ce318fb8cc63b25 + 5624c3dd7fbb9480; + a3b3e9878731eb + fedd47 + "" + "" + "" + 4567c460; + 05e505da1435dc + eaa7b1 + cc + "" + "" + f8bc87fa; + 49ae1d50c38201 + a89447 + "" + 6b + 50 + e52efea4; + 3f102b752eb952 + 9533966f27 + 043eb621b7f65b000961040ef2f9b2fc5fa450727a9b542c + de52ebfda19d0ccc520f215eb57bb3a4f3ebbbb18ac6c95a + 66f563e434c693a453b8d671eb3028567196efe3862247b5 + 2189a607137658bd; + 97a48030370c33 + d090c54215 + abd6b3ad54efc9a38378c5b93bf4f2aad2605f + aee2b03fb648e27fff63102758fe2b69ac26afa3349829b94586306fed + a17d9633a5629dc6336820d8bcdee53caa4989a877fd040f523603f3dd + dd98b6ad547d14c2; + 54154f8f28523c03d4de + 160015 + "" + "" + "" + 8cd54796; + 7846b710ee72807a2219 + bfb474 + fd + "" + "" + 4eb0f5a5; + 71d891f24bb65d156325 + 9f9eb5 + "" + 3b + d6 + ed17ae0a; + 571ea629c54d57dd2d42 + f70800df9f + cbaca48b77dba189196d1ebba10b0467cb9fc2712a199e53 + 3fa9156308cdec3f768281e040a9b9a222bd689aef66f530 + a56c65d5ded200e4794f3478f6774dc80e78ebd4ab58a107 + 12c12c76eaf729d8; + 6ceb0c6b08ac8b0a2226 + 0c571b4a42 + bb8fdb233bfa6a5cfb0bad7d95214ade49cb3b + 6f5fe8368131115c037ba323fe1dc8151784873f0eb5b647da6794c18b + 5fc52790c2df7b9f044c3e6316146e03002f98398cedd18400504685c0 + 6cc3f23b70f9e36e; + 5337685a96ed65b9ac + a33852 + "" + "" + "" + b0ad3d08; + 7ef19b09c063c46f88 + de9fd4 + 1e + "" + "" + 97501f94; + 72d7b97e23e6eabdff + 3bcd21 + "" + 14 + 1a + 25f269c4; + 99268878dbf30f1dad + 89d4b9b120 + 12e4713df46795630e7952d22bb02d7100b8b649377d20a8 + f083455b663e4ee1315f3c8f2aebfa921451dcd1af5813b7 + 0d3a7ed00ed5d1408dc96af9770a20b7e9a64569ce57c57a + 48de48bb0f882042; + 0d30ce2f1fef6ef315 + d079839180 + 5da08da3aefc5f8584b7c5e617669c0f16e398 + 15d4e9cfce3ed1ecdf3d264a7f16cb16c2e815f422cdf0c8e30308be3c + 41f84b6002f879d39df0797e355cb3a57a3fe6fd635c0daec81ebc831f + 79c9b18e32ba64e1; +} + tea-eax { 60d7bcda163547d348b7551195 "" diff --git a/symm/t/twofish.local b/symm/t/twofish.local index 3bc17bdb..b8c6ebd5 100644 --- a/symm/t/twofish.local +++ b/symm/t/twofish.local @@ -51,6 +51,129 @@ twofish-cmac { dabc6ab5c4f7051e8211bcafd27650f6; } +twofish-ccm { + 60d7bcda163547d348b7551195 + e77022907dd1dff7dac5c9 + "" + "" + "" + b0c9e428; + 941d26d0c6eb14ad568f86edd1 + dc9268eeee533285a6ed81 + 0c + "" + "" + 68f3bf5a; + 9b689daaa9060d2d4b60030623 + 65b0a54364c76c160f1189 + "" + 6c + c6 + 30270248; + 4794846ecfa14a7130c9f13712 + 0634c9519848a877ff + 