]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/modes_internal_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Simplify the handling of shared library version numbers
[thirdparty/openssl.git] / test / modes_internal_test.c
CommitLineData
f2ae2348
RL		 1/*
2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/* Internal tests for the modes module */
11
12#include <stdio.h>
13#include <string.h>
14
15#include <openssl/aes.h>
16#include <openssl/modes.h>
17#include "../crypto/modes/modes_lcl.h"
18#include "testutil.h"
19#include "e_os.h"
20
21typedef struct {
22 size_t size;
23 const unsigned char *data;
24} SIZED_DATA;
25
26/**********************************************************************
27 *
28 * Test of cts128
29 *
30 ***/
31
f2ae2348
RL		 32/* cts128 test vectors from RFC 3962 */
33static const unsigned char cts128_test_key[16] = "chicken teriyaki";
34static const unsigned char cts128_test_input[64] =
35 "I would like the" " General Gau's C"
36 "hicken, please, " "and wonton soup.";
37static const unsigned char cts128_test_iv[] =
38 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
39
40static const unsigned char vector_17[17] = {
41 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
42 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
43 0x97
44};
45
46static const unsigned char vector_31[31] = {
47 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
48 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
49 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
50 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
51};
52
53static const unsigned char vector_32[32] = {
54 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
55 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
56 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
57 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
58};
59
60static const unsigned char vector_47[47] = {
61 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
62 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
63 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
64 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
65 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
66 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
67};
68
69static const unsigned char vector_48[48] = {
70 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
71 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
72 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
73 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
74 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
75 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
76};
77
78static const unsigned char vector_64[64] = {
79 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
80 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
81 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
82 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
83 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
84 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
85 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
86 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
87};
88
89#define CTS128_TEST_VECTOR(len) \
90 { \
91 sizeof(vector_##len), vector_##len \
92 }
93static const SIZED_DATA cts128_vectors[] = {
94 CTS128_TEST_VECTOR(17),
95 CTS128_TEST_VECTOR(31),
96 CTS128_TEST_VECTOR(32),
97 CTS128_TEST_VECTOR(47),
98 CTS128_TEST_VECTOR(48),
99 CTS128_TEST_VECTOR(64),
100};
101
102static AES_KEY *cts128_encrypt_key_schedule()
103{
104 static int init_key = 1;
105 static AES_KEY ks;
106
107 if (init_key) {
108 AES_set_encrypt_key(cts128_test_key, 128, &ks);
109 init_key = 0;
110 }
111 return &ks;
112}
113
114static AES_KEY *cts128_decrypt_key_schedule()
115{
116 static int init_key = 1;
117 static AES_KEY ks;
118
119 if (init_key) {
120 AES_set_decrypt_key(cts128_test_key, 128, &ks);
121 init_key = 0;
122 }
123 return &ks;
124}
125
d836d71b
EK		 126typedef struct {
127 const char *case_name;
128 int num;
129 size_t (*transform_output)(const unsigned char *in, unsigned char *out,
130 size_t len);
131 size_t (*encrypt_block)(const unsigned char *in,
132 unsigned char *out, size_t len,
133 const void *key, unsigned char ivec[16],
134 block128_f block);
135 size_t (*encrypt)(const unsigned char *in, unsigned char *out,
136 size_t len, const void *key,
137 unsigned char ivec[16], cbc128_f cbc);
138 size_t (*decrypt_block)(const unsigned char *in,
139 unsigned char *out, size_t len,
140 const void *key, unsigned char ivec[16],
141 block128_f block);
142 size_t (*decrypt)(const unsigned char *in, unsigned char *out,
143 size_t len, const void *key,
144 unsigned char ivec[16], cbc128_f cbc);
145} CTS128_FIXTURE;
146
147
148static CTS128_FIXTURE setup_cts128(const char *const test_case_name)
149{
150 CTS128_FIXTURE fixture;
151 fixture.case_name = test_case_name;
152 return fixture;
153}
154
155static size_t transform_output(const unsigned char *in, unsigned char *out,
156 size_t len)
157{
158 size_t tail;
159
160 memcpy(out, in, len);
161 if ((tail = len % 16) == 0)
162 tail = 16;
163 tail += 16;
164
165 return tail;
166}
167
168static size_t transform_output_nist(const unsigned char *in, unsigned char *out,
169 size_t len)
170{
171 size_t tail;
172
173 if ((tail = len % 16) == 0)
174 tail = 16;
175 len -= 16 + tail;
176 memcpy(out, in, len);
177 /* flip two last blocks */
178 memcpy(out + len, in + len + 16, tail);
179 memcpy(out + len + tail, in + len, 16);
180 len += 16 + tail;
181 tail = 16;
182
183 return tail;
184}
185
186static int execute_cts128(CTS128_FIXTURE fixture)
187{
188 const unsigned char *test_iv = cts128_test_iv;
189 size_t test_iv_len = sizeof(cts128_test_iv);
190 const unsigned char *orig_vector = cts128_vectors[fixture.num].data;
