]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/modes_internal_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Make asn1 fuzzer more reproducible
[thirdparty/openssl.git] / test / modes_internal_test.c
CommitLineData
f2ae2348
RL		 1/*
2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/* Internal tests for the modes module */
11
12#include <stdio.h>
13#include <string.h>
14
15#include <openssl/aes.h>
16#include <openssl/modes.h>
17#include "../crypto/modes/modes_lcl.h"
18#include "testutil.h"
e364c3b2 19#include "test_main_custom.h"
f2ae2348
RL		 20#include "e_os.h"
21
22typedef struct {
23 size_t size;
24 const unsigned char *data;
25} SIZED_DATA;
26
27/**********************************************************************
28 *
29 * Test of cts128
30 *
31 ***/
32
f2ae2348
RL		 33/* cts128 test vectors from RFC 3962 */
34static const unsigned char cts128_test_key[16] = "chicken teriyaki";
35static const unsigned char cts128_test_input[64] =
36 "I would like the" " General Gau's C"
37 "hicken, please, " "and wonton soup.";
38static const unsigned char cts128_test_iv[] =
39 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
40
41static const unsigned char vector_17[17] = {
42 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
43 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
44 0x97
45};
46
47static const unsigned char vector_31[31] = {
48 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
49 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
50 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
51 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
52};
53
54static const unsigned char vector_32[32] = {
55 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
56 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
57 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
58 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
59};
60
61static const unsigned char vector_47[47] = {
62 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
63 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
64 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
65 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
66 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
67 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
68};
69
70static const unsigned char vector_48[48] = {
71 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
72 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
73 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
74 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
75 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
76 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
77};
78
79static const unsigned char vector_64[64] = {
80 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
81 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
82 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
83 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
84 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
85 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
86 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
87 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
88};
89
90#define CTS128_TEST_VECTOR(len) \
91 { \
92 sizeof(vector_##len), vector_##len \
93 }
94static const SIZED_DATA cts128_vectors[] = {
95 CTS128_TEST_VECTOR(17),
96 CTS128_TEST_VECTOR(31),
97 CTS128_TEST_VECTOR(32),
98 CTS128_TEST_VECTOR(47),
99 CTS128_TEST_VECTOR(48),
100 CTS128_TEST_VECTOR(64),
101};
102
103static AES_KEY *cts128_encrypt_key_schedule()
104{
105 static int init_key = 1;
106 static AES_KEY ks;
107
108 if (init_key) {
109 AES_set_encrypt_key(cts128_test_key, 128, &ks);
110 init_key = 0;
111 }
112 return &ks;
113}
114
115static AES_KEY *cts128_decrypt_key_schedule()
116{
117 static int init_key = 1;
118 static AES_KEY ks;
119
120 if (init_key) {
121 AES_set_decrypt_key(cts128_test_key, 128, &ks);
122 init_key = 0;
123 }
124 return &ks;
125}
126
d836d71b
EK		 127typedef struct {
128 const char *case_name;
129 int num;
130 size_t (*transform_output)(const unsigned char *in, unsigned char *out,
131 size_t len);
132 size_t (*encrypt_block)(const unsigned char *in,
133 unsigned char *out, size_t len,
134 const void *key, unsigned char ivec[16],
135 block128_f block);
136 size_t (*encrypt)(const unsigned char *in, unsigned char *out,
137 size_t len, const void *key,
138 unsigned char ivec[16], cbc128_f cbc);
139 size_t (*decrypt_block)(const unsigned char *in,
140 unsigned char *out, size_t len,
141 const void *key, unsigned char ivec[16],
142 block128_f block);
143 size_t (*decrypt)(const unsigned char *in, unsigned char *out,
144 size_t len, const void *key,
145 unsigned char ivec[16], cbc128_f cbc);
146} CTS128_FIXTURE;
147
148
149static CTS128_FIXTURE setup_cts128(const char *const test_case_name)
150{
151 CTS128_FIXTURE fixture;
152 fixture.case_name = test_case_name;
153 return fixture;
154}
155
156static size_t transform_output(const unsigned char *in, unsigned char *out,
157 size_t len)
158{
159 size_t tail;
160
161 memcpy(out, in, len);
162 if ((tail = len % 16) == 0)
163 tail = 16;
164 tail += 16;
165
166 return tail;
167}
168
169static size_t transform_output_nist(const unsigned char *in, unsigned char *out,
170 size_t len)
171{
172 size_t tail;
173
174 if ((tail = len % 16) == 0)
175 tail = 16;
176 len -= 16 + tail;
177 memcpy(out, in, len);
178 /* flip two last blocks */
179 memcpy(out + len, in + len + 16, tail);
180 memcpy(out + len + tail, in + len, 16);
181 len += 16 + tail;
182 tail = 16;
183
184 return tail;
185}
186
187static int execute_cts128(CTS128_FIXTURE fixture)
188{
189 const unsigned char *test_iv = cts128_test_iv;
190 size_t test_iv_len = sizeof(cts128_test_iv);
191 const unsigned char *orig_vector = cts128_vectors[fixture.num].data;
192 size_t len = cts128_vectors[fixture.num].size;
193 const unsigned char *test_input = cts128_test_input;
194 const AES_KEY *encrypt_key_schedule = cts128_encrypt_key_schedule();
195 const AES_KEY *decrypt_key_schedule = cts128_decrypt_key_schedule();
196 unsigned char iv[16];
197 /* The largest test inputs are = 64 bytes. */
198 unsigned char cleartext[64], ciphertext[64], vector[64];
199 size_t tail;
200
201 fprintf(stderr, "%s_vector_%" OSSLzu "\n", fixture.case_name, len);
202 fflush(stdout);
203
204 tail = fixture.transform_output(orig_vector, vector, len);
205
206 /* test block-based encryption */
207 memcpy(iv, test_iv, test_iv_len);
208 fixture.encrypt_block(test_input, ciphertext, len,
209 encrypt_key_schedule, iv,
210 (block128_f)AES_encrypt);
211 if (memcmp(ciphertext, vector, len)) {
212 fprintf(stderr, "block encrypt: output_%" OSSLzu " mismatch\n", len);
213 return 0;
214 }
215 if (memcmp(iv, vector + len - tail, sizeof(iv))) {
216 fprintf(stderr, "block encrypt: iv_%" OSSLzu " mismatch\n", len);
217 return 0;
218 }
219
220 /* test block-based decryption */
221 memcpy(iv, test_iv, test_iv_len);
222 fixture.decrypt_block(ciphertext, cleartext, len,
223 decrypt_key_schedule, iv,
224 (block128_f)AES_decrypt);
225 if (memcmp(cleartext, test_input, len)) {
226 fprintf(stderr, "block decrypt: input_%" OSSLzu " mismatch\n", len);
227 return 0;
228 }
229 if (memcmp(iv, vector + len - tail, sizeof(iv))) {
230 fprintf(stderr, "block decrypt: iv_%" OSSLzu " mismatch\n", len);
231 return 0;
232 }
233
234 /* test streamed encryption */
235 memcpy(iv, test_iv, test_iv_len);
236 fixture.encrypt(test_input, ciphertext, len, encrypt_key_schedule,
237 iv, (cbc128_f) AES_cbc_encrypt);
238 if (memcmp(ciphertext, vector, len)) {
239 fprintf(stderr, "stream encrypt: output_%" OSSLzu " mismatch\n", len);
240 return 0;
241 }
242 if (memcmp(iv, vector + len - tail, sizeof(iv))) {
243 fprintf(stderr, "stream encrypt: iv_%" OSSLzu " mismatch\n", len);
244 return 0;
245 }
246
247 /* test streamed decryption */
248 memcpy(iv, test_iv, test_iv_len);
249 fixture.decrypt(ciphertext, cleartext, len, decrypt_key_schedule, iv,
250 (cbc128_f)AES_cbc_encrypt);
251 if (memcmp(cleartext, test_input, len)) {
252 fprintf(stderr, "stream decrypt: input_%" OSSLzu " mismatch\n", len);
253 return 0;
254 }
255 if (memcmp(iv, vector + len - tail, sizeof(iv))) {
256 fprintf(stderr, "stream decrypt: iv_%" OSSLzu " mismatch\n", len);
257 return 0;
258 }
259
260 return 1;
261}
262
263static int test_cts128(int idx)
f2ae2348
RL		 264{
265 SETUP_TEST_FIXTURE(CTS128_FIXTURE, setup_cts128);
d836d71b
EK		 266 fixture.transform_output = transform_output;
267 fixture.encrypt_block = CRYPTO_cts128_encrypt_block;
268 fixture.encrypt = CRYPTO_cts128_encrypt;
269 fixture.decrypt_block = CRYPTO_cts128_decrypt_block;
270 fixture.decrypt = CRYPTO_cts128_decrypt;
271 fixture.case_name = "cts128";
f2ae2348 272 fixture.num = idx;
d836d71b 273 EXECUTE_TEST_NO_TEARDOWN(execute_cts128);
f2ae2348
RL		 274}
275
d836d71b 276static int test_cts128_nist(int idx)
f2ae2348
RL		 277{
278 SETUP_TEST_FIXTURE(CTS128_FIXTURE, setup_cts128);
d836d71b
EK		 279 fixture.transform_output = transform_output_nist;
280 fixture.encrypt_block = CRYPTO_nistcts128_encrypt_block;
281 fixture.encrypt = CRYPTO_nistcts128_encrypt;
282 fixture.decrypt_block = CRYPTO_nistcts128_decrypt_block;
283 fixture.decrypt = CRYPTO_nistcts128_decrypt;
284 fixture.case_name = "cts128_nist";
f2ae2348 285 fixture.num = idx;
d836d71b 286 EXECUTE_TEST_NO_TEARDOWN(execute_cts128);
f2ae2348
RL		 287}
288
d836d71b
EK		 289/**********************************************************************
290 *
291 * Test of gcm128
292 *
293 ***/
294
f2ae2348
RL		 295/* Test Case 1 */
296static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 };
297static const u8 T1[] = {
298 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
299 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a
300};
301
302/* Test Case 2 */
303# define K2 K1
304# define A2 A1
305# define IV2 IV1
306static const u8 P2[16];
307static const u8 C2[] = {
308 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
309 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78
310};
311
312static const u8 T2[] = {
313 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
314 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf
315};
316
317/* Test Case 3 */
318# define A3 A2
319static const u8 K3[] = {
320 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
321 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
322};
323
324static const u8 P3[] = {
325 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
326 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
327 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
328 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
329 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
330 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
331 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
332 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
333};
334
335static const u8 IV3[] = {
336 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
337 0xde, 0xca, 0xf8, 0x88
338};
339
340static const u8 C3[] = {
341 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
342 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
343 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
344 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
345 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
346 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
347 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
348 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85
349};
350
351static const u8 T3[] = {
352 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
353 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4
354};
355
356/* Test Case 4 */
357# define K4 K3
358# define IV4 IV3
359static const u8 P4[] = {
360 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
361 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
362 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
363 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
364 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
365 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
366 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
367 0xba, 0x63, 0x7b, 0x39
368};
369
370static const u8 A4[] = {
371 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
372 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
373 0xab, 0xad, 0xda, 0xd2
374};
375
376static const u8 C4[] = {
377 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
378 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
379 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
380 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
381 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
382 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
383 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
384 0x3d, 0x58, 0xe0, 0x91
385};
386
387static const u8 T4[] = {
388 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
389 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47
390};
391
392/* Test Case 5 */
393# define K5 K4
394# define P5 P4
395# define A5 A4
396static const u8 IV5[] = {
397 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
398};
399
400static const u8 C5[] = {
401 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
402 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
403 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
404 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
405 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
406 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
407 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
408 0xc2, 0x3f, 0x45, 0x98
409};
410
411static const u8 T5[] = {
412 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
413 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb
414};
415
416/* Test Case 6 */
417# define K6 K5
418# define P6 P5
419# define A6 A5
420static const u8 IV6[] = {
421 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
422 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
423 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
424 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
425 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
426 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
427 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
428 0xa6, 0x37, 0xb3, 0x9b
429};
430
431static const u8 C6[] = {
432 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
433 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
434 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
435 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
436 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
437 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
438 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
439 0x4c, 0x34, 0xae, 0xe5
440};
441
442static const u8 T6[] = {
443 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
444 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50
445};
446
447/* Test Case 7 */
448static const u8 K7[24], P7[] = { 0 }, A7[] = { 0 }, IV7[12], C7[] = { 0 };
449static const u8 T7[] = {
450 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
451 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35
452};
453
454/* Test Case 8 */
455# define K8 K7
456# define IV8 IV7
457# define A8 A7
458static const u8 P8[16];
459static const u8 C8[] = {
460 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
461 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00
462};
463
464static const u8 T8[] = {
465 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
466 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb
467};
468
469/* Test Case 9 */
470# define A9 A8
471static const u8 K9[] = {
472 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
473 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
474 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
475};
476
477static const u8 P9[] = {
478 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
479 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
480 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
481 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
482 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
483 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
484 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
485 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
486};
487
488static const u8 IV9[] = {
489 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
490 0xde, 0xca, 0xf8, 0x88
491};
492
493static const u8 C9[] = {
494 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
495 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
496 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
497 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
498 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
499 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
500 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
501 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56
502};
503
504static const u8 T9[] = {
505 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
506 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14
507};
508
509/* Test Case 10 */
510# define K10 K9
511# define IV10 IV9
512static const u8 P10[] = {
513 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
514 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
515 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
516 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
517 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
518 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
519 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
520 0xba, 0x63, 0x7b, 0x39
521};
522
523static const u8 A10[] = {
524 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
525 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
526 0xab, 0xad, 0xda, 0xd2
527};
528
529static const u8 C10[] = {
530 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
531 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
532 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
533 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
534 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
535 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
