Software APIs
aes_testvectors.h
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_TESTS_CRYPTO_AES_TESTVECTORS_H_
6 #define OPENTITAN_SW_DEVICE_TESTS_CRYPTO_AES_TESTVECTORS_H_
7 
8 #include "sw/device/lib/crypto/include/aes.h"
9 
10 #ifdef __cplusplus
11 extern "C" {
12 #endif // __cplusplus
13 
14 typedef struct aes_test {
15  // Plaintext data.
16  const uint32_t *plaintext;
17  // Plaintext length in bytes.
18  size_t plaintext_len;
19  // Key data.
20  const uint32_t *key;
21  // Key length in bytes.
22  size_t key_len;
23  // IV data (always 16 bytes).
24  const uint32_t *iv;
25  // Padding mode.
26  otcrypto_aes_padding_t padding;
27  // Block cipher mode.
28  otcrypto_aes_mode_t mode;
29  // Expected ciphertext (length = same as #blocks in plaintext).
30  const uint32_t *exp_ciphertext;
31 } aes_test_t;
32 
33 static const size_t kPlaintextLen = 50;
34 static const uint32_t kPlaintext[13] = {
35  0x238cc6b6, 0xd18458ba, 0x1df717b8, 0xdca42de3, 0x9b6397a7,
36  0xe7ef81bb, 0x8b144a89, 0x09c78f90, 0x4a3cf3e0, 0x42985bb1,
37  0x080baa3a, 0x7cb4ba1f, 0x0000a262,
38 };
39 
40 // Length of plaintext for modes with no padding; cut off last word if it is
41 // incomplete.
42 static const size_t kPlaintextLenNoPadding =
43  kPlaintextLen - (kPlaintextLen % sizeof(uint32_t));
44 
45 static const uint32_t kIv[4] = {
46  0x27e031b5,
47  0x1ad7e548,
48  0x99c07122,
49  0xe1353f5b,
50 };
51 
52 static const uint32_t kKey128[4] = {
53  0x4e291d12,
54  0x25492cbd,
55  0xadf80531,
56  0x9440ee26,
57 };
58 
59 static const uint32_t kKey192[6] = {
60  0x533b154d, 0xb3a32729, 0x12784d00, 0x5560457a, 0x0ec17ad8, 0x9a6f7317,
61 };
62 
63 static const uint32_t kKey256[8] = {
64  0x9079bf5d, 0x0d50e7c3, 0xda9a75ca, 0x91809c0e,
65  0x677e6683, 0x45a72d11, 0x397fdeb9, 0xa39fc59f,
66 };
67 
68 // Expected ciphertext for AES-ECB(kKey128, kIv, pad_pkcs7(kPlaintext))
69 static const uint32_t kEcb128Pkcs7[] = {
70  0xd2fabbe1, 0x94e2f1ed, 0xc9b5e0f3, 0xba147a47, 0xd2060434, 0x295ecfeb,
71  0x2cde404e, 0x924087c2, 0xee249f64, 0x5038956c, 0x5a4d9472, 0xabf934ce,
72  0x7d742722, 0x1d879a45, 0x73e28a00, 0xdbc75cdc,
73 };
74 
75 // Expected ciphertext for AES-CBC(kKey192, kIv, pad_iso9797m2(kPlaintext))
76 static const uint32_t kCbc192Iso9797M2[] = {
77  0x48cdc584, 0x1848418a, 0x26fa1789, 0xf1d79c15, 0xa944ab10, 0x45f31abf,
78  0xf6a89cb9, 0x869dad60, 0xfab29d9b, 0x30d07657, 0xbd466431, 0xc4fff0a5,
79  0xa4240f83, 0x4cc42de1, 0x97e337b4, 0x4d58b7cc,
80 };
81 
82 // Expected ciphertext for AES-CFB(kKey256, kIv, kPlaintext[:12])
83 static const uint32_t kCfb256Null[] = {