191 size_t len = cts128_vectors[fixture.num].size;
192 const unsigned char *test_input = cts128_test_input;
193 const AES_KEY *encrypt_key_schedule = cts128_encrypt_key_schedule();
194 const AES_KEY *decrypt_key_schedule = cts128_decrypt_key_schedule();
195 unsigned char iv[16];
196 /* The largest test inputs are = 64 bytes. */
197 unsigned char cleartext[64], ciphertext[64], vector[64];
198 size_t tail;
199
f3ab6c16 200 TEST_info("%s_vector_%lu", fixture.case_name, (unsigned long)len);
d836d71b
EK		 201
202 tail = fixture.transform_output(orig_vector, vector, len);
203
204 /* test block-based encryption */
205 memcpy(iv, test_iv, test_iv_len);
206 fixture.encrypt_block(test_input, ciphertext, len,
207 encrypt_key_schedule, iv,
208 (block128_f)AES_encrypt);
f3ab6c16 209 if (!TEST_mem_eq(ciphertext, len, vector, len))
d836d71b 210 return 0;
f3ab6c16
RS		 211
212 if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
d836d71b 213 return 0;
d836d71b
EK		 214
215 /* test block-based decryption */
216 memcpy(iv, test_iv, test_iv_len);
217 fixture.decrypt_block(ciphertext, cleartext, len,
218 decrypt_key_schedule, iv,
219 (block128_f)AES_decrypt);
f3ab6c16 220 if (!TEST_mem_eq(cleartext, len, test_input, len))
d836d71b 221 return 0;
f3ab6c16 222 if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
d836d71b 223 return 0;
d836d71b
EK		 224
225 /* test streamed encryption */
226 memcpy(iv, test_iv, test_iv_len);
227 fixture.encrypt(test_input, ciphertext, len, encrypt_key_schedule,
228 iv, (cbc128_f) AES_cbc_encrypt);
f3ab6c16 229 if (!TEST_mem_eq(ciphertext, len, vector, len))
d836d71b 230 return 0;
f3ab6c16 231 if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
d836d71b 232 return 0;
d836d71b
EK		 233
234 /* test streamed decryption */
235 memcpy(iv, test_iv, test_iv_len);
236 fixture.decrypt(ciphertext, cleartext, len, decrypt_key_schedule, iv,
237 (cbc128_f)AES_cbc_encrypt);
f3ab6c16 238 if (!TEST_mem_eq(cleartext, len, test_input, len))
d836d71b 239 return 0;
f3ab6c16 240 if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
d836d71b 241 return 0;
d836d71b
EK		 242
243 return 1;
244}
245
246static int test_cts128(int idx)
f2ae2348
RL		 247{
248 SETUP_TEST_FIXTURE(CTS128_FIXTURE, setup_cts128);
d836d71b
EK		 249 fixture.transform_output = transform_output;
250 fixture.encrypt_block = CRYPTO_cts128_encrypt_block;
251 fixture.encrypt = CRYPTO_cts128_encrypt;
252 fixture.decrypt_block = CRYPTO_cts128_decrypt_block;
253 fixture.decrypt = CRYPTO_cts128_decrypt;
254 fixture.case_name = "cts128";
f2ae2348 255 fixture.num = idx;
d836d71b 256 EXECUTE_TEST_NO_TEARDOWN(execute_cts128);
f2ae2348
RL		 257}
258
d836d71b 259static int test_cts128_nist(int idx)
f2ae2348
RL		 260{
261 SETUP_TEST_FIXTURE(CTS128_FIXTURE, setup_cts128);
d836d71b
EK		 262 fixture.transform_output = transform_output_nist;
263 fixture.encrypt_block = CRYPTO_nistcts128_encrypt_block;
264 fixture.encrypt = CRYPTO_nistcts128_encrypt;
265 fixture.decrypt_block = CRYPTO_nistcts128_decrypt_block;
266 fixture.decrypt = CRYPTO_nistcts128_decrypt;
267 fixture.case_name = "cts128_nist";
f2ae2348 268 fixture.num = idx;
d836d71b 269 EXECUTE_TEST_NO_TEARDOWN(execute_cts128);
f2ae2348
RL		 270}
271
f3ab6c16 272/*
d836d71b
EK		 273 *
274 * Test of gcm128
275 *
f3ab6c16 276 */
d836d71b 277
f2ae2348
RL		 278/* Test Case 1 */
279static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 };
280static const u8 T1[] = {
281 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
282 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a
283};
284
285/* Test Case 2 */
286# define K2 K1
287# define A2 A1
288# define IV2 IV1
289static const u8 P2[16];
290static const u8 C2[] = {
291 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
292 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78
293};
294
295static const u8 T2[] = {
296 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
297 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf
298};
299
300/* Test Case 3 */
301# define A3 A2
302static const u8 K3[] = {
303 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
304 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
305};
306
307static const u8 P3[] = {
308 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
309 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
310 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
311 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
312 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
313 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
314 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
315 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
316};
317
318static const u8 IV3[] = {
319 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
320 0xde, 0xca, 0xf8, 0x88
321};
322
323static const u8 C3[] = {
324 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
325 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
326 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
327 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
328 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
329 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
330 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
331 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85
332};
333
334static const u8 T3[] = {
335 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
336 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4
337};
338
339/* Test Case 4 */
340# define K4 K3
341# define IV4 IV3
342static const u8 P4[] = {
343 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
344 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
345 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
346 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
