mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2025-06-06 20:43:44 +02:00
Add self-test for AES and AES-GCM using public test vectors.
This commit is contained in:
Adam Ierymenko
parent
521d371b5d
commit
f83ae0e39e
2 changed files with 67 additions and 9 deletions
|
|
@ -56,14 +56,14 @@ endif
|
|||
# Debug mode -- dump trace output, build binary with -g
|
||||
ifeq ($(ZT_DEBUG),1)
|
||||
ZT_TRACE=1
|
||||
CFLAGS+=-Wall -g $(INCLUDES) $(DEFS)
|
||||
CFLAGS+=-Wall -g -maes -mpclmul $(INCLUDES) $(DEFS)
|
||||
STRIP=echo
|
||||
# The following line enables optimization for the crypto code, since
|
||||
# C25519 in particular is almost UNUSABLE in heavy testing without it.
|
||||
node/Salsa20.o node/SHA512.o node/C25519.o node/Poly1305.o: CFLAGS = -Wall -O2 -g $(INCLUDES) $(DEFS)
|
||||
node/Salsa20.o node/SHA512.o node/C25519.o node/Poly1305.o node/AES.o: CFLAGS = -Wall -O2 -g -maes -mpclmul $(INCLUDES) $(DEFS)
|
||||
else
|
||||
CFLAGS?=-Ofast -fstack-protector-strong
|
||||
CFLAGS+=$(ARCH_FLAGS) -Wall -flto -fPIE -mmacosx-version-min=10.7 -DNDEBUG -Wno-unused-private-field $(INCLUDES) $(DEFS)
|
||||
CFLAGS+=$(ARCH_FLAGS) -Wall -flto -fPIE -maes -msse -msse2 -mpclmul -mmacosx-version-min=10.9 -DNDEBUG -Wno-unused-private-field $(INCLUDES) $(DEFS)
|
||||
STRIP=strip
|
||||
endif
|
||||
|
||||
|
|
|
|||
70
selftest.cpp
70
selftest.cpp
|
|
@ -44,6 +44,7 @@
|
|||
#include "node/Buffer.hpp"
|
||||
#include "node/Packet.hpp"
|
||||
#include "node/Salsa20.hpp"
|
||||
#include "node/AES.hpp"
|
||||
#include "node/MAC.hpp"
|
||||
#include "node/NetworkConfig.hpp"
|
||||
#include "node/Peer.hpp"
|
||||
|
|
@ -155,6 +156,16 @@ static const C25519TestVector C25519_TEST_VECTORS[ZT_NUM_C25519_TEST_VECTORS] =
|
|||
{{0x25,0x87,0x1e,0x6f,0xe8,0xd0,0xde,0x1d,0xd5,0xf2,0xd3,0x5b,0xff,0x9e,0x67,0x99,0x60,0xb4,0x0e,0xb7,0x98,0x1b,0x2a,0x3a,0x9c,0xec,0xc1,0xe1,0x2e,0x2b,0xc0,0x3e,0x3c,0xfb,0x64,0x91,0x72,0xc6,0x7e,0x57,0x47,0x00,0x97,0xbf,0x8e,0x0e,0xbf,0xad,0xd9,0x28,0x86,0x7c,0xfd,0x41,0x91,0xae,0x2d,0xee,0xc0,0xb2,0x32,0x7d,0x99,0x7d},{0x63,0xc1,0xf9,0x61,0x9c,0x9e,0x1a,0xd7,0xca,0xa3,0x71,0xd6,0x34,0x3d,0xa7,0x08,0x36,0x0c,0xec,0x37,0x35,0x94,0x1a,0x45,0xa9,0xfa,0xf2,0xb5,0x25,0x92,0xbf,0xd1,0x1e,0xca,0xdd,0x5a,0x23,0xad,0x9e,0x45,0xc3,0x66,0xcb,0x8f,0xda,0xa3,0xd1,0xe6,0x27,0x38,0x11,0x54,0x67,0x31,0x03,0x64,0x35,0xe0,0x68,0x0b,0x93,0xee,0x81,0x17},{0x8b,0x01,0xe9,0x99,0x54,0x54,0x73,0x15,0x0b,0xac,0x38,0x7b,0xe9,0xe3,0x17,0x4f,0x02,0x3e,0xe3,0x8e,0xda,0x41,0xa0,0x9d,0x10,0xe0,0xda,0x11,0xfe,0xec,0x2f,0x42,0xe7,0xc8,0xb3,0xde,0x2f,0x7b,0xfd,0xdf,0x7c,0x34,0x3b,0x5e,0xac,0x22,0x8c,0x99,0x3d,0xa1,0xa9,0xd9,0x81,0xb6,0x51,0xc8,0xaf,0x3e,0x75,0xed,0x45,0xcf,0xf7,0xb9},{0xaf,0xe9,0x9c,0x16,0x4a,0x8f,0x3b,0x0f,0xef,0x71,0x2f,0xaa,0x8d,0x7