Re: GCM and XTS: kcapi result not matching with NIST vectors

Stephan Mueller <smueller@xxxxxxxxxx> · Mon, 23 Apr 2018 09:33:18 +0200

Am Montag, 23. April 2018, 07:51:35 CEST schrieb Jitendra Lulla:

Hi Jitendra,

> Hi,
> 
> Consider the following 2 invocations from kcapi and the results we get
> from it. They are not matching with the NIST vectors [links pasted
> below].
> 
> Could somebody please tell why that could be happening?
> 
> thanks
> JItendra
> 
> https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation
> -Program/documents/mac/gcmtestvectors.zip
> 
> /gcmtestvectors/gcmEncryptExtIV192.rsp
> 
> 
> TEST 1:
> GCM
> [Keylen = 192]
> [IVlen = 8 bits]
> [PTlen = 128]
> [AADlen = 0]
> [Taglen = 128]
> 
> NIST vector:
> Key = d4ba70cb3e8d246aa66ebfafd26266b5f08ec3a88000e770
> IV = 13
> PT = 0616236190652619ff51ad2775f2826e
> AAD =
> CT = 52b5f106a01d1cef4c833099ce88a354
> Tag = d8acd529c97efbefb6102a4a9c3dafb2
> 
> attempt1: jlulla@ubuntu:~/libkcapi-1.0.3/bin$ ./kcapi -x 2 -e -c
> "gcm(aes)" -p 0616236190652619ff51ad2775f2826e -k
> d4ba70cb3e8d246aa66ebfafd26266b5f08ec3a88000e770 -i 13 -l 16
> 172e34500211d494ec35171aa488a26e65bc6a61759a974751875ab6fe27caed
> 
> attempt2: jlulla@ubuntu:~/libkcapi-1.0.3/bin$ ./kcapi -x 2 -e -c
> "gcm(aes)" -p 0616236190652619ff51ad2775f2826e -k
> d4ba70cb3e8d246aa66ebfafd26266b5f08ec3a88000e770 -i 13 -a "" -l 16
> 172e34500211d494ec35171aa488a26e65bc6a61759a974751875ab6fe27caed
> 
> attempt3: jlulla@ubuntu:~/libkcapi-1.0.3/bin$ ./kcapi -x 2 -e -c
> "gcm(aes)" -p 0616236190652619ff51ad2775f2826e -k
> d4ba70cb3e8d246aa66ebfafd26266b5f08ec3a88000e770 -i 13 -a 0 -l 16
> 172e34500211d494ec35171aa488a26e65bc6a61759a974751875ab6fe27caed
> 
> 
> SO the tag and the ct both not matching in all 3 attempts above.

IV of 1 byte? See /proc/crypto: IV must be 96 bits.
> 
> 
> TEST 2:
> 
> Similarly for XTS also we have one mismatch:
> https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation
> -Program/documents/aes/XTSTestVectors.zip
> 
> /XTSTestVectors/format tweak value input - 128 hex str/XTSGenAES256.rsp
> 
> kcapi -x 1 -e -c "xts(aes)" -k
> 31c8152b5eddc3b8c3a005a3bbc4c005bb57058ae4a6454c166a620389eaecaea0515433574b
> 0dd6a89496acd475ef78dcf012a47a48c319f89e931404018e15 -p
> 31761b6dece3e962030c01f481c5ca681386176d2ef8034c5db5aa04b613ec00 -i
> 6957d297dc9c9b30f6d016b016d913c5
> 
> Result from tool :
> 1e16b5a44274f8791508cf3dec971aa975e16c702d66f11bc1f00ede540ef82c
> 
> NIST Expected Result :
> ae13222810bc66997bf8b57737990e481e16b5a44274f8791508cf3dec971a80

I need to check that.

Ciao
Stephan