Add AESCCM test vectors for testing

cbits/cryptonite_aes.c

@@ -460,13 +460,13 @@ static void ccm_encode_b0(block128* output, aes_ccm* ccm, int has_adata)
 }
 
 /* encode adata length */
-static int ccm_encode_la(block128* output, unsigned la)
+static int ccm_encode_la(block128* output, uint32_t la)
 {
 	if (la < ( (1 << 16) - (1 << 8)) ) {
 		output->b[0] = (la >> 8) & 0xff;
 		output->b[1] = la        & 0xff;
 		return 2;
-	} else if (la < (1ull << 32)) {
+	} else {
 		output->b[0] = 0xff;
 		output->b[1] = 0xfe;
 		output->b[2] = (la >> 24) & 0xff;
@@ -504,7 +504,7 @@ void cryptonite_aes_ccm_init(aes_ccm *ccm, aes_key *key, uint8_t *nonce, uint32_
 	if (m != 4 && m != 6 && m != 8 && m != 10
 		   && m != 12 && m != 14 && m != 16) return;
 
-	if (nonce_len != 15 - l) {
+	if (nonce_len > 15 - l) {
 		nonce_len = 15 - l;
 	}
 

cbits/cryptonite_aes.h

@@ -61,10 +61,10 @@ typedef struct {
 	aes_block header_cbcmac;
 	aes_block b0;
 	aes_block nonce;
-	unsigned length_aad;
+	uint32_t length_aad;
-	unsigned length_input;
+	uint32_t length_input;
-        int      length_M;
+        uint32_t length_M;
-        int      length_L;
+        uint32_t length_L;
 } aes_ccm;
 
 typedef struct {

cryptonite.cabal

@@ -377,6 +377,7 @@ Test-Suite test-cryptonite
                      KAT_AES.KATCBC
                      KAT_AES.KATECB
                      KAT_AES.KATGCM
+                     KAT_AES.KATCCM
                      KAT_AES.KATOCB3
                      KAT_AES.KATXTS
                      KAT_AES

tests/BlockCipher.hs

@@ -161,7 +161,7 @@ testKATs kats cipher = testGroup "KAT"
      ++ maybeGroup makeCFBTest "CFB" (kat_CFB kats)
      ++ maybeGroup makeCTRTest "CTR" (kat_CTR kats)
      -- ++ maybeGroup makeXTSTest "XTS" (kat_XTS kats)
-     -- ++ maybeGroup makeAEADTest "AEAD" (kat_AEAD kats)
+     ++ maybeGroup makeAEADTest "AEAD" (kat_AEAD kats)
     )
   where makeECBTest i d =
             [ testCase ("E" ++ i) (ecbEncrypt ctx (ecbPlaintext d) @?= ecbCiphertext d)
@@ -191,25 +191,24 @@ testKATs kats cipher = testGroup "KAT"
             [ testCase ("E" ++ i) (xtsEncrypt ctx iv 0 (xtsPlaintext d) @?= xtsCiphertext d)
             , testCase ("D" ++ i) (xtsDecrypt ctx iv 0 (xtsCiphertext d) @?= xtsPlaintext d)
             ]
-          where ctx1 = cipherInit (cipherMakeKey cipher $ xtsKey1 d)
+          where ctx1 = cipherInitNoErr (cipherMakeKey cipher $ xtsKey1 d)
-                ctx2 = cipherInit (cipherMakeKey cipher $ xtsKey2 d)
+                ctx2 = cipherInitNoErr (cipherMakeKey cipher $ xtsKey2 d)
                 ctx  = (ctx1, ctx2)
                 iv   = cipherMakeIV cipher $ xtsIV d
+-}
         makeAEADTest i d =
-            [ testCase ("AE" ++ i) (etag @?= aeadTag d)
+            [ testCase ("AE" ++ i) (etag @?= AuthTag (B.convert (aeadTag d)))
-            , testCase ("AD" ++ i) (dtag @?= aeadTag d)
+            , testCase ("AD" ++ i) (dtag @?= AuthTag (B.convert (aeadTag d)))
             , testCase ("E" ++ i)  (ebs @?= aeadCiphertext d)
             , testCase ("D" ++ i)  (dbs @?= aeadPlaintext d)
             ]
-          where ctx  = cipherInit (cipherMakeKey cipher $ aeadKey d)
+          where ctx  = cipherInitNoErr (cipherMakeKey cipher $ aeadKey d)
-                aead = maybe (error $ "cipher doesn't support aead mode: " ++ show (aeadMode d)) id
+                aead = aeadInitNoErr (aeadMode d) ctx (aeadIV d)
-                     $ aeadInit (aeadMode d) ctx (aeadIV d)
                 aeadHeaded     = aeadAppendHeader aead (aeadHeader d)
                 (ebs,aeadEFinal) = aeadEncrypt aeadHeaded (aeadPlaintext d)
                 (dbs,aeadDFinal) = aeadDecrypt aeadHeaded (aeadCiphertext d)
                 etag = aeadFinalize aeadEFinal (aeadTaglen d)
                 dtag = aeadFinalize aeadDFinal (aeadTaglen d)
--}
 