347 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
348 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
349 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
350 0xba, 0x63, 0x7b, 0x39
351};
352
353static const u8 A4[] = {
354 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
355 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
356 0xab, 0xad, 0xda, 0xd2
357};
358
359static const u8 C4[] = {
360 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
361 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
362 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
363 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
364 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
365 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
366 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
367 0x3d, 0x58, 0xe0, 0x91
368};
369
370static const u8 T4[] = {
371 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
372 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47
373};
374
375/* Test Case 5 */
376# define K5 K4
377# define P5 P4
378# define A5 A4
379static const u8 IV5[] = {
380 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
381};
382
383static const u8 C5[] = {
384 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
385 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
386 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
387 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
388 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
389 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
390 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
391 0xc2, 0x3f, 0x45, 0x98
392};
393
394static const u8 T5[] = {
395 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
396 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb
397};
398
399/* Test Case 6 */
400# define K6 K5
401# define P6 P5
402# define A6 A5
403static const u8 IV6[] = {
404 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
405 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
406 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
407 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
408 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
409 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
410 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
411 0xa6, 0x37, 0xb3, 0x9b
412};
413
414static const u8 C6[] = {
415 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
416 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
417 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
418 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
419 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
420 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
421 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
422 0x4c, 0x34, 0xae, 0xe5
423};
424
425static const u8 T6[] = {
426 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
427 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50
428};
429
430/* Test Case 7 */
431static const u8 K7[24], P7[] = { 0 }, A7[] = { 0 }, IV7[12], C7[] = { 0 };
432static const u8 T7[] = {
433 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
434 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35
435};
436
437/* Test Case 8 */
438# define K8 K7
439# define IV8 IV7
440# define A8 A7
441static const u8 P8[16];
442static const u8 C8[] = {
443 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
444 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00
445};
446
447static const u8 T8[] = {
448 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
449 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb
450};
451
452/* Test Case 9 */
453# define A9 A8
454static const u8 K9[] = {
455 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
456 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
457 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
458};
459
460static const u8 P9[] = {
461 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
462 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
463 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
464 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
465 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
466 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
467 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
468 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
469};
470
471static const u8 IV9[] = {
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
473 0xde, 0xca, 0xf8, 0x88
474};
475
476static const u8 C9[] = {
477 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
478 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
479 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
480 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
481 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
482 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
483 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
484 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56
485};
486
487static const u8 T9[] = {
488 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
489 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14
490};
491
492/* Test Case 10 */
493# define K10 K9
494# define IV10 IV9
495static const u8 P10[] = {
496 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
497 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
498 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
499 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
500 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
501 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
502 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
503 0xba, 0x63, 0x7b, 0x39
504};
505
506static const u8 A10[] = {
