Swap out CRC calculation in AES in favour of a simple hash
XOR the key bytes upon setting and re-check hash during each use. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek
parent
a00c3eeaca
commit
9539f831b2
9 changed files with 82 additions and 79 deletions
|
|
@ -67,7 +67,7 @@ if(MSVC)
|
|||
endif(MSVC)
|
||||
|
||||
add_test_suite(aes aes.ecb)
|
||||
add_test_suite(aes aes.ecb.crc)
|
||||
add_test_suite(aes aes.ecb.hash)
|
||||
add_test_suite(aes aes.cbc)
|
||||
add_test_suite(aes aes.cfb)
|
||||
add_test_suite(aes aes.ofb)
|
||||
|
|
|
|||
|
|
@ -1,46 +0,0 @@
|
|||
AES-128-ECB Encrypt NIST KAT #1 good CRC
|
||||
aes_encrypt_ecb_crc:"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0:0:1
|
||||
|
||||
AES-128-ECB Encrypt NIST KAT #1 bad CRC
|
||||
aes_encrypt_ecb_crc:"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
|
||||
|
||||
AES-128-ECB Decrypt NIST KAT #1 good CRC
|
||||
depends_on:!MBEDTLS_AES_ONLY_ENCRYPT
|
||||
aes_decrypt_ecb_crc:"00000000000000000000000000000000":"db4f1aa530967d6732ce4715eb0ee24b":"ff000000000000000000000000000000":614:0:1
|
||||
|
||||
AES-128-ECB Decrypt NIST KAT #1 bad CRC
|
||||
depends_on:!MBEDTLS_AES_ONLY_ENCRYPT
|
||||
aes_decrypt_ecb_crc:"00000000000000000000000000000000":"db4f1aa530967d6732ce4715eb0ee24b":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
|
||||
|
||||
AES-192-ECB Encrypt NIST KAT #1 good CRC
|
||||
depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
aes_encrypt_ecb_crc:"000000000000000000000000000000000000000000000000":"fffffffffffffffffffff80000000000":"156f07767a85a4312321f63968338a01":0:0:1
|
||||
|
||||
AES-192-ECB Encrypt NIST KAT #1 bad CRC
|
||||
depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
aes_encrypt_ecb_crc:"000000000000000000000000000000000000000000000000":"fffffffffffffffffffff80000000000":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
|
||||
|
||||
AES-192-ECB Decrypt NIST KAT #1 good CRC
|
||||
depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT
|
||||
aes_decrypt_ecb_crc:"fffffffffffffffffffffffffffffffff000000000000000":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":31004:0:1
|
||||
|
||||
AES-192-ECB Decrypt NIST KAT #1 bad CRC
|
||||
depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT
|
||||
aes_decrypt_ecb_crc:"fffffffffffffffffffffffffffffffff000000000000000":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
|
||||
|
||||
AES-256-ECB Encrypt NIST KAT #1 good CRC
|
||||
depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
aes_encrypt_ecb_crc:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"00000000000000000000000000000000":"352065272169abf9856843927d0674fd":61384:0:1
|
||||
|
||||
AES-256-ECB Encrypt NIST KAT #1 bad CRC
|
||||
depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
aes_encrypt_ecb_crc:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"00000000000000000000000000000000":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
|
||||
|
||||
AES-256-ECB Decrypt NIST KAT #1 good CRC
|
||||
depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT
|
||||
aes_decrypt_ecb_crc:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":32504:0:1
|
||||
|
||||
AES-256-ECB Decrypt NIST KAT #1 bad CRC
|
||||
depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT
|
||||
aes_decrypt_ecb_crc:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
|
||||
|
||||
46
tests/suites/test_suite_aes.ecb.hash.data
Normal file
46
tests/suites/test_suite_aes.ecb.hash.data
Normal file
|
|
@ -0,0 +1,46 @@
|
|||
AES-128-ECB Encrypt NIST KAT #1 good hash
|
||||
aes_encrypt_ecb_hash:"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0:0:1
|
||||
|
||||
AES-128-ECB Encrypt NIST KAT #1 bad hash
|
||||
aes_encrypt_ecb_hash:"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
|
||||
|
||||
AES-128-ECB Decrypt NIST KAT #1 good hash
|
||||
depends_on:!MBEDTLS_AES_ONLY_ENCRYPT
|
||||
aes_decrypt_ecb_hash:"00000000000000000000000000000000":"db4f1aa530967d6732ce4715eb0ee24b":"ff000000000000000000000000000000":2616204230:0:1
|
||||
|
||||
AES-128-ECB Decrypt NIST KAT #1 bad hash
|
||||
depends_on:!MBEDTLS_AES_ONLY_ENCRYPT
|
||||
aes_decrypt_ecb_hash:"00000000000000000000000000000000":"db4f1aa530967d6732ce4715eb0ee24b":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