536 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
537 0xcc, 0xda, 0x27, 0x10
538};
539
540static const u8 T10[] = {
541 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
542 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c
543};
544
545/* Test Case 11 */
546# define K11 K10
547# define P11 P10
548# define A11 A10
549static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
550
551static const u8 C11[] = {
552 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
553 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
554 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
555 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
556 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
557 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
558 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
559 0xa0, 0xf0, 0x62, 0xf7
560};
561
562static const u8 T11[] = {
563 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
564 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8
565};
566
567/* Test Case 12 */
568# define K12 K11
569# define P12 P11
570# define A12 A11
571static const u8 IV12[] = {
572 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
573 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
574 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
575 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
576 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
577 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
578 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
579 0xa6, 0x37, 0xb3, 0x9b
580};
581
582static const u8 C12[] = {
583 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
584 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
585 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
586 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
587 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
588 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
589 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
590 0xe9, 0xb7, 0x37, 0x3b
591};
592
593static const u8 T12[] = {
594 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
595 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
596};
597
598/* Test Case 13 */
599static const u8 K13[32], P13[] = { 0 }, A13[] = { 0 }, IV13[12], C13[] = { 0 };
600static const u8 T13[] = {
601 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
602 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b
603};
604
605/* Test Case 14 */
606# define K14 K13
607# define A14 A13
608static const u8 P14[16], IV14[12];
609static const u8 C14[] = {
610 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
611 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18
612};
613
614static const u8 T14[] = {
615 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
616 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19
617};
618
619/* Test Case 15 */
620# define A15 A14
621static const u8 K15[] = {
622 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
623 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
624 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
625 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
626};
627
628static const u8 P15[] = {
629 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
630 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
631 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
632 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
633 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
634 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
635 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
636 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
637};
638
639static const u8 IV15[] = {
640 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
641 0xde, 0xca, 0xf8, 0x88
642};
643
644static const u8 C15[] = {
645 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
646 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
647 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
648 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
649 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
650 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
651 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
652 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
653};
654
655static const u8 T15[] = {
656 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
657 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c
658};
659
660/* Test Case 16 */
661# define K16 K15
662# define IV16 IV15
663static const u8 P16[] = {
664 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
665 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
666 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
667 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
668 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
669 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
670 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
671 0xba, 0x63, 0x7b, 0x39
672};
673
674static const u8 A16[] = {
675 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
676 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
677 0xab, 0xad, 0xda, 0xd2
678};
679
680static const u8 C16[] = {
681 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
682 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
683 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
684 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
685 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
686 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
687 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
688 0xbc, 0xc9, 0xf6, 0x62
689};
690
691static const u8 T16[] = {
692 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
693 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
694};
695
696/* Test Case 17 */
697# define K17 K16
698# define P17 P16
699# define A17 A16
700static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
701
702static const u8 C17[] = {
703 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
704 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
705 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
706 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
707 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
708 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
709 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
710 0xf4, 0x7c, 0x9b, 0x1f
711};
712
713static const u8 T17[] = {
714 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
715 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2
716};
717
718/* Test Case 18 */
719# define K18 K17
720# define P18 P17
721# define A18 A17
722static const u8 IV18[] = {
723 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
724 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
725 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
726 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
727 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
728 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
729 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
730 0xa6, 0x37, 0xb3, 0x9b
731};
732
733static const u8 C18[] = {
734 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
735 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
736 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
737 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
738 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
739 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
740 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
741 0x44, 0xae, 0x7e, 0x3f
742};
743
744static const u8 T18[] = {
745 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
746 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a
747};
748
749/* Test Case 19 */
750# define K19 K1
751# define P19 P1
752# define IV19 IV1
753# define C19 C1
754static const u8 A19[] = {
755 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
756 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
757 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
758 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
759 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
760 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
761 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
762 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
763 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
764 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
765 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
766 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
767 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
768 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
769 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
770 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
771};
772
773static const u8 T19[] = {
774 0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d,
775 0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92
776};
777
778/* Test Case 20 */
779# define K20 K1
780# define A20 A1
781/* this results in 0xff in counter LSB */
782static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff };
783
784static const u8 P20[288];
785static const u8 C20[] = {
786 0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a,
787 0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14,
788 0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce,
789 0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f,
790 0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70,
791 0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18,
792 0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf,
793 0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49,
794 0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab,
795 0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c,
796 0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c,
797 0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29,
798 0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1,
799 0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76,
800 0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2,
801 0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce,
802 0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f,
803 0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86,
804 0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb,
805 0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18,
806 0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65,
807 0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42,
808 0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b,
809 0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06,
810 0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24,
811 0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c,
812 0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4,
813 0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64,
814 0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03,
815 0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6,
816 0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90,
817 0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74,
818 0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67,
819 0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46,
820 0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78,
821 0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c
822};
823
824static const u8 T20[] = {
825 0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a,
826 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f
827};
828
829#define GCM128_TEST_VECTOR(n) \
830 { \
831 {sizeof(K##n), K##n}, \
832 {sizeof(IV##n), IV##n}, \
833 {sizeof(A##n), A##n}, \
834 {sizeof(P##n), P##n}, \
835 {sizeof(C##n), C##n}, \
836 {sizeof(T##n), T##n} \
837 }
838static struct gcm128_data {
839 const SIZED_DATA K;
840 const SIZED_DATA IV;
841 const SIZED_DATA A;
842 const SIZED_DATA P;
843 const SIZED_DATA C;
844 const SIZED_DATA T;
845} gcm128_vectors[] = {
846 GCM128_TEST_VECTOR(1),
847 GCM128_TEST_VECTOR(2),
848 GCM128_TEST_VECTOR(3),
849 GCM128_TEST_VECTOR(4),
850 GCM128_TEST_VECTOR(5),
851 GCM128_TEST_