I have downloaded openssl-0.9.8l and I have builded
openssl with
1) ./config --prefix=/home/luca/zz/tmpopenssl/
--openssldir=/home/luca/zz/tmpopenssl/openssldir shared
2) make
3) make test
4)make install
It's all ok.
I want to test aes_wrap.c under sourceopenssl/crypto/aes.
My goal is to generate a cyphertext from palintext with len=0x160
My test vector is a incremental pattern [0...0x5f].
I go under sourceopenssl/crypto/aes and then I run:
gcc -I.. -I../.. -I../../include -DAES_WRAP_TEST
-L/home/luca/zz/tmpopenssl/lib/. -lssl -L/home/luca/zz/tmpopenssl/lib/.
-lcrypto -o aes_wrap aes_wrap.c
If I check:
ldd aes_wrap:
linux-gate.so.1 => (0xb7fd3000)
libssl.so.0.9.8 => /home/luca/zz/tmpopenssl/lib/libssl.so.0.9.8
(0xb7f8c000)
libcrypto.so.0.9.8 => /home/luca/zz/tmpopenssl/lib/libcrypto.so.0.9.8
(0xb7e40000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7ce1000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7cdd000)
/lib/ld-linux.so.2 (0xb7fd4000)
It's ok.
If i run aes_wrap with nist test vector i see all ok.
But if i run aes key wrap with incremental pattern I get a non correct
result because
cypertext is not correct ( i know it from other open source lib)
Why?
Following is my changed aes_wrap.c to see output cyphetext:
#include "cryptlib.h"
#include <openssl/aes.h>
#include <openssl/bio.h>
static const unsigned char default_iv[] = {
0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
};
int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
unsigned char *out,
const unsigned char *in, unsigned int inlen)
{
unsigned char *A, B[16], *R;
unsigned int i, j, t;
if ((inlen & 0x7) || (inlen < 8))
return -1;
A = B;
t = 1;
memcpy(out + 8, in, inlen);
if (!iv)
iv = default_iv;
memcpy(A, iv, 8);
for (j = 0; j < 6; j++)
{
R = out + 8;
for (i = 0; i < inlen; i += 8, t++, R += 8)
{
memcpy(B + 8, R, 8);
AES_encrypt(B, B, key);
A[7] ^= (unsigned char)(t & 0xff);
if (t > 0xff)
{
A[6] ^= (unsigned char)((t & 0xff) >> 8);
A[5] ^= (unsigned char)((t & 0xff) >> 16);
A[4] ^= (unsigned char)((t & 0xff) >> 24);
}
memcpy(R, B + 8, 8);
}
}
memcpy(out, A, 8);
for (i=0; i< (inlen + 8); i++) //--------modified to see
output
printf("%2X ",out[i]);
printf("\n");
return inlen + 8;
}
int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
unsigned char *out,
const unsigned char *in, unsigned int inlen)
{
unsigned char *A, B[16], *R;
unsigned int i, j, t;
inlen -= 8;
if (inlen & 0x7)
return -1;
if (inlen < 8)
return -1;
A = B;
t = 6 * (inlen >> 3);
memcpy(A, in, 8);
memcpy(out, in + 8, inlen);
for (j = 0; j < 6; j++)
{
R = out + inlen - 8;
for (i = 0; i < inlen; i += 8, t--, R -= 8)
{
A[7] ^= (unsigned char)(t & 0xff);
if (t > 0xff)
{
A[6] ^= (unsigned char)((t & 0xff) >> 8);
A[5] ^= (unsigned char)((t & 0xff) >> 16);
A[4] ^= (unsigned char)((t & 0xff) >> 24);
}
memcpy(B + 8, R, 8);
AES_decrypt(B, B, key);
memcpy(R, B + 8, 8);
}
}
if (!iv)