507 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
508 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
509 0xab, 0xad, 0xda, 0xd2
510};
511
512static const u8 C10[] = {
513 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
514 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
515 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
516 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
517 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
518 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
519 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
520 0xcc, 0xda, 0x27, 0x10
521};
522
523static const u8 T10[] = {
524 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
525 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c
526};
527
528/* Test Case 11 */
529# define K11 K10
530# define P11 P10
531# define A11 A10
532static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
533
534static const u8 C11[] = {
535 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
536 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
537 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
538 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
539 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
540 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
541 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
542 0xa0, 0xf0, 0x62, 0xf7
543};
544
545static const u8 T11[] = {
546 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
547 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8
548};
549
550/* Test Case 12 */
551# define K12 K11
552# define P12 P11
553# define A12 A11
554static const u8 IV12[] = {
555 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
556 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
557 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
558 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
559 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
560 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
561 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
562 0xa6, 0x37, 0xb3, 0x9b
563};
564
565static const u8 C12[] = {
566 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
567 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
568 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
569 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
570 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
571 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
572 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
573 0xe9, 0xb7, 0x37, 0x3b
574};
575
576static const u8 T12[] = {
577 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
578 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
579};
580
581/* Test Case 13 */
582static const u8 K13[32], P13[] = { 0 }, A13[] = { 0 }, IV13[12], C13[] = { 0 };
583static const u8 T13[] = {
584 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
585 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b
586};
587
588/* Test Case 14 */
589# define K14 K13
590# define A14 A13
591static const u8 P14[16], IV14[12];
592static const u8 C14[] = {
593 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
594 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18
595};
596
597static const u8 T14[] = {
598 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
599 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19
600};
601
602/* Test Case 15 */
603# define A15 A14
604static const u8 K15[] = {
605 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
606 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
607 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
608 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
609};
610
611static const u8 P15[] = {
612 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
613 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
614 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
615 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
616 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
617 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
618 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
619 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
620};
621
622static const u8 IV15[] = {
623 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
624 0xde, 0xca, 0xf8, 0x88
625};
626
627static const u8 C15[] = {
628 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
629 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
630 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
631 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
632 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
633 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
634 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
635 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
636};
637
638static const u8 T15[] = {
639 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
640 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c
641};
642
643/* Test Case 16 */
644# define K16 K15
645# define IV16 IV15
646static const u8 P16[] = {
647 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
648 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
649 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
650 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
651 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
652 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
653 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
654 0xba, 0x63, 0x7b, 0x39
655};
656
657static const u8 A16[] = {
658 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
659 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
660 0xab, 0xad, 0xda, 0xd2
661};
662
663static const u8 C16[] = {
664 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
665 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
666 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
667 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
668 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
669 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
670 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
671 0xbc, 0xc9, 0xf6, 0x62
672};
673
674static const u8 T16[] = {
675 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
676 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
677};
678
679/* Test Case 17 */
680# define K17 K16
681# define P17 P16
682# define A17 A16
683static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
684
685static const u8 C17[] = {
686 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
687 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
688 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
689 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
690 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
691 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
692 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
693 0xf4, 0x7c, 0x9b, 0x1f
694};
695
696static const u8 T17[] = {
697 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
698 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2
699};
700
701/* Test Case 18 */
702# define K18 K17
703# define P18 P17
704# define A18 A17
705static const u8 IV18[] = {
706 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
707 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
708 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
709 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
710 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
711 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
712 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
713 0xa6, 0x37, 0xb3, 0x9b
714};
715
716static const u8 C18[] = {
717 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
718 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
719 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
720 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
721 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
722 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
723 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
724 0x44, 0xae, 0x7e, 0x3f
725};
726
727static const u8 T18[] = {
728 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
729 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a
730};
731
732/* Test Case 19 */
733# define K19 K1
734# define P19 P1
735# define IV19 IV1
736# define C19 C1
737static const u8 A19[] = {
738 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
739 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
740 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
741 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
742 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
743 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
744 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
745 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
746 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
747 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
748 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
749 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
750 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
751 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
752 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
753 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
754};
755
756static const u8 T19[] = {
757 0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d,
758 0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92
759};
760
761/* Test Case 20 */
762# define K20 K1
763# define A20 A1
764/* this results in 0xff in counter LSB */
765static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff };
766
767static const u8 P20[288];
768static const u8 C20[] = {
769 0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a,
770 0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14,
771 0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce,
772 0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f,
773 0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70,
774 0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18,
775 0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf,
776 0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49,
777 0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab,
778 0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c,
779 0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c,
780 0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29,
781 0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1,
782 0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76,
783 0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2,
784 0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce,
785 0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f,
786 0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86,
787 0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb,
788 0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18,
789 0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65,
790 0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42,
791 0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b,
792 0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06,
793 0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24,
794 0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c,
795 0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4,
796 0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64,
797 0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03,