d,0xce,0xed,0xea,0x31,0x93,0xaf,0x2c,0x75,0xc6,0xfa,0xda,0x3e,0xa6,0xea,0x2a,0x3e,0x7b,0x72,0xb6,0xf8,0xd7,0x9a,0x88,0xcb,0x0b,0x81,0x97,0x24,0x29,0x3b,0x11,0x23,0x69,0xc2,0xff,0x98,0x39,0x25,0x99,0xae,0xe1,0x07,0x3e,0x97,0xde,0x10,0x21,0x23,0x7a,0x2d},{0xbe,0x2f,0xb9,0x4c,0x41,0x5a,0x9a,0xf6,0xfb,0xf8,0x26,0x9d,0x81,0x7f,0x39,0x91,0xaf,0x5b,0xf1,0xd7,0x93,0x0a,0xdf,0x18,0x19,0x4a,0x80,0x74,0x14,0x98,0x2b,0xf2,0x3b,0x25,0xc5,0xe8,0xfc,0x07,0x3f,0x5d,0xa1,0x39,0x27,0x4e,0x1c,0xd2,0x7a,0xfe,0x3e,0x7b,0x03,0x35,0x15,0x9e,0x35,0x2b,0xd0,0xbe,0x67,0x48,0x42,0xdd,0xa4,0xdd},{0xbd,0xcd,0xd7,0xbf,0xb1,0x0a,0xdb,0x9f,0x85,0x42,0xba,0xf4,0xc8,0xff,0xb0,0xe1,0x9a,0x18,0x6d,0x1a,0xe0,0x37,0xc1,0xa2,0xe1,0x1c,0x38,0x55,0x14,0xbf,0x64,0x67,0x84,0x47,0xb6,0x0a,0xf6,0x93,0xf1,0x10,0xab,0x09,0xf0,0x60,0x84,0xe2,0x4e,0x4b,0x5e,0xa2,0xd2,0xd1,0x19,0x22,0xd7,0xc4,0x85,0x13,0x23,0xa3,0x6a,0xb6,0x75,0x0f,0x43,0xe6,0xde,0x7b,0x67,0x2a,0x73,0x77,0x9e,0xb4,0x94,0x6c,0xc3,0x9a,0x67,0x51,0xcf,0xe9,0x47,0x46,0x0e,0x3a,0x12,0x7d,0x7c,0x66,0x73,0x6c,0xd5,0x4a,0x21,0x4d},{0x89,0x7e,0xd0,0xbf,0x2e,0x9f,0x0c,0xff,0x6e,0x56,0x25,0x9b,0x79,0x99,0x52,0x27,0xc2,0x3a,0xaa,0xf0,0x47,0x6d,0xed,0x05,0xa1,0xeb,0x9c,0x92,0x28,0x7f,0x1b,0xc8,0x1c,0x57,0x76,0xab,0x05,0xe3,0xd3,0xb7,0xa3,0xf5,0xac,0xa8,0x21,0x33,0x7c,0xb7,0xe7,0xc2,0xd0,0x25,0x6f,0xdf,0x34,0xd1,0xb0,0x34,0x41,0x46,0x30,0x9c,0x76,0x07,0x43,0xe6,0xde,0x7b,0x67,0x2a,0x73,0x77,0x9e,0xb4,0x94,0x6c,0xc3,0x9a,0x67,0x51,0xcf,0xe9,0x47,0x46,0x0e,0x3a,0x12,0x7d,0x7c,0x66,0x73,0x6c,0xd5,0x4a,0x21,0x4d}}
|
||||
};
|
||||
|
||||
static const uint8_t AES_TEST_VECTOR_0_KEY[32] = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 };
|
||||
static const uint8_t AES_TEST_VECTOR_0_IN[16] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };
|
||||
static const uint8_t AES_TEST_VECTOR_0_OUT[16] = { 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 };
|
||||
|
||||
static const uint8_t AES_GCM_TEST_VECTOR_0_KEY[32] = { 0xfe,0xff,0xe9,0x92,0x86,0x65,0x73,0x1c,0x6d,0x6a,0x8f,0x94,0x67,0x30,0x83,0x08,0xfe,0xff,0xe9,0x92,0x86,0x65,0x73,0x1c,0x6d,0x6a,0x8f,0x94,0x67,0x30,0x83,0x08 };
|
||||
static const uint8_t AES_GCM_TEST_VECTOR_0_IV[12] = { 0xca,0xfe,0xba,0xbe,0xfa,0xce,0xdb,0xad,0xde,0xca,0xf8,0x88 };
|
||||
static const uint8_t AES_GCM_TEST_VECTOR_0_IN[64] = { 0xd9,0x31,0x32,0x25,0xf8,0x84,0x06,0xe5,0xa5,0x59,0x09,0xc5,0xaf,0xf5,0x26,0x9a,0x86,0xa7,0xa9,0x53,0x15,0x34,0xf7,0xda,0x2e,0x4c,0x30,0x3d,0x8a,0x31,0x8a,0x72,0x1c,0x3c,0x0c,0x95,0x95,0x68,0x09,0x53,0x2f,0xcf,0x0e,0x24,0x49,0xa6,0xb5,0x25,0xb1,0x6a,0xed,0xf5,0xaa,0x0d,0xe6,0x57,0xba,0x63,0x7b,0x39,0x1a,0xaf,0xd2,0x55 };
|
||||
static const uint8_t AES_GCM_TEST_VECTOR_0_OUT[64] = { 0x52,0x2d,0xc1,0xf0,0x99,0x56,0x7d,0x07,0xf4,0x7f,0x37,0xa3,0x2a,0x84,0x42,0x7d,0x64,0x3a,0x8c,0xdc,0xbf,0xe5,0xc0,0xc9,0x75,0x98,0xa2,0xbd,0x25,0x55,0xd1,0xaa,0x8c,0xb0,0x8e,0x48,0x59,0x0d,0xbb,0x3d,0xa7,0xb0,0x8b,0x10,0x56,0x82,0x88,0x38,0xc5,0xf6,0x1e,0x63,0x93,0xba,0x7a,0x0a,0xbc,0xc9,0xf6,0x62,0x89,0x80,0x15,0xad };
|
||||
static const uint8_t AES_GCM_TEST_VECTOR_0_TAG[16] = { 0xb0,0x94,0xda,0xc5,0xd9,0x34,0x71,0xbd,0xec,0x1a,0x50,0x22,0x70,0xe3,0xcc,0x6c };
|
||||
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
static int testCrypto()
|
||||
|
|
@ -162,12 +173,57 @@ static int testCrypto()
|
|||
static unsigned char buf1[16384];
|
||||
static unsigned char buf2[sizeof(buf1)],buf3[sizeof(buf1)];
|
||||
static char hexbuf[1024];
|
||||
volatile unsigned char *dummy = (volatile unsigned char *)&(buf1[100]);
|
||||
|
||||
for(int i=0;i<3;++i) {
|
||||
Utils::getSecureRandom(buf1,64);
|
||||
std::cout << "[crypto] getSecureRandom: " << Utils::hex(buf1,64,hexbuf) << std::endl;
|
||||
}
|
||||
|
||||
std::cout << "[crypto] Testing and benchmarking AES-256 and GCM..." << std::endl << " AES-256 (ECB): "; std::cout.flush();
|
||||
AES tv(AES_TEST_VECTOR_0_KEY);
|
||||
tv.encrypt(AES_TEST_VECTOR_0_IN,(uint8_t *)buf1);
|
||||
if (memcmp(buf1,AES_TEST_VECTOR_0_OUT,16) != 0) {
|
||||
std::cout << " FAILED (test vector 0)" << std::endl;
|
||||
return -1;
|
||||
}
|
||||
uint64_t start = OSUtils::now();
|
||||
for(unsigned long i=0;i<20000000;++i) {
|
||||
tv.encrypt((const uint8_t *)buf1,(uint8_t *)buf1);
|
||||
}
|
||||
uint64_t end = OSUtils::now();
|
||||
*dummy = buf1[0]; // prevent optimization
|
||||
std::cout << (20000000.0 / (long double)(end - start)) << " blocks/millisecond" << std::endl;
|
||||
std::cout << " AES-256 (GCM): "; std::cout.flush();
|
||||
tv.gcmEncrypt((const uint8_t *)hexbuf,buf1,sizeof(buf1),nullptr,0,buf2,(uint8_t *)(hexbuf + 32),16);
|
||||
if (!tv.gcmDecrypt((const uint8_t *)hexbuf,buf2,sizeof(buf2),nullptr,0,buf3,(const uint8_t *)(hexbuf + 32),16)) {
|
||||
std::cout << "FAILED (encrypt/decrypt, auth tag mismatch)" << std::endl;
|
||||
return -1;
|
||||
}
|
||||
if (memcmp(buf1,buf3,sizeof(buf1)) != 0) {
|
||||
std::cout << "FAILED (encrypt/decrypt, data mismatch)" << std::endl;
|
||||
return -1;
|
||||
}
|
||||
tv.init(AES_GCM_TEST_VECTOR_0_KEY);
|
||||
tv.gcmEncrypt(AES_GCM_TEST_VECTOR_0_IV,AES_GCM_TEST_VECTOR_0_IN,sizeof(AES_GCM_TEST_VECTOR_0_IN),nullptr,0,(uint8_t *)buf1,(uint8_t *)buf2,16);
|
||||
if (memcmp(buf2,AES_GCM_TEST_VECTOR_0_TAG,16) != 0) {
|
||||
std::cout << "FAILED (test vector, tag mismatch) " << Utils::hex(buf2,16,hexbuf) << std::endl;
|
||||
return -1;
|
||||
}
|
||||
if (memcmp(buf1,AES_GCM_TEST_VECTOR_0_OUT,sizeof(AES_GCM_TEST_VECTOR_0_OUT)) != 0) {
|
||||
std::cout << "FAILED (test vector, ciphertext mismatch) " << Utils::hex(buf2,16,hexbuf) << std::endl;
|
||||
return -1;
|
||||
}
|
||||
double gcmBytes = 0.0;
|
||||
start = OSUtils::now();
|
||||
for(unsigned long i=0;i<150000;++i) {
|
||||
tv.gcmEncrypt((const uint8_t *)hexbuf,buf1,sizeof(buf1),nullptr,0,buf2,(uint8_t *)(hexbuf + 32),16);
|
||||
gcmBytes += (double)sizeof(buf1);
|
||||
}
|
||||
end = OSUtils::now();
|
||||
*dummy = buf1[0];
|
||||
std::cout << ((gcmBytes / 1048576.0) / ((long double)(end - start) / 1000.0)) << " MiB/second" << std::endl;
|
||||
|
||||
std::cout << "[crypto] Testing Salsa20... "; std::cout.flush();
|
||||
for(unsigned int i=0;i<4;++i) {
|
||||
for(unsigned int k=0;k<sizeof(buf1);++k)
|
||||
|
|
@ -215,14 +271,14 @@ static int testCrypto()
|
|||
bb[i] = (unsigned char)i;
|
||||
Salsa20 s20(s20TV0Key,s20TV0Iv);
|
||||
long double bytes = 0.0;
|
||||
uint64_t start = OSUtils::now();
|
||||
start = OSUtils::now();
|
||||
for(unsigned int i=0;i<200;++i) {
|
||||
s20.crypt12(bb,bb,1234567);
|
||||
bytes += 1234567.0;
|
||||
}
|
||||
uint64_t end = OSUtils::now();
|
||||
end = OSUtils::now();
|
||||
SHA512(buf1,bb,1234567);
|
||||
std::cout << ((bytes / 1048576.0) / ((long double)(end - start) / 1024.0)) << " MiB/second (" << Utils::hex(buf1,16,hexbuf) << ')' << std::endl;
|
||||
std::cout << ((bytes / 1048576.0) / ((long double)(end - start) / 1000.0)) << " MiB/second (" << Utils::hex(buf1,16,hexbuf) << ')' << std::endl;
|
||||
::free((void *)bb);
|
||||
}
|
||||
|
||||
|
|
@ -237,7 +293,8 @@ static int testCrypto()
|
|||
bytes += 1234567.0;
|
||||
}
|
||||
uint64_t end = OSUtils::now();
|
||||
std::cout << ((bytes / 1048576.0) / ((double)(end - start) / 1024.0)) << " MiB/second" << std::endl;
|
||||
*dummy = bb[0];
|
||||
std::cout << ((bytes / 1048576.0) / ((double)(end - start) / 1000.0)) << " MiB/second" << std::endl;
|
||||
::free((void *)bb);
|
||||
}
|
||||
#endif
|
||||
|
|
@ -254,7 +311,8 @@ static int testCrypto()
|
|||
bytes += 1234567.0;
|
||||
}
|
||||
uint64_t end = OSUtils::now();
|
||||
std::cout << ((bytes / 1048576.0) / ((double)(end - start) / 1024.0)) << " MiB/second" << std::endl;
|
||||
*dummy = bb[0];
|
||||
std::cout << ((bytes / 1048576.0) / ((double)(end - start) / 1000.0)) << " MiB/second" << std::endl;
|
||||
::free((void *)bb);
|
||||
}
|
||||
}
|
||||
|
|
@ -274,7 +332,7 @@ static int testCrypto()
|
|||
}
|
||||
uint64_t end = OSUtils::now();
|
||||
SHA512(buf1,bb,1234567);
|
||||
std::cout << ((bytes / 1048576.0) / ((long double)(end - start) / 1024.0)) << " MiB/second (" << Utils::hex(buf1,16,hexbuf) << ')' << std::endl;
|
||||
std::cout << ((bytes / 1048576.0) / ((long double)(end - start) / 1000.0)) << " MiB/second (" << Utils::hex(buf1,16,hexbuf) << ')' << std::endl;
|
||||
::free((void *)bb);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue