diff --git a/cbits/cryptonite_aes.c b/cbits/cryptonite_aes.c index 58963d9..0cf55b0 100644 --- a/cbits/cryptonite_aes.c +++ b/cbits/cryptonite_aes.c @@ -460,13 +460,13 @@ static void ccm_encode_b0(block128* output, aes_ccm* ccm, int has_adata) } /* encode adata length */ -static int ccm_encode_la(block128* output, unsigned la) +static int ccm_encode_la(block128* output, uint32_t la) { if (la < ( (1 << 16) - (1 << 8)) ) { output->b[0] = (la >> 8) & 0xff; output->b[1] = la & 0xff; return 2; - } else if (la < (1ull << 32)) { + } else { output->b[0] = 0xff; output->b[1] = 0xfe; output->b[2] = (la >> 24) & 0xff; @@ -504,7 +504,7 @@ void cryptonite_aes_ccm_init(aes_ccm *ccm, aes_key *key, uint8_t *nonce, uint32_ if (m != 4 && m != 6 && m != 8 && m != 10 && m != 12 && m != 14 && m != 16) return; - if (nonce_len != 15 - l) { + if (nonce_len > 15 - l) { nonce_len = 15 - l; } diff --git a/cbits/cryptonite_aes.h b/cbits/cryptonite_aes.h index 0838a03..9ac20b3 100644 --- a/cbits/cryptonite_aes.h +++ b/cbits/cryptonite_aes.h @@ -61,10 +61,10 @@ typedef struct { aes_block header_cbcmac; aes_block b0; aes_block nonce; - unsigned length_aad; - unsigned length_input; - int length_M; - int length_L; + uint32_t length_aad; + uint32_t length_input; + uint32_t length_M; + uint32_t length_L; } aes_ccm; typedef struct { diff --git a/cryptonite.cabal b/cryptonite.cabal index b7c2a51..233fc4e 100644 --- a/cryptonite.cabal +++ b/cryptonite.cabal @@ -377,6 +377,7 @@ Test-Suite test-cryptonite KAT_AES.KATCBC KAT_AES.KATECB KAT_AES.KATGCM + KAT_AES.KATCCM KAT_AES.KATOCB3 KAT_AES.KATXTS KAT_AES diff --git a/tests/BlockCipher.hs b/tests/BlockCipher.hs index 988c053..44b571b 100644 --- a/tests/BlockCipher.hs +++ b/tests/BlockCipher.hs @@ -161,7 +161,7 @@ testKATs kats cipher = testGroup "KAT" ++ maybeGroup makeCFBTest "CFB" (kat_CFB kats) ++ maybeGroup makeCTRTest "CTR" (kat_CTR kats) -- ++ maybeGroup makeXTSTest "XTS" (kat_XTS kats) - -- ++ maybeGroup makeAEADTest "AEAD" (kat_AEAD kats) + ++ maybeGroup makeAEADTest "AEAD" (kat_AEAD kats) ) where makeECBTest i d = [ testCase ("E" ++ i) (ecbEncrypt ctx (ecbPlaintext d) @?= ecbCiphertext d) @@ -191,25 +191,24 @@ testKATs kats cipher = testGroup "KAT" [ testCase ("E" ++ i) (xtsEncrypt ctx iv 0 (xtsPlaintext d) @?= xtsCiphertext d) , testCase ("D" ++ i) (xtsDecrypt ctx iv 0 (xtsCiphertext d) @?= xtsPlaintext d) ] - where ctx1 = cipherInit (cipherMakeKey cipher $ xtsKey1 d) - ctx2 = cipherInit (cipherMakeKey cipher $ xtsKey2 d) + where ctx1 = cipherInitNoErr (cipherMakeKey cipher $ xtsKey1 d) + ctx2 = cipherInitNoErr (cipherMakeKey cipher $ xtsKey2 d) ctx = (ctx1, ctx2) iv = cipherMakeIV cipher $ xtsIV d +-} makeAEADTest i d = - [ testCase ("AE" ++ i) (etag @?= aeadTag d) - , testCase ("AD" ++ i) (dtag @?= aeadTag d) + [ testCase ("AE" ++ i) (etag @?= AuthTag (B.convert (aeadTag d))) + , testCase ("AD" ++ i) (dtag @?= AuthTag (B.convert (aeadTag d))) , testCase ("E" ++ i) (ebs @?= aeadCiphertext d) , testCase ("D" ++ i) (dbs @?= aeadPlaintext d) ] - where ctx = cipherInit (cipherMakeKey cipher $ aeadKey d) - aead = maybe (error $ "cipher doesn't support aead mode: " ++ show (aeadMode d)) id - $ aeadInit (aeadMode d) ctx (aeadIV d) + where ctx = cipherInitNoErr (cipherMakeKey cipher $ aeadKey d) + aead = aeadInitNoErr (aeadMode d) ctx (aeadIV d) aeadHeaded = aeadAppendHeader aead (aeadHeader d) (ebs,aeadEFinal) = aeadEncrypt aeadHeaded (aeadPlaintext d) (dbs,aeadDFinal) = aeadDecrypt aeadHeaded (aeadCiphertext d) etag = aeadFinalize aeadEFinal (aeadTaglen d) dtag = aeadFinalize aeadDFinal (aeadTaglen d) --} cipherInitNoErr :: BlockCipher c => Key c -> c cipherInitNoErr (Key k) = @@ -217,6 +216,11 @@ testKATs kats cipher = testGroup "KAT" CryptoPassed a -> a CryptoFailed e -> error (show e) + aeadInitNoErr :: (ByteArrayAccess iv, BlockCipher cipher) => AEADMode -> cipher -> iv -> AEAD cipher + aeadInitNoErr mode ct iv = + case aeadInit mode ct iv of + CryptoPassed a -> a + CryptoFailed _ -> error $ "cipher does'nt support aead mode: " ++ show mode ------------------------------------------------------------------------ -- Properties ------------------------------------------------------------------------ diff --git a/tests/KAT_AES.hs b/tests/KAT_AES.hs index e9a06ab..a6c8182 100644 --- a/tests/KAT_AES.hs +++ b/tests/KAT_AES.hs @@ -3,13 +3,15 @@ module KAT_AES (tests) where import Imports import BlockCipher +import Data.Maybe import Crypto.Cipher.Types import qualified Crypto.Cipher.AES as AES - +import qualified Data.ByteString as B import qualified KAT_AES.KATECB as KATECB import qualified KAT_AES.KATCBC as KATCBC import qualified KAT_AES.KATXTS as KATXTS import qualified KAT_AES.KATGCM as KATGCM +import qualified KAT_AES.KATCCM as KATCCM import qualified KAT_AES.KATOCB3 as KATOCB3 {- @@ -37,6 +39,21 @@ toKatAEAD mode (k,iv,h,p,c,taglen,tag) = toKatGCM = toKatAEAD AEAD_GCM toKatOCB = toKatAEAD AEAD_OCB +toKatCCM (k,iv,h,i,o,m) = + KAT_AEAD { aeadMode = AEAD_CCM (B.length i) (ccmMVal m) CCM_L2 + , aeadKey = k + , aeadIV = iv + , aeadHeader = h + , aeadPlaintext = i + , aeadCiphertext = ct + , aeadTaglen = m + , aeadTag = at + } + where ccmMVal x = fromMaybe CCM_M16 (lookup x [ (4, CCM_M4), (6, CCM_M6), (8, CCM_M8), (10, CCM_M10), + (12, CCM_M12), (14, CCM_M14), (16, CCM_M16) ]) + ctWithTag = B.drop (B.length h) o + (ct, at) = B.splitAt (B.length ctWithTag - m) ctWithTag + kats128 = defaultKATs { kat_ECB = map toKatECB KATECB.vectors_aes128_enc , kat_CBC = map toKatCBC KATCBC.vectors_aes128_enc @@ -48,7 +65,8 @@ kats128 = defaultKATs ] , kat_XTS = map toKatXTS KATXTS.vectors_aes128_enc , kat_AEAD = map toKatGCM KATGCM.vectors_aes128_enc ++ - map toKatOCB KATOCB3.vectors_aes128_enc + map toKatOCB KATOCB3.vectors_aes128_enc ++ + map toKatCCM KATCCM.vectors_aes128_enc } kats192 = defaultKATs