798 0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6,
799 0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90,
800 0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74,
801 0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67,
802 0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46,
803 0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78,
804 0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c
805};
806
807static const u8 T20[] = {
808 0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a,
809 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f
810};
811
812#define GCM128_TEST_VECTOR(n) \
813 { \
814 {sizeof(K##n), K##n}, \
815 {sizeof(IV##n), IV##n}, \
816 {sizeof(A##n), A##n}, \
817 {sizeof(P##n), P##n}, \
818 {sizeof(C##n), C##n}, \
819 {sizeof(T##n), T##n} \
820 }
821static struct gcm128_data {
822 const SIZED_DATA K;
823 const SIZED_DATA IV;
824 const SIZED_DATA A;
825 const SIZED_DATA P;
826 const SIZED_DATA C;
827 const SIZED_DATA T;
828} gcm128_vectors[] = {
829 GCM128_TEST_VECTOR(1),
830 GCM128_TEST_VECTOR(2),
831 GCM128_TEST_VECTOR(3),
832 GCM128_TEST_VECTOR(4),
833 GCM128_TEST_VECTOR(5),
834 GCM128_TEST_VECTOR(6),
835 GCM128_TEST_VECTOR(7),
836 GCM128_TEST_VECTOR(8),
837 GCM128_TEST_VECTOR(9),
838 GCM128_TEST_VECTOR(10),
839 GCM128_TEST_VECTOR(11),
840 GCM128_TEST_VECTOR(12),
841 GCM128_TEST_VECTOR(13),
842 GCM128_TEST_VECTOR(14),
843 GCM128_TEST_VECTOR(15),
844 GCM128_TEST_VECTOR(16),
845 GCM128_TEST_VECTOR(17),
846 GCM128_TEST_VECTOR(18),
847 GCM128_TEST_VECTOR(19),
848 GCM128_TEST_VECTOR(20)
849};
850
d836d71b 851static int test_gcm128(int idx)
f2ae2348 852{
d836d71b
EK		 853 unsigned char out[512];
854 SIZED_DATA K = gcm128_vectors[idx].K;
855 SIZED_DATA IV = gcm128_vectors[idx].IV;
856 SIZED_DATA A = gcm128_vectors[idx].A;
857 SIZED_DATA P = gcm128_vectors[idx].P;
858 SIZED_DATA C = gcm128_vectors[idx].C;
859 SIZED_DATA T = gcm128_vectors[idx].T;
860 GCM128_CONTEXT ctx;
861 AES_KEY key;
d836d71b
EK		 862
863 /* Size 1 inputs are special-cased to signal NULL. */
864 if (A.size == 1)
865 A.data = NULL;
866 if (P.size == 1)
867 P.data = NULL;
868 if (C.size == 1)
869 C.data = NULL;
870
871 AES_set_encrypt_key(K.data, K.size * 8, &key);
872
873 CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt);
874 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
875 memset(out, 0, P.size);
f3ab6c16 876 if (A.data != NULL)
d836d71b 877 CRYPTO_gcm128_aad(&ctx, A.data, A.size);
f3ab6c16 878 if (P.data != NULL)
d836d71b 879 CRYPTO_gcm128_encrypt( &ctx, P.data, out, P.size);
f3ab6c16
RS		 880 if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
881 || (C.data != NULL
882 && !TEST_mem_eq(out, P.size, C.data, P.size)))
883 return 0;
d836d71b
EK		 884
885 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
886 memset(out, 0, P.size);
f3ab6c16 887 if (A.data != NULL)
d836d71b 888 CRYPTO_gcm128_aad(&ctx, A.data, A.size);
f3ab6c16 889 if (C.data != NULL)
d836d71b 890 CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size);
f3ab6c16
RS		 891 if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
892 || (P.data != NULL
893 && !TEST_mem_eq(out, P.size, P.data, P.size)))
894 return 0;
d836d71b 895
f3ab6c16 896 return 1;
d836d71b
EK		 897}
898
899static void benchmark_gcm128(const unsigned char *K, size_t Klen,
900 const unsigned char *IV, size_t IVlen)
901{
902#ifdef OPENSSL_CPUID_OBJ
903 GCM128_CONTEXT ctx;
904 AES_KEY key;
905 size_t start, gcm_t, ctr_t, OPENSSL_rdtsc();
906 union {
907 u64 u;
908 u8 c[1024];
909 } buf;
910
911 AES_set_encrypt_key(K, Klen * 8, &key);
912 CRYPTO_gcm128_init(&ctx, &key, (block128_f) AES_encrypt);
913 CRYPTO_gcm128_setiv(&ctx, IV, IVlen);
914
915 CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf));
916 start = OPENSSL_rdtsc();
917 CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf));
918 gcm_t = OPENSSL_rdtsc() - start;
919
920 CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf),
921 &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres,
922 (block128_f) AES_encrypt);
923 start = OPENSSL_rdtsc();
924 CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf),
925 &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres,
926 (block128_f) AES_encrypt);
927 ctr_t = OPENSSL_rdtsc() - start;
928
929 printf("%.2f-%.2f=%.2f\n",
930 gcm_t / (double)sizeof(buf),
931 ctr_t / (double)sizeof(buf),
932 (gcm_t - ctr_t) / (double)sizeof(buf));
933# ifdef GHASH
934 {
935 void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
936 const u8 *inp, size_t len) = ctx.ghash;
937
938 GHASH((&ctx), buf.c, sizeof(buf));
939 start = OPENSSL_rdtsc();
940 for (i = 0; i < 100; ++i)
941 GHASH((&ctx), buf.c, sizeof(buf));
942 gcm_t = OPENSSL_rdtsc() - start;
943 printf("%.2f\n", gcm_t / (double)sizeof(buf) / (double)i);
944 }
945# endif
946#else
947 fprintf(stderr,
948 "Benchmarking of modes isn't available on this platform\n");
949#endif
f2ae2348
RL		 950}
951
e364c3b2 952int test_main(int argc, char **argv)
f2ae2348
RL		 953{
954 int result = 0;
955 int iter_argv;
956 int benchmark = 0;
957
958 for (iter_argv = 1; iter_argv < argc; iter_argv++) {
959 if (strcmp(argv[iter_argv], "-b") == 0)
960 benchmark = 1;
961 else if (strcmp(argv[iter_argv], "-h") == 0)
962 goto help;
963 }
964
d836d71b
EK		 965 ADD_ALL_TESTS(test_cts128, OSSL_NELEM(cts128_vectors));
966 ADD_ALL_TESTS(test_cts128_nist, OSSL_NELEM(cts128_vectors));
967 ADD_ALL_TESTS(test_gcm128, OSSL_NELEM(gcm128_vectors));
f2ae2348
RL		 968
969 result = run_tests(argv[0]);
970
971 if (benchmark)
972 benchmark_gcm128(K1, sizeof(K1), IV1, sizeof(IV1));
973
974 return result;
975
976 help:
977 printf("-h\tThis help\n");
978 printf("-b\tBenchmark gcm128 in addition to the tests\n");
979
980 return 0;
981}
A mirror of the official openssl repository