Rfc4309 test vectors in testmgr.h have gone through major changes from linux3
to linux4.
In linux 4.4, linux4.9, there are vectors as such
23194 static struct aead_testvec aes_ccm_rfc4309_enc_tv_template[] = {
23195 { /* Generated using Crypto++ */
23196 .key = zeroed_string,
23197 .klen = 19,
23198 .iv = zeroed_string,
23199 .input = zeroed_string,
23200 .ilen = 16,
23201 .assoc = zeroed_string,
23202 .alen = 16,
23203 .result = "\x2E\x9A\xCA\x6B\xDA\x54\xFC\x6F"
23204 "\x12\x50\xE8\xDE\x81\x3C\x63\x08"
23205 "\x1A\x22\xBA\x75\xEE\xD4\xD5\xB5"
23206 "\x27\x50\x01\xAC\x03\x33\x39\xFB",
23207 .rlen = 32,
I have a test program using open ssl API (-l crypto), and run on Ubuntu Linux
PC, I get the following test result:
2e 9a ca 6b da 54 fc 6f 12 50 e8 de 81 3c 63 08
fb 64 91 b4 dd dc bf 5d fd 67 e3 a2 f8 7c 0e 6c
The first part of encrypted text is correct. But MAC is not the
same.
My program is as the following:
void ccmTest()
{
/* Initialization */
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *cryptCtx = &ctx;
EVP_CIPHER_CTX_init(cryptCtx);
int i;
unsigned char P[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
int Psize = sizeof(P);
unsigned char K[16] = {0};
unsigned char N[11] = {0};
unsigned char A[16] = {0};
unsigned char CT[128];
int Nsize = 11;
int Tsize = 16;
// Initialize the context with the alg only
EVP_EncryptInit(cryptCtx, EVP_aes_128_ccm(), 0, 0);
// Set nonce and tag sizes
EVP_CIPHER_CTX_ctrl(cryptCtx, EVP_CTRL_CCM_SET_IVLEN, Nsize, 0);
EVP_CIPHER_CTX_ctrl(cryptCtx, EVP_CTRL_CCM_SET_TAG, Tsize, 0);
// Finally set the key and the nonce
EVP_EncryptInit(cryptCtx, 0, K, N);
// Tell the alg we will encrypt Psize bytes
int outl = 0;
EVP_EncryptUpdate(cryptCtx, 0, &outl, 0, sizeof(P));
// Add the AAD
EVP_EncryptUpdate(cryptCtx, 0, &outl, A, sizeof(A));
// Now we encrypt the data in P, placing the output in CT
EVP_EncryptUpdate(cryptCtx, CT, &outl, P, Psize);
EVP_EncryptFinal(cryptCtx, &CT[outl], &outl);
// Append the tag to the end of the encrypted output
EVP_CIPHER_CTX_ctrl(cryptCtx, EVP_CTRL_CCM_GET_TAG, Tsize, &CT[Psize]);
hexdump(CT, Tsize+Psize);
}
I run "insmod tcrypt.ko mode=45" rfc4309 test with Qualcomm crypto hardware on
Linux4.4. The test fails. The generated output is the same as my openSSL test
application in 1.
My test application runs on Ubuntu with linux 3.10 rfc4309 test vector, and
generated MAC as expected from test vectors. Qualcomm crypto hardware runs
"insmod tcrypt.ko mode=45" successfully with linux 3.10.
I am suspicious about the test vectors of 4.4. Can someone verify the Linux 4.4
rfc4309 test vectors with his/her openSSL application on PC?
Chemin
