From 965b70c32f52cc5737f9c6fda7378e5f7bd6cf2f Mon Sep 17 00:00:00 2001 From: toddouska Date: Thu, 21 Mar 2013 08:49:12 -0700 Subject: [PATCH] add mcapi aes direct with tests --- configure.ac | 2 +- mcapi/crypto.c | 19 +++++ mcapi/crypto.h | 11 ++- mcapi/test.c | 185 +++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 214 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index ede11860b..ea4fb0898 100644 --- a/configure.ac +++ b/configure.ac @@ -1171,7 +1171,7 @@ AC_ARG_ENABLE([mcapi], if test "$ENABLED_MCAPI" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DHAVE_MCAPI -DCYASSL_AES_COUNTER" + AM_CFLAGS="$AM_CFLAGS -DHAVE_MCAPI -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT" fi if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_SHA512" = "no" diff --git a/mcapi/crypto.c b/mcapi/crypto.c index 87e0daa2a..28e969916 100644 --- a/mcapi/crypto.c +++ b/mcapi/crypto.c @@ -368,6 +368,25 @@ int CRYPT_AES_CTR_Encrypt(CRYPT_AES_CTX* aes, unsigned char* out, } +/* AES Direct mode encrypt, one block at a time */ +int CRYPT_AES_DIRECT_Encrypt(CRYPT_AES_CTX* aes, unsigned char* out, + const unsigned char* in) +{ + AesEncryptDirect((Aes*)aes, out, in); + + return 0; +} + + +/* AES Direct mode decrypt, one block at a time */ +int CRYPT_AES_DIRECT_Decrypt(CRYPT_AES_CTX* aes, unsigned char* out, + const unsigned char* in) +{ + AesDecryptDirect((Aes*)aes, out, in); + + return 0; +} + diff --git a/mcapi/crypto.h b/mcapi/crypto.h index 6351cc8ce..e54d1d10c 100644 --- a/mcapi/crypto.h +++ b/mcapi/crypto.h @@ -181,11 +181,18 @@ int CRYPT_AES_CBC_Decrypt(CRYPT_AES_CTX*, unsigned char*, int CRYPT_AES_CTR_Encrypt(CRYPT_AES_CTX*, unsigned char*, const unsigned char*, unsigned int); +/* direct, one block at a time */ +int CRYPT_AES_DIRECT_Encrypt(CRYPT_AES_CTX*, unsigned char*, + const unsigned char*); +int CRYPT_AES_DIRECT_Decrypt(CRYPT_AES_CTX*, unsigned char*, + const unsigned char*); -/* key direction flags for setup */ + +/* key direction flags for setup, ctr always uses ENCRYPT flag */ enum { CRYPT_AES_ENCRYPTION = 0, - CRYPT_AES_DECRYPTION = 1 + CRYPT_AES_DECRYPTION = 1, + CRYPT_AES_BLOCK_SIZE = 16 }; diff --git a/mcapi/test.c b/mcapi/test.c index d8ada844a..b7db00c8a 100644 --- a/mcapi/test.c +++ b/mcapi/test.c @@ -63,6 +63,7 @@ static int check_rng(void); static int check_des3(void); static int check_aescbc(void); static int check_aesctr(void); +static int check_aesdirect(void); int main(int argc, char** argv) @@ -159,6 +160,12 @@ int main(int argc, char** argv) return -1; } + ret = check_aesdirect(); + if (ret != 0) { + printf("mcapi check_aes direct failed\n"); + return -1; + } + XFREE(iv, NULL, DYNAMIC_TYPE_KEY); @@ -930,4 +937,182 @@ static int check_aesctr(void) } +/* check mcapi aes direct */ +static int check_aesdirect(void) +{ + CRYPT_AES_CTX mcAes; + Aes defAes; + int ret; + byte out1[CRYPT_AES_BLOCK_SIZE]; + byte out2[16]; /* one block at a time */ + + strncpy((char*)key, "1234567890abcdefghijklmnopqrstuv", 32); + strncpy((char*)iv, "1234567890abcdef", 16); + + /* 128 direct encrypt */ + ret = CRYPT_AES_KeySet(&mcAes, key, 16, iv, CRYPT_AES_ENCRYPTION); + if (ret != 0) { + printf("mcapi aes-128 key set failed\n"); + return -1; + } + ret = AesSetKey(&defAes, key, 16, iv, AES_ENCRYPTION); + if (ret != 0) { + printf("default aes-128 key set failed\n"); + return -1; + } + + ret = CRYPT_AES_DIRECT_Encrypt(&mcAes, out1, ourData); + if (ret != 0) { + printf("mcapi aes-128 direct encrypt failed\n"); + return -1; + } + AesEncryptDirect(&defAes, out2, ourData); + + if (memcmp(out1, out2, CRYPT_AES_BLOCK_SIZE) != 0) { + printf("mcapi aes-128 direct encrypt cmp failed\n"); + return -1; + } + + /* 128 direct decrypt */ + ret = CRYPT_AES_KeySet(&mcAes, key, 16, iv, CRYPT_AES_DECRYPTION); + if (ret != 0) { + printf("mcapi aes-128 key set failed\n"); + return -1; + } + ret = AesSetKey(&defAes, key, 16, iv, DES_DECRYPTION); + if (ret != 0) { + printf("default aes-128 key set failed\n"); + return -1; + } + + ret = CRYPT_AES_DIRECT_Decrypt(&mcAes, out2, out1); + if (ret != 0) { + printf("mcapi aes-128 direct decrypt failed\n"); + return -1; + } + AesDecryptDirect(&defAes, out1, out1); + + if (memcmp(out1, out2, CRYPT_AES_BLOCK_SIZE) != 0) { + printf("mcapi aes-128 direct decrypt cmp failed\n"); + return -1; + } + + if (memcmp(out1, ourData, CRYPT_AES_BLOCK_SIZE) != 0) { + printf("mcapi aes-128 direct decrypt orig cmp failed\n"); + return -1; + } + + /* 192 direct encrypt */ + ret = CRYPT_AES_KeySet(&mcAes, key, 24, iv, CRYPT_AES_ENCRYPTION); + if (ret != 0) { + printf("mcapi aes-192 key set failed\n"); + return -1; + } + ret = AesSetKey(&defAes, key, 24, iv, AES_ENCRYPTION); + if (ret != 0) { + printf("default aes-192 key set failed\n"); + return -1; + } + + ret = CRYPT_AES_DIRECT_Encrypt(&mcAes, out1, ourData); + if (ret != 0) { + printf("mcapi aes-192 direct encrypt failed\n"); + return -1; + } + AesEncryptDirect(&defAes, out2, ourData); + + if (memcmp(out1, out2, CRYPT_AES_BLOCK_SIZE) != 0) { + printf("mcapi aes-192 direct encrypt cmp failed\n"); + return -1; + } + + /* 192 direct decrypt */ + ret = CRYPT_AES_KeySet(&mcAes, key, 24, iv, CRYPT_AES_DECRYPTION); + if (ret != 0) { + printf("mcapi aes-192 key set failed\n"); + return -1; + } + ret = AesSetKey(&defAes, key, 24, iv, AES_DECRYPTION); + if (ret != 0) { + printf("default aes-192 key set failed\n"); + return -1; + } + + ret = CRYPT_AES_DIRECT_Decrypt(&mcAes, out2, out1); + if (ret != 0) { + printf("mcapi aes-192 direct decrypt failed\n"); + return -1; + } + AesDecryptDirect(&defAes, out1, out1); + + if (memcmp(out1, out2, CRYPT_AES_BLOCK_SIZE) != 0) { + printf("mcapi aes-192 direct decrypt cmp failed\n"); + return -1; + } + + if (memcmp(out1, ourData, CRYPT_AES_BLOCK_SIZE) != 0) { + printf("mcapi aes-192 direct decrypt orig cmp failed\n"); + return -1; + } + + /* 256 direct encrypt */ + ret = CRYPT_AES_KeySet(&mcAes, key, 32, iv, CRYPT_AES_ENCRYPTION); + if (ret != 0) { + printf("mcapi aes-256 key set failed\n"); + return -1; + } + ret = AesSetKey(&defAes, key, 32, iv, AES_ENCRYPTION); + if (ret != 0) { + printf("default aes-256 key set failed\n"); + return -1; + } + + ret = CRYPT_AES_DIRECT_Encrypt(&mcAes, out1, ourData); + if (ret != 0) { + printf("mcapi aes-256 direct encrypt failed\n"); + return -1; + } + AesEncryptDirect(&defAes, out2, ourData); + + if (memcmp(out1, out2, CRYPT_AES_BLOCK_SIZE) != 0) { + printf("mcapi aes-256 direct encrypt cmp failed\n"); + return -1; + } + + /* 256 direct decrypt */ + ret = CRYPT_AES_KeySet(&mcAes, key, 32, iv, CRYPT_AES_DECRYPTION); + if (ret != 0) { + printf("mcapi aes-256 key set failed\n"); + return -1; + } + ret = AesSetKey(&defAes, key, 32, iv, AES_DECRYPTION); + if (ret != 0) { + printf("default aes-256 key set failed\n"); + return -1; + } + + ret = CRYPT_AES_DIRECT_Decrypt(&mcAes, out2, out1); + if (ret != 0) { + printf("mcapi aes-256 direct decrypt failed\n"); + return -1; + } + AesDecryptDirect(&defAes, out1, out1); + + if (memcmp(out1, out2, CRYPT_AES_BLOCK_SIZE) != 0) { + printf("mcapi aes-256 direct decrypt cmp failed\n"); + return -1; + } + + if (memcmp(out1, ourData, CRYPT_AES_BLOCK_SIZE) != 0) { + printf("mcapi aes-256 direct decrypt orig cmp failed\n"); + return -1; + } + + printf("aes-direct mcapi test passed\n"); + + return 0; +} + + +