84  0x3129e071, 0xdb2af89e, 0x8ea970a9, 0x3c71c28c, 0xae4ce122, 0x6d4b37d8,
85  0xc0643e7e, 0x2e33b366, 0xef1837d2, 0x97a83277, 0xe36737c3, 0x4e918122,
86 };
87 
88 // Expected ciphertext for AES-OFB(kKey192, kIv, pad_pkcs7(kPlaintext))
89 static const uint32_t kOfb192Pkcs7[] = {
90  0x22045a08, 0xd4d55d0d, 0x23f94449, 0xc9878ac1, 0xce298265, 0xb52fbd05,
91  0x9a11275a, 0xed2d5fb0, 0x6a4d1277, 0x5a4a94f2, 0xaea0b17f, 0x04bc087a,
92  0x7e0641e2, 0xac13d179, 0xb9e026da, 0xbf3b492d,
93 };
94 
95 // Expected ciphertext for AES-CTR(kKey256, kIv, pad_iso9797m2(kPlaintext))
96 static const uint32_t kCtr256Iso9797M2[] = {
97  0x3129e071, 0xdb2af89e, 0x8ea970a9, 0x3c71c28c, 0xfd2450bd, 0x87dd491c,
98  0x8d3c4cb3, 0x8a36762, 0xc58604da, 0xe8fe81b6, 0x92ae20cc, 0x2a037d00,
99  0xf7381cce, 0xff605215, 0x1bf3cf3d, 0x9d5935c,
100 };
101 
102 static const aes_test_t kAesTests[] = {
103  // ECB, 128-bit key, PKCS#7 padding
104  {
105  .plaintext = kPlaintext,
106  .plaintext_len = kPlaintextLen,
107  .iv = kIv,
108  .key = kKey128,
109  .key_len = sizeof(kKey128),
110  .padding = kOtcryptoAesPaddingPkcs7,
111  .mode = kOtcryptoAesModeEcb,
112  .exp_ciphertext = kEcb128Pkcs7,
113  },
114  // CBC, 192-bit key, ISO9797-2 padding
115  {
116  .plaintext = kPlaintext,
117  .plaintext_len = kPlaintextLen,
118  .iv = kIv,
119  .key = kKey192,
120  .key_len = sizeof(kKey192),
121  .padding = kOtcryptoAesPaddingIso9797M2,
122  .mode = kOtcryptoAesModeCbc,
123  .exp_ciphertext = kCbc192Iso9797M2,
124  },
125  // CFB, 256-bit key, no padding
126  {
127  .plaintext = kPlaintext,
128  .plaintext_len = kPlaintextLenNoPadding,
129  .iv = kIv,
130  .key = kKey256,
131  .key_len = sizeof(kKey256),
132  .padding = kOtcryptoAesPaddingNull,
133  .mode = kOtcryptoAesModeCfb,
134  .exp_ciphertext = kCfb256Null,
135  },
136  // OFB, 192-bit key, PKCS#7 padding
137  {
138  .plaintext = kPlaintext,
139  .plaintext_len = kPlaintextLen,
140  .iv = kIv,
141  .key = kKey192,
142  .key_len = sizeof(kKey192),
143  .padding = kOtcryptoAesPaddingPkcs7,
144  .mode = kOtcryptoAesModeOfb,
145  .exp_ciphertext = kOfb192Pkcs7,
146  },
147  // CTR, 256-bit key, ISO9797-2 padding
148  {
149  .plaintext = kPlaintext,
150  .plaintext_len = kPlaintextLen,
151  .iv = kIv,
152  .key = kKey256,
153  .key_len = sizeof(kKey256),
154  .padding = kOtcryptoAesPaddingIso9797M2,
155  .mode = kOtcryptoAesModeCtr,
156  .exp_ciphertext = kCtr256Iso9797M2,
157  },
158 };
159 
160 #ifdef __cplusplus
161 } // extern "C"
162 #endif // __cplusplus
163 
164 #endif // OPENTITAN_SW_DEVICE_TESTS_CRYPTO_AES_TESTVECTORS_H_
Return to OpenTitan Documentation