Skip to content

Commit ed331ad

Browse files
ebiggersherbertx
ebiggers
authored and
herbertx
committed
crypto: vmac - add nonced version with big endian digest
Currently the VMAC template uses a "nonce" hardcoded to 0, which makes it insecure unless a unique key is set for every message. Also, the endianness of the final digest is wrong: the implementation uses little endian, but the VMAC specification has it as big endian, as do other VMAC implementations such as the one in Crypto++. Add a new VMAC template where the nonce is passed as the first 16 bytes of data (similar to what is done for Poly1305's nonce), and the digest is big endian. Call it "vmac64", since the old name of simply "vmac" didn't clarify whether the implementation is of VMAC-64 or of VMAC-128 (which produce 64-bit and 128-bit digests respectively); so we fix the naming ambiguity too. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
1 parent bb29648 commit ed331ad

File tree

3 files changed

+273
-18
lines changed

3 files changed

+273
-18
lines changed

crypto/testmgr.c

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3483,6 +3483,12 @@ static const struct alg_test_desc alg_test_descs[] = {
34833483
.suite = {
34843484
.hash = __VECS(aes_vmac128_tv_template)
34853485
}
3486+
}, {
3487+
.alg = "vmac64(aes)",
3488+
.test = alg_test_hash,
3489+
.suite = {
3490+
.hash = __VECS(vmac64_aes_tv_template)
3491+
}
34863492
}, {
34873493
.alg = "wp256",
34883494
.test = alg_test_hash,

crypto/testmgr.h

Lines changed: 155 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4705,6 +4705,161 @@ static const struct hash_testvec aes_vmac128_tv_template[] = {
47054705
},
47064706
};
47074707