iv = default_iv;
if (memcmp(A, iv, 8))
{
OPENSSL_cleanse(out, inlen);
return 0;
}
return inlen;
}
#ifdef AES_WRAP_TEST
int AES_wrap_unwrap_test(const unsigned char *kek, int keybits,
const unsigned char *iv,
const unsigned char *eout,
const unsigned char *key, int keylen)
{
unsigned char *otmp = NULL, *ptmp = NULL;
int r, ret = 0;
AES_KEY wctx;
otmp = OPENSSL_malloc(keylen + 8);
ptmp = OPENSSL_malloc(keylen);
if (!otmp || !ptmp)
return 0;
if (AES_set_encrypt_key(kek, keybits, &wctx))
goto err;
r = AES_wrap_key(&wctx, iv, otmp, key, keylen);
if (r <= 0)
goto err;
if (eout && memcmp(eout, otmp, keylen))
goto err;
if (AES_set_decrypt_key(kek, keybits, &wctx))
goto err;
r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r);
if (memcmp(key, ptmp, keylen))
goto err;
ret = 1;
err:
if (otmp)
OPENSSL_free(otmp);
if (ptmp)
OPENSSL_free(ptmp);
return ret;
}
#define LENKW 0x160
int main(int argc, char **argv)
{
static const unsigned char kek[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
};
static const unsigned char key[] = {
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};
static const unsigned char e1[] = {
0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47,
0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82,
0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5
};
static const unsigned char e2[] = {
0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35,
0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2,
0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d
};
static const unsigned char e3[] = {
0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2,
0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a,
0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7
};
static const unsigned char e4[] = {
0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32,
0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc,
0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93,
0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2
};
static const unsigned char e5[] = {
0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f,
0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4,
0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95,
0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1
};
static const unsigned char e6[] = {
0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4,
0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26,
0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26,
0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b,
0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21
};
AES_KEY wctx, xctx;
int ret;
ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16);
fprintf(stderr, "Key test result %d\n", ret);
ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16);
fprintf(stderr, "Key test result %d\n", ret);
ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16);
fprintf(stderr, "Key test result %d\n", ret);
ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24);
fprintf(stderr, "Key test result %d\n", ret);
ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24);
fprintf(stderr, "Key test result %d\n", ret);
ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32);
fprintf(stderr, "Key test result %d\n", ret);
///// my added code
int i;
unsigned char kd[LENKW];
for (i=0; i<LENKW; i++) //my incremental test vector
{
kd[i]=i;
}
printf("-----INPUT----\n");
for (i=0; i< LENKW; i++)
printf("%d %2X\n ",i,kd[i]);
printf("\n");
printf("-----OUTPUT----\n");
ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, kd, LENKW);
fprintf(stderr, "Key test result %d\n", ret);
}
#endif
Following input and output :
1F A6 8B A 81 12 B4 47 AE F3 4B D8 FB 5A 7B 82 9D 3E 86 23 71 D2 CF E5
Key test result 1
96 77 8B 25 AE 6C A4 35 F9 2B 5B 97 C0 50 AE D2 46 8A B8 A1 7A D8 4E 5D
Key test result 1
64 E8 C3 F9 CE F 5B A2 63 E9 77 79 5 81 8A 2A 93 C8 19 1E 7D 6E 8A E7
Key test result 1
3 1D 33 26 4E 15 D3 32 68 F2 4E C2 60 74 3E DC E1 C6 C7 DD EE 72 5A 93 6B
A8 14 91 5C 67 62 D2
Key test result 1
A8 F9 BC 16 12 C6 8B 3F F6 E6 F4 FB E3 E 71 E4 76 9C 8B 80 A3 2C B8 95 8C
D5 D1 7D 6B 25 4D A1
Key test result 1
28 C9 F4 4 C4 B8 10 F4 CB CC B3 5C FB 87 F8 26 3F 57 86 E2 D8 E D3 26 CB
C7 F0 E7 1A 99 F4 3B FB 98 8B 9B 7A 2 DD 21
Key test result 1
-----INPUT----
0 0
1 1
2 2
3 3
4 4
5 5
6 6
7 7
8 8
9 9
10 A
11 B
12 C
13 D
14 E
15 F
16 10
17 11
18 12
19 13
20 14
21 15
22 16
23 17
24 18
25 19
26 1A
27 1B
28 1C
29 1D
30 1E
31 1F
32 20
33 21
34 22
35 23
36 24
37 25
38 26
39 27
40 28
41 29
42 2A
43 2B
44 2C
45 2D
46 2E
47 2F
48 30
49 31
50 32
51 33
52 34
53 35
54 36
55 37
56 38
57 39
58 3A
59 3B
60 3C
61 3D
62 3E
63 3F
64 40
65 41
66 42
67 43
68 44
69 45
70 46
71 47
72 48
73 49
74 4A
75 4B
76 4C
77 4D
78 4E
79 4F
80 50
81 51
82 52
83 53
84 54
85 55
86 56
87 57
88 58
89 59
90 5A
91 5B
92 5C
93 5D
94 5E
95 5F
96 60
97 61
98 62
99 63
100 64
101 65
102 66
103 67
104 68
105 69
106 6A
107 6B
108 6C
109 6D
110 6E
111 6F
112 70
113 71
114 72
115 73
116 74
117 75
118 76
119 77
120 78
121 79
122 7A
123 7B
124 7C
125 7D
126 7E
127 7F
128 80
129 81
130 82
131 83
132 84
133 85
134 86
135 87
136 88
137 89
138 8A
139 8B
140 8C
141 8D
142 8E
143 8F
144 90
145 91
146 92
147 93
148 94
149 95
150 96
151 97
152 98
153 99
154 9A
155 9B
156 9C
157 9D
158 9E
159 9F
160 A0
161 A1
162 A2
163 A3
164 A4
165 A5
166 A6
167 A7
168 A8
169 A9
170 AA
171 AB
172 AC
173 AD
174 AE
175 AF
176 B0
177 B1
178 B2
179 B3
180 B4
181 B5
182 B6
183 B7
184 B8
185 B9
186 BA
187 BB
188 BC
189 BD
190 BE
191 BF
192 C0
193 C1
194 C2
195 C3
196 C4
197 C5
198 C6
199 C7
200 C8
201 C9
202 CA
203 CB
204 CC
205 CD
206 CE
207 CF
208 D0
209 D1
210 D2
211 D3
212 D4
213 D5
214 D6
215 D7
216 D8
217 D9
218 DA
219 DB
220 DC
221 DD
222 DE
223 DF
224 E0
225 E1
226 E2
227 E3
228 E4
229 E5
230 E6
231 E7
232 E8
233 E9
234 EA
235 EB
236 EC
237 ED
238 EE
239 EF
240 F0
241 F1
242 F2
243 F3
244 F4
245 F5
246 F6
247 F7
248 F8
249 F9
250 FA
251 FB
252 FC
253 FD
254 FE
255 FF
256 0
257 1
258 2
259 3
260 4
261 5
262 6
263 7
264 8
265 9
266 A
267 B
268 C
269 D
270 E
271 F
272 10
273 11
274 12
275 13
276 14
277 15
278 16
279 17
280 18
281 19
282 1A
283 1B
284 1C
285 1D
286 1E
287 1F
288 20
289 21
290 22
291 23
292 24
293 25
294 26
295 27
296 28
297 29
298 2A
299 2B
300 2C
301 2D
302 2E
303 2F
304 30
305 31
306 32
307 33
308 34
309 35
310 36
311 37
312 38
313 39
314 3A
315 3B
316 3C
317 3D
318 3E
319 3F
320 40
321 41
322 42
323 43
324 44
325 45
326 46
327 47
328 48
329 49
330 4A
331 4B
332 4C
333 4D
334 4E
335 4F
336 50
337 51
338 52
339 53
340 54
341 55
342 56
343 57
344 58
345 59
346 5A
347 5B
348 5C
349 5D
350 5E
351 5F
-----OUTPUT----
7E 18 8E DA 81 B0 D6 BA 39 64 46 EC 42 61 14 EB 1E B8 C6 21 82 0 52 8D D6
D1 62 95 36 52 91 78 EE 8D D5 B 3F 90 17 5B F7 45 E6 85 3E 39 D0 C9 8D E7
81 C5 EB 32 3F 92 10 22 C4 57 7C 71 2E D A6 54 C2 31 AA 80 10 74 25 BB 4E
C8 A5 94 B1 F4 2F 11 FB 77 50 52 97 75 2D 97 3A 6B 87 B0 D5 A4 37 F1 89 A5
79 82 FC 87 E DA 8D 68 D2 B7 58 9 F2 33 38 80 38 72 5D A8 16 A 41 BE B3
72 8D 54 4D C5 95 27 74 D4 8F F9 CB 54 47 B8 E4 5 51 D5 79 EF 3 ED 22 76
9B 32 46 2A CD FC 3F E0 75 A4 D3 1F E9 B2 35 B9 68 C7 D5 CD 47 4D B4 7E 50
B4 5C 2C E5 12 1A AE 52 79 B2 17 D7 97 8C A0 7C 2D 9B 29 EF 8 20 16 70 69
82 10 B5 6 70 F6 40 2 5E 5A 4F 5A 6D 90 7A C6 6B 46 B1 9E D9 C1 63 EC A5
A3 D2 DC 85 17 3E 80 4A 29 B5 31 2C AF 5 EB 3A A 83 3A DC 50 AA 8B A6 E8
BE 9F 6 81 2E C2 AF 64 40 2 1F C9 37 BD 5A 4E 14 1F A8 93 67 D1 43 71 FF
C3 93 F9 39 3A 47 5 E3 45 67 C 2E B3 1C B2 14 68 E 62 52 E5 12 D2 B4 BB
63 3A 83 1E CB 9F 74 CF 6C 26 AB 68 35 EA 21 D6 B9 8A E3 53 28 E1 9F A4 14
E0 B8 9C C6 3 8 A3 73 46 B6 20 30 A7 45 8A 5B 89 9F FC C4 B8 2B B1 5B 8D
B3 F9 4B C8 5B C1 83 76 98 B0
Correct output is:
9CAAE82C702B5D21396446EC426114EB1EB8C6218200528DD6D1629536529178EE8DD50B3F90175BF745E6853E39D0C98DE7
81C5EB323F921022C4577C712E0DA654C231AA80107425BB4EC8A594B1F42F11FB77505297752D973A6B87B0D5A437F189A57982FC87
0EDA8D68D2B75809F233388038725DA8160A41BEB3728D544DC5952774D48FF9CB5447B8E40551D579EF03ED22769B32462ACDFC3FE0
75A4D31FE9B235B968C7D5CD474DB47E50B45C2CE5121AAE5279B217D7978CA07C2D9B29EF08201670698210B50670F640025E5A4F5A
6D907AC66B46B19ED9C163ECA5A3D2DC85173E804A29B5312CAF05EB3A0A833ADC50AA8BA6E8BE9F06812EC2AF6440021FC937BD5A4E
141FA89367D14371FFC393F9393A4705E345670C2EB31CB214680E6252E5341688D16C664DCA362DB24DE06F6BF759EBC6C2305A9791
A391770173604D2B52E03B6009C993A25051087E5207483887542E0969A61B1A9413DEF78D57BAF6
I'm only interested to see ciphertext so result=0 because I use e1
But output is not correct.
If I use icremetal test vector up to 0x150 (LENKW = 0x150) cyphertext is
correct, beyond 0x150 not correct.
Why?
Luca Pellanda