         cipherInitNoErr :: BlockCipher c => Key c -> c
         cipherInitNoErr (Key k) =
@@ -217,6 +216,11 @@ testKATs kats cipher = testGroup "KAT"
                 CryptoPassed a -> a
                 CryptoFailed e -> error (show e)
 
+        aeadInitNoErr :: (ByteArrayAccess iv, BlockCipher cipher) => AEADMode -> cipher -> iv -> AEAD cipher
+        aeadInitNoErr mode ct iv =
+            case aeadInit mode ct iv of
+                CryptoPassed a -> a
+                CryptoFailed _ -> error $ "cipher does'nt support aead mode: " ++ show mode
 ------------------------------------------------------------------------
 -- Properties
 ------------------------------------------------------------------------

tests/KAT_AES.hs

@@ -3,13 +3,15 @@ module KAT_AES (tests) where
 
 import Imports
 import BlockCipher
+import Data.Maybe
 import Crypto.Cipher.Types
 import qualified Crypto.Cipher.AES as AES
-
+import qualified Data.ByteString as B
 import qualified KAT_AES.KATECB as KATECB
 import qualified KAT_AES.KATCBC as KATCBC
 import qualified KAT_AES.KATXTS as KATXTS
 import qualified KAT_AES.KATGCM as KATGCM
+import qualified KAT_AES.KATCCM as KATCCM
 import qualified KAT_AES.KATOCB3 as KATOCB3
 
 {-
@@ -37,6 +39,21 @@ toKatAEAD mode (k,iv,h,p,c,taglen,tag) =
 toKatGCM = toKatAEAD AEAD_GCM
 toKatOCB = toKatAEAD AEAD_OCB
 
+toKatCCM (k,iv,h,i,o,m) =
+  KAT_AEAD { aeadMode = AEAD_CCM (B.length i) (ccmMVal m) CCM_L2
+           , aeadKey  = k
+           , aeadIV   = iv
+           , aeadHeader = h
+           , aeadPlaintext = i
+           , aeadCiphertext = ct
+           , aeadTaglen = m
+           , aeadTag = at
+           }
+  where ccmMVal x = fromMaybe CCM_M16 (lookup x [ (4, CCM_M4), (6, CCM_M6), (8, CCM_M8), (10, CCM_M10),
+                                                  (12, CCM_M12), (14, CCM_M14), (16, CCM_M16) ])
+        ctWithTag = B.drop (B.length h) o
+        (ct, at)  = B.splitAt (B.length ctWithTag - m) ctWithTag
+
 kats128 = defaultKATs
     { kat_ECB  = map toKatECB KATECB.vectors_aes128_enc
     , kat_CBC  = map toKatCBC KATCBC.vectors_aes128_enc
@@ -48,7 +65,8 @@ kats128 = defaultKATs
                  ]
     , kat_XTS  = map toKatXTS KATXTS.vectors_aes128_enc
     , kat_AEAD = map toKatGCM KATGCM.vectors_aes128_enc ++
-                 map toKatOCB KATOCB3.vectors_aes128_enc
+                 map toKatOCB KATOCB3.vectors_aes128_enc ++
+                 map toKatCCM KATCCM.vectors_aes128_enc
     }
 
 kats192 = defaultKATs