|
||||
|
||||
AES-192-ECB Encrypt NIST KAT #1 good hash
|
||||
depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
aes_encrypt_ecb_hash:"000000000000000000000000000000000000000000000000":"fffffffffffffffffffff80000000000":"156f07767a85a4312321f63968338a01":0:0:1
|
||||
|
||||
AES-192-ECB Encrypt NIST KAT #1 bad hash
|
||||
depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
aes_encrypt_ecb_hash:"000000000000000000000000000000000000000000000000":"fffffffffffffffffffff80000000000":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
|
||||
|
||||
AES-192-ECB Decrypt NIST KAT #1 good hash
|
||||
depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT
|
||||
aes_decrypt_ecb_hash:"fffffffffffffffffffffffffffffffff000000000000000":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":197398770:0:1
|
||||
|
||||
AES-192-ECB Decrypt NIST KAT #1 bad hash
|
||||
depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT
|
||||
aes_decrypt_ecb_hash:"fffffffffffffffffffffffffffffffff000000000000000":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
|
||||
|
||||
AES-256-ECB Encrypt NIST KAT #1 good hash
|
||||
depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
aes_encrypt_ecb_hash:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"00000000000000000000000000000000":"352065272169abf9856843927d0674fd":1553260283:0:1
|
||||
|
||||
AES-256-ECB Encrypt NIST KAT #1 bad hash
|
||||
depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
aes_encrypt_ecb_hash:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"00000000000000000000000000000000":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
|
||||
|
||||
AES-256-ECB Decrypt NIST KAT #1 good hash
|
||||
depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT
|
||||
aes_decrypt_ecb_hash:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":1875230928:0:1
|
||||
|
||||
AES-256-ECB Decrypt NIST KAT #1 bad hash
|
||||
depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT
|
||||
aes_decrypt_ecb_hash:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
|
||||
|
||||
|
|
@ -371,8 +371,8 @@ exit:
|
|||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY:MBEDTLS_AES_SCA_COUNTERMEASURES:!MBEDTLS_AES_SETKEY_ENC_ALT:!MBEDTLS_AESNI_C */
|
||||
void aes_encrypt_ecb_crc( data_t * key_str, data_t * src_str,
|
||||
data_t * hex_dst_string, unsigned int crc, int crypt_result, int check_crc )
|
||||
void aes_encrypt_ecb_hash( data_t * key_str, data_t * src_str,
|
||||
data_t * hex_dst_string, unsigned int hash, int crypt_result, int check_hash )
|
||||
{
|
||||
unsigned char output[100];
|
||||
mbedtls_aes_context ctx;
|
||||
|
|
@ -383,10 +383,10 @@ void aes_encrypt_ecb_crc( data_t * key_str, data_t * src_str,
|
|||
|
||||
TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
|
||||
|
||||
if( check_crc )
|
||||
TEST_ASSERT( ctx.crc == crc );
|
||||
if( check_hash )
|
||||
TEST_ASSERT( ctx.hash == hash );
|
||||
else
|
||||
ctx.crc = crc;
|
||||
ctx.hash = hash;
|
||||
|
||||
TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str->x, output ) == crypt_result );
|
||||
|
||||
|
|
@ -398,8 +398,8 @@ exit:
|
|||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY:MBEDTLS_AES_SCA_COUNTERMEASURES:!MBEDTLS_AES_SETKEY_ENC_ALT:!MBEDTLS_AESNI_C */
|
||||
void aes_decrypt_ecb_crc( data_t * key_str, data_t * src_str,
|
||||
data_t * hex_dst_string, unsigned int crc, int crypt_result, int check_crc )
|
||||
void aes_decrypt_ecb_hash( data_t * key_str, data_t * src_str,
|
||||
data_t * hex_dst_string, unsigned int hash, int crypt_result, int check_hash )
|
||||
{
|
||||
unsigned char output[100];
|
||||
mbedtls_aes_context ctx;
|
||||
|
|
@ -410,10 +410,10 @@ void aes_decrypt_ecb_crc( data_t * key_str, data_t * src_str,
|
|||
|
||||
TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == 0 );
|
||||
|
||||
if( check_crc )
|
||||
TEST_ASSERT( ctx.crc == crc );
|
||||
if( check_hash )
|
||||
TEST_ASSERT( ctx.hash == hash );
|
||||
else
|
||||
ctx.crc = crc;
|
||||
ctx.hash = hash;
|
||||
|
||||
TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str->x, output ) == crypt_result );
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue