[Botan-devel] AES Test Vectors

Jack Lloyd lloyd at randombit.net
Thu Jun 2 10:37:11 EDT 2005


Hi Martin,

The problem is that the Monte Carlo tests are not very clear. How they
actually work is that each iteration is done 10000 times, not just one
as you would expect. If you replace the line

           c->encrypt(pt, test_ct);

with

         c->encrypt(pt, test_ct);
         for(int j = 0; j != 9999; j++)
            c->encrypt(test_ct);

you'll see that the vectors match.

-Jack

On Thu, Jun 02, 2005 at 03:57:53PM +0200, Martin Vejmelka wrote:
> Hello everybody,
> 
> I have been trying to test the Botan AES-128 implementation in ECB and 
> CBC modes
> agains the test vectors submitted to and published by NIST
> 
> http://csrc.nist.gov/CryptoToolkit/aes/rijndael/rijndael-vals.zip
> 
> specifically in the files:
> 
> ecb_e_m.txt
> cbc_e_m.txt
> 
> which are the Monte Carlo Tests.
> 
> Concentrating on the ECB mode, I have tried using a pipe object as well as
> instantiating the AES_128 class directly and setting the key and 
> encrypting the
> block via encrypt().
> 
> The ciphertext does not match in any of the test vectors. I have 
> verified by looking at that the
> source code that AES_128() has the correct number of rounds (10) and I 
> definitely initialize
> with the correct key (verified by debugging).  I don't know if I am 
> making a mistake somewhere
> in my code or different test vectors apply.  Has anyone else checked the 
> AES implementation in Botan ?
> 
> The source code I use to extract the test vectors and test the 
> encryption in Botan is here. I have simplified
> the code and detached if from all type libraries and such that I 
> normally use.
> 
> --------------------------------------------------***--------------------------------------------------------- 
> 
> #include <botan/botan.h>
> #include <botan/aes.h>
> 
> #include <assert.h>
> 
> using namespace Botan;
> 
> void hex2bin(const byte * src, int len, byte * dst)
> {
>   for(int i = 0; i < len; i+=2)
>   {
>       byte c = *src++;
> 
>       if( (c >= 'a' && c <= 'f') )
>       {
>           *dst = (c - 'a' + 10) << 4;
>       }
>       else if(c >= 'A' && c <= 'F')
>       {
>           *dst = (c - 'A' + 10) << 4;
>       }
>       else if(c >= '0' && c <= '9')
>       {
>           *dst = (c - '0') << 4;
>       }
> 
>       c = *src++;
> 
>       if( (c >= 'a' && c <= 'f') )
>       {
>           *dst += (c - 'a' + 10);
>       }
>       else if(c >= 'A' && c <= 'F')
>       {
>           *dst += (c - 'A' + 10);
>       }
>       else if(c >= '0' && c <= '9')
>       {
>           *dst += (c - '0');
>       }
> 
>       ++dst;
>   }
> }
> 
> 
> void print_hex16(char * name, byte * buf)
> {
>   printf("%-8s", name);
>   for(int i = 0; i < 16; i++)
>       printf("%02X", (int)buf[i]);
>   printf("\n");
> }
> 
> 
> int main(int argc, char ** argv)
> {
>   // init the cipher lib
>   Botan::LibraryInitializer init;
> 
>   FILE * f = fopen("ecb_e_m.txt", "r");
>   assert(f);
> 
>   char s[256];
> 
>   while(!feof(f))
>   {
>       fgets(s, 256, f);
> 
>       if((strlen(s) > 2) && (s[0] == 'I') && (s[1] == '='))
>       {
>           byte key[16], pt[16], ct[16], test_ct[16];
> 
>           fgets(s, 256, f);
>           hex2bin((byte*)s + 4, 32, key);
> 
>           fgets(s, 256, f);
>           hex2bin((byte*)s + 3, 32, pt);
> 
>           fgets(s, 256, f);
>           hex2bin((byte*)s + 3, 32, ct);
> 
>           // print params
>           print_hex16("key", key);
>           print_hex16("pt", pt);
>           print_hex16("ct", ct);
> 
>           // get the AES block cipher obj
>           BlockCipher * c = get_block_cipher("AES-128");
>           c->set_key(key, 16);
>           c->encrypt(pt, test_ct);
>           delete c;
> 
>           print_hex16("test_ct", test_ct);
>           printf("\n\n");
>       }
>   }
> 
>   return 0;
> }
> --------------------------------------------------***--------------------------------------------------------- 
> 
> 
> Regards,
> 
> Martin
> 
> _______________________________________________
> botan-devel mailing list
> botan-devel at randombit.net
> http://www.randombit.net/mailman/listinfo/botan-devel



More information about the botan-devel mailing list