77bf79192a5b50ade5d9cd739a3d1f337f29549e6b0d27a4ba234085406a6136512061f7080cc07df0591d8fa21f2dd8 + 8374d8cde8e160ad10997a21635c6d62c9269029df3e6057acc87638f508046733d9ff61cdbda3b3e9878731ebfedd47 + f3d43c102dc21b52ba97431dbe9d96795b0c6d04920b5477e6ebf4706786e1bb6bf172fa749e9f62041c7b697875d4ee + 89a2a9f68c8a775f6d0ad66e43bfc2b5; + 05e505da1435dceaa7b1cc49ae + 1d50c38201a894476b + 3f102b752eb9529533966f27043eb621b7f65b000961040ef2f9b2fc5fa450727a9b542cde52ebfda19d0c + cc520f215eb57bb3a4f3ebbbb18ac6c95a97a48030370c33d090c54215abd6b3ad54efc9a38378c5b93bf4f2aad2605faee2b03fb6 + 13d35753fc8ea503aa2f2ce83e66c54c392aeab215aacd566043634da890cac0f81e7318c2640f2ccbdf691baf4e36e42d48a992a2 + 0337b188fc02b7868b5f6c0b9c462f44; + 48e27fff63102758fe2b69ac + 26afa3349829b94586306f + "" + "" + "" + f3b74c76; + ed54154f8f28523c03d4de16 + 00157846b710ee72807a22 + 19 + "" + "" + 0efb24c2; + bfb474fd71d891f24bb65d15 + 63259f9eb53b571ea629c5 + "" + 4d + fc + 2f1984e1; + 57dd2d42f70800df9fcbaca4 + 8b77dba189196d1ebb + a10b0467cb9fc2712a199e533fa9156308cdec3f768281e040a9b9a222bd689aef66f5306ceb0c6b08ac8b0a22260c57 + 1b4a42bb8fdb233bfa6a5cfb0bad7d95214ade49cb3b6f5fe8368131115c037ba323fe1dc8151784873f0eb5b647da67 + 6a399a08440ac7cb9d502c9f52a33d1df8ee9681bab13cfa2cae7aaeb82071cd7c99df8f768be5f910cf8db83e09f14c + 2ed58e267c0b2588e3910f0c31b961d3; + 94c18b5337685a96ed65b9ac + a338527ef19b09c063 + c46f88de9fd41e72d7b97e23e6eabdff3bcd211499268878dbf30f1dad89d4b9b12012e4713df46795630e + 7952d22bb02d7100b8b649377d20a8f083455b663e4ee1315f3c8f2aebfa921451dcd1af5813b70d30ce2f1fef6ef315d079839180 + 7aa91272a3c0c35156125064eb307c2e5bfe698266b7effff016afe64776bcc38d6965424f882285c418a92f480c24c59fcb2c1f79 + 6b3f9910b25e356ecfac4863fcee37d3; + 5da08da3aefc5f85 + 84b7c5e617669c0f16e398 + "" + "" + "" + b17a3a3d; + 15d4e9cfce3ed1ec + df3d264a7f16cb16c2e815 + f4 + "" + "" + d95d0468; + 22cdf0c8e30308be + 3c31e6bc58c0b7cadcb658 + "" + b9 + c7 + 0ef68941; + 70e47479a684b5ae + fa69a4cd52147ed12c + a986981a874498ad0abef8bc4fcb70e27e98ef1f0446b42fb144d44b6d00f06dc188d472a784e0c6f21195a3b9f4ae98 + 5511265febd11c164720eef9eb1c8dd0b00951f284649016ed00456331854bc78bf43966eb0cfa9138ddc39908445608 + b0710f1564a118168643f2365349548ad8955fb798437ec62b9b3005d68ffc8e50ea0b92e3c7fe92c0c0660ec9945182 + e2d3128d41c1f5f53fd1727fe0b0b097; + fe95e81c2533e31c + 9c1a9851bc2810d858 + cbbc8424d126b807e6daa089c3f9099c5ffb824173d7634c04226f30cbb7f0e4a973a8cd190107314717a7 + 7456f3ff669c732b58db8f48af65f7cc9e3fb90e1721b730374ffc9bc597f56ccbb2f294b38766fc69f6a9f2c0945ffd505003cc0c + fc551743341d475b9daee5768d456ab9a1e4c4156650b10689702560de27cc285a543e06e6f0b8e3e2868deba6ea47016e54a72bf5 + 169d69aa85a8d2806a324ea9568094fd; + ae9ce021a5f1fa4ffa91544485f1a1258b + 2b9b8f0911e32d65cc1770 + "" + "" + "" + eb7833ed; + a18cbfe6effd1ff6778554acf1270485b2 + 03a3c1c4c967c0a458cb94 + 8b + "" + "" + 2d96cd56; + dd409b687fa3a6827b480aa3a4c84cef64 + f6c9b53bf8f957f4b03cf4 + "" + 3e + 12 + 5739e99a; + 89957f9a3e8128f8743d16687b7bb8deb9 + bd205b70e04c091d20 + 5cdad9e9a79b1abf91b0851e5ca605ac8451399587011677508a15dde524af3e2bee0646541a42c2ecccb44d65bad397 + abfaf529ee41cf9a05c7efedef3401539c51d2a90bbf7f1bfc338ab0ef5746ea8fdcccd213e33f7e8a5718fd25014107 + 9a42a39fcbb079b601c9a0169b11a7bda9592f85ee47a7cebf8be2dad4157356aedf18d3c792446f2439a0cf0d95e7f7 + 37724239996c480fc49e7e43a84458bc; + c8e7d715a92add9589d1f5c054b2d98351 + 4605ec590294a319b9 + 802068a9f891bc5ba5afabf8c3122d12d7ff3c41122d70d17d4569eaff59a332ba58d5d5589bfe079753ee + 1a957eb6d6699e6b7ea2725cb2dac07ecde95759ac46fee6dda7abc8ad68daac90cfe22d2f1f2968cc42fa8b669ed3bb3542a9cf44 + 0dd51ef8b16e3923be6906378e726f6e9d4b79b815fdad7282db135ee1d65a9b89f08c2976c77be0c5d76cdc530cfe077e71bfac9b + d086f21e917aa8b0152b51116a8d72af; +} + twofish-eax { 60d7bcda163547d348b7551195 "" diff --git a/symm/t/xtea b/symm/t/xtea index 007ab32c..a9b1ab3d 100644 --- a/symm/t/xtea +++ b/symm/t/xtea @@ -120,6 +120,129 @@ xtea-cmac { 295b9c45cd0a8bab; } +xtea-ccm { + 60d7bcda163547d348b7551195 + e77022 + "" + "" + "" + 254c9820; + 907dd1dff7dac5c9941d26d0c6 + eb14ad + 56 + "" + "" + 628ee141; + 8f86edd1dc9268eeee533285a6 + ed810c + "" + 9b + b6 + c68f9ba1; + 689daaa9060d2d4b6003062365 + b0a54364c7 + 6c160f11896c4794846ecfa14a7130c9f137120634c95198 + 48a877ff77bf79192a5b50ade5d9cd739a3d1f337f29549e + 5d451b7841e1046387c69f33e87585eedf30cd7df2d4a409 + ae1ade48fb30df53; + 6b0d27a4ba234085406a613651 + 2061f7080c + c07df0591d8fa21f2dd88374d8cde8e160ad10 + 997a21635c6d62c9269029df3e6057acc87638f508046733d9ff61cdbd + 587e64a45665ec8f4b0561f911c55bbddc89d3cb923ee2a79736d853f2 + 5dc68eee0336d9df; + a3b3e9878731eb + fedd47 + "" + "" + "" + e731a2e4; + 05e505da1435dc + eaa7b1 + cc + "" + "" + d61b3844; + 49ae1d50c38201 + a89447 + "" + 6b + 65 + ae5cf49a; + 3f102b752eb952 + 9533966f27 + 043eb621b7f65b000961040ef2f9b2fc5fa450727a9b542c + de52ebfda19d0ccc520f215eb57bb3a4f3ebbbb18ac6c95a + 5cda052e11d440e05347a5d392610573bb3382f451a23c91 + 6b984d2bbcde1308; + 97a48030370c33 + d090c54215 + abd6b3ad54efc9a38378c5b93bf4f2aad2605f + aee2b03fb648e27fff63102758fe2b69ac26afa3349829b94586306fed + e50f8051933dfcda7693161d2fa0885f455a610c3178d245abb8a7869c + 9bba96ded767f109; + 54154f8f28523c03d4de + 160015 + "" + "" + "" + 06d07295; + 7846b710ee72807a2219 + bfb474 + fd + "" + "" + 613f97d3; + 71d891f24bb65d156325 + 9f9eb5 + "" + 3b + 10 + 5262f065; + 571ea629c54d57dd2d42 + f70800df9f + cbaca48b77dba189196d1ebba10b0467cb9fc2712a199e53 + 3fa9156308cdec3f768281e040a9b9a222bd689aef66f530 + 728d0e2c1f92403c6c91538ca0a4d33c644728aa324d6fec + 3c8af92993cf2dfc; + 6ceb0c6b08ac8b0a2226 + 0c571b4a42 + bb8fdb233bfa6a5cfb0bad7d95214ade49cb3b + 6f5fe8368131115c037ba323fe1dc8151784873f0eb5b647da6794c18b + 758c2450b1b4b633088e2dacece8fce73bb681518bc74f24427f9cf532 + 768cfa0b76676f6e; + 5337685a96ed65b9ac + a33852 + "" + "" + "" + cd3b5fbe; + 7ef19b09c063c46f88 + de9fd4 + 1e + "" + "" + 77ec39fe; + 72d7b97e23e6eabdff + 3bcd21 + "" + 14 + 2b + 12bba0f1; + 99268878dbf30f1dad + 89d4b9b120 + 12e4713df46795630e7952d22bb02d7100b8b649377d20a8 + f083455b663e4ee1315f3c8f2aebfa921451dcd1af5813b7 + 84148214729971a1616f5a0a2261662e90ffe6ee853fc892 + cd1f0f55d1d79d35; + 0d30ce2f1fef6ef315 + d079839180 + 5da08da3aefc5f8584b7c5e617669c0f16e398 + 15d4e9cfce3ed1ecdf3d264a7f16cb16c2e815f422cdf0c8e30308be3c + fc533246fa0f63332c3806595c6a35a6cd0499e973ae7a0055755b4026 + ff6e5bc754f0adfd; +} + xtea-eax { 60d7bcda163547d348b7551195 "" diff --git a/utils/advmodes b/utils/advmodes index 42fd38b4..62b4cde3 100755 --- a/utils/advmodes +++ b/utils/advmodes @@ -377,6 +377,106 @@ def gcmgen(bc): (bc.blksz - 1, 3*bc.blksz - 5, 3*bc.blksz + 5)] ###-------------------------------------------------------------------------- +### CCM. + +def stbe(n, w): return C.MP(n).storeb(w) + +def ccm_fmthdr(blksz, n, hsz, msz, tsz): + b = C.WriteBuffer() + if blksz == 8: + q = blksz - len(n) - 1 + f = 0 + if hsz: f |= 0x40 + f |= (tsz - 1) << 3 + f |= q - 1 + b.putu8(f).put(n).put(stbe(msz, q)) + elif blksz == 16: + q = blksz - len(n) - 1 + f = 0 + if hsz: f |= 0x40 + f |= (tsz - 2)/2 << 3 + f |= q - 1 + b.putu8(f).put(n).put(stbe(msz, q)) + else: + q = blksz - len(n) - 2 + f0 = f1 = 0 + if hsz: f1 |= 0x80 + f0 |= tsz + f1 |= q + b.putu8(f0).putu8(f1).put(n).put(stbe(msz, q)) + b = C.ByteString(b) + if VERBOSE: print 'hdr = %s' % hex(b) + return b + +def ccm_fmtctr(blksz, n, i = 0): + b = C.WriteBuffer() + if blksz == 8 or blksz == 16: + q = blksz - len(n) - 1 + b.putu8(q - 1).put(n).put(stbe(i, q)) + else: + q = blksz - len(n) - 2 + b.putu8(0).putu8(q).put(n).put(stbe(i, q)) + b = C.ByteString(b) + if VERBOSE: print 'ctr = %s' % hex(b) + return b + +def ccmaad(b, h, blksz): + hsz = len(h) + if not hsz: pass + elif hsz < 0xfffe: b.putu16(hsz) + elif hsz <= 0xffffffff: b.putu16(0xfffe).putu32(hsz) + else: b.putu16(0xffff).putu64(hsz) + b.put(h); b.zero((-b.size)%blksz) + +def ccmenc(E, n, h, m, tsz = None): + blksz = E.__class__.blksz + if tsz is None: tsz = blksz + b = C.WriteBuffer() + b.put(ccm_fmthdr(blksz, n, len(h), len(m), tsz)) + ccmaad(b, h, blksz) + b.put(m); b.zero((-b.size)%blksz) + b = C.ByteString(b) + a = Z(blksz) + v, _ = blocks0(b, blksz) + i = 0 + for x in v: + a = E.encrypt(a ^ x) + if VERBOSE: + print 'b[%d] = %s' % (i, hex(x)) + print 'a[%d] = %s' % (i + 1, hex(a)) + i += 1 + y = ctr(E, a + m, ccm_fmtctr(blksz, n)) + return C.ByteString(y[blksz:]), C.ByteString(y[0:tsz]) + +def ccmdec(E, n, h, y, t): + blksz = E.__class__.blksz + tsz = len(t) + b = C.WriteBuffer() + b.put(ccm_fmthdr(blksz, n, len(h), len(y), tsz)) + ccmaad(b, h, blksz) + mm = ctr(E, t + Z(blksz - tsz) + y, ccm_fmtctr(blksz, n)) + u, m = C.ByteString(mm[0:tsz]), C.ByteString(mm[blksz:]) + b.put(m); b.zero((-b.size)%blksz) + b = C.ByteString(b) + a = Z(blksz) + v, _ = blocks0(b, blksz) + i = 0 + for x in v: + a = E.encrypt(a ^ x) + if VERBOSE: + print 'b[%d] = %s' % (i, hex(x)) + print 'a[%d] = %s' % (i + 1, hex(a)) + i += 1 + if u == a[:tsz]: return m, + else: return None, + +def ccmgen(bc): + bsz = bc.blksz + return [(bsz - 5, 0, 0, 4), (bsz - 5, 1, 0, 4), (bsz - 5, 0, 1, 4), + (bsz/2 + 1, 3*bc.blksz, 3*bc.blksz), + (bsz/2 + 1, 3*bc.blksz - 5, 3*bc.blksz + 5)] + +###-------------------------------------------------------------------------- ### EAX. def eaxenc(E, n, h, m, tsz = None): @@ -433,6 +533,8 @@ intarg = struct(mk = lambda x: x, parse = int, show = None) MODEMAP = { 'eax-enc': (eaxgen, 3*[binarg] + [intarg], eaxenc), 'eax-dec': (dummygen, 4*[binarg], eaxdec), + 'ccm-enc': (ccmgen, 3*[binarg] + [intarg], ccmenc), + 'ccm-dec': (dummygen, 4*[binarg], ccmdec), 'cmac': (cmacgen, [binarg], cmac), 'gcm-enc': (gcmgen, 3*[binarg] + [intarg], gcmenc), 'gcm-dec': (dummygen, 4*[binarg], gcmdec) } -- 2.11.0