4708+
static const char vmac64_string1[144] = {
4709+
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
4710+
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
4711+
'\x01', '\x01', '\x01', '\x01', '\x02', '\x03', '\x02', '\x02',
4712+
'\x02', '\x04', '\x01', '\x07', '\x04', '\x01', '\x04', '\x03',
4713+
};
4714+
4715+
static const char vmac64_string2[144] = {
4716+
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
4717+
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
4718+
'a', 'b', 'c',
4719+
};
4720+
4721+
static const char vmac64_string3[144] = {
4722+
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
4723+
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
4724+
'a', 'b', 'c', 'a', 'b', 'c', 'a', 'b',
4725+
'c', 'a', 'b', 'c', 'a', 'b', 'c', 'a',
4726+
'b', 'c', 'a', 'b', 'c', 'a', 'b', 'c',
4727+
'a', 'b', 'c', 'a', 'b', 'c', 'a', 'b',
4728+
'c', 'a', 'b', 'c', 'a', 'b', 'c', 'a',
4729+
'b', 'c', 'a', 'b', 'c', 'a', 'b', 'c',
4730+
};
4731+
4732+
static const char vmac64_string4[33] = {
4733+
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
4734+
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
4735+
'b', 'c', 'e', 'f', 'i', 'j', 'l', 'm',
4736+
'o', 'p', 'r', 's', 't', 'u', 'w', 'x',
4737+
'z',
4738+
};
4739+
4740+
static const char vmac64_string5[143] = {
4741+
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
4742+
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
4743+
'r', 'm', 'b', 't', 'c', 'o', 'l', 'k',
4744+
']', '%', '9', '2', '7', '!', 'A',
4745+
};
4746+
4747+
static const char vmac64_string6[145] = {
4748+
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
4749+
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
4750+
'p', 't', '*', '7', 'l', 'i', '!', '#',
4751+
'w', '0', 'z', '/', '4', 'A', 'n',
4752+
};
4753+
4754+
static const struct hash_testvec vmac64_aes_tv_template[] = {
4755+
{ /* draft-krovetz-vmac-01 test vector 1 */
4756+
.key = "abcdefghijklmnop",
4757+
.ksize = 16,
4758+
.plaintext = "\0\0\0\0\0\0\0\0bcdefghi",
4759+
.psize = 16,
4760+
.digest = "\x25\x76\xbe\x1c\x56\xd8\xb8\x1b",
4761+
}, { /* draft-krovetz-vmac-01 test vector 2 */
4762+
.key = "abcdefghijklmnop",
4763+
.ksize = 16,
4764+
.plaintext = "\0\0\0\0\0\0\0\0bcdefghiabc",
4765+
.psize = 19,
4766+
.digest = "\x2d\x37\x6c\xf5\xb1\x81\x3c\xe5",
4767+
}, { /* draft-krovetz-vmac-01 test vector 3 */
4768+
.key = "abcdefghijklmnop",
4769+
.ksize = 16,
4770+
.plaintext = "\0\0\0\0\0\0\0\0bcdefghi"
4771+
"abcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc",
4772+
.psize = 64,
4773+
.digest = "\xe8\x42\x1f\x61\xd5\x73\xd2\x98",
4774+
}, { /* draft-krovetz-vmac-01 test vector 4 */
4775+
.key = "abcdefghijklmnop",
4776+
.ksize = 16,
4777+
.plaintext = "\0\0\0\0\0\0\0\0bcdefghi"
4778+
"abcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc"
4779+
"abcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc"
4780+
"abcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc"
4781+
"abcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc"
4782+
"abcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc"
4783+
"abcabcabcabcabcabcabcabcabcabcabcabcabcabcabc",
4784+
.psize = 316,
4785+
.digest = "\x44\x92\xdf\x6c\x5c\xac\x1b\xbe",
4786+
.tap = { 1, 100, 200, 15 },
4787+
.np = 4,
4788+
}, {
4789+
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
4790+
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
4791+
.ksize = 16,
4792+
.plaintext = "\x00\x00\x00\x00\x00\x00\x00\x00"
4793+
"\x00\x00\x00\x00\x00\x00\x00\x00",
4794+
.psize = 16,
4795+
.digest = "\x54\x7b\xa4\x77\x35\x80\x58\x07",
4796+
}, {
4797+
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
4798+
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
4799+
.ksize = 16,
4800+
.plaintext = vmac64_string1,
4801+
.psize = sizeof(vmac64_string1),
4802+
.digest = "\xa1\x8c\x68\xae\xd3\x3c\xf5\xce",
4803+
}, {
4804+
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
4805+
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
4806+
.ksize = 16,
4807+
.plaintext = vmac64_string2,
4808+
.psize = sizeof(vmac64_string2),
4809+
.digest = "\x2d\x14\xbd\x81\x73\xb0\x27\xc9",
4810+
}, {
4811+
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
4812+
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
4813+
.ksize = 16,
4814+
.plaintext = vmac64_string3,
4815+
.psize = sizeof(vmac64_string3),
4816+
.digest = "\x19\x0b\x47\x98\x8c\x95\x1a\x8d",
4817+
}, {
4818+
.key = "abcdefghijklmnop",
4819+
.ksize = 16,
4820+
.plaintext = "\x00\x00\x00\x00\x00\x00\x00\x00"
4821+
"\x00\x00\x00\x00\x00\x00\x00\x00",
4822+
.psize = 16,
4823+
.digest = "\x84\x8f\x55\x9e\x26\xa1\x89\x3b",
4824+
}, {
4825+
.key = "abcdefghijklmnop",
4826+
.ksize = 16,
4827+
.plaintext = vmac64_string1,
4828+
.psize = sizeof(vmac64_string1),
4829+
.digest = "\xc2\x74\x8d\xf6\xb0\xab\x5e\xab",
4830+
}, {
4831+
.key = "abcdefghijklmnop",
4832+
.ksize = 16,
4833+
.plaintext = vmac64_string2,
4834+
.psize = sizeof(vmac64_string2),
4835+
.digest = "\xdf\x09\x7b\x3d\x42\x68\x15\x11",
4836+
}, {
4837+
.key = "abcdefghijklmnop",
4838+
.ksize = 16,
4839+
.plaintext = vmac64_string3,
4840+
.psize = sizeof(vmac64_string3),
4841+
.digest = "\xd4\xfa\x8f\xed\xe1\x8f\x32\x8b",
4842+
}, {
4843+
.key = "a09b5cd!f#07K\x00\x00\x00",
4844+
.ksize = 16,
4845+
.plaintext = vmac64_string4,
4846+
.psize = sizeof(vmac64_string4),
4847+
.digest = "\x5f\xa1\x4e\x42\xea\x0f\xa5\xab",
4848+
}, {
4849+
.key = "a09b5cd!f#07K\x00\x00\x00",
4850+
.ksize = 16,
4851+
.plaintext = vmac64_string5,
4852+
.psize = sizeof(vmac64_string5),
4853+
.digest = "\x60\x67\xe8\x1d\xbc\x98\x31\x25",
4854+
}, {
4855+
.key = "a09b5cd!f#07K\x00\x00\x00",
4856+
.ksize = 16,
4857+
.plaintext = vmac64_string6,
4858+
.psize = sizeof(vmac64_string6),
4859+
.digest = "\x41\xeb\x65\x95\x47\x9b\xae\xc4",
4860+
},
4861+
};
4862+
47084863
/*
47094864
* SHA384 HMAC test vectors from RFC4231
47104865
*/

0 commit comments

Comments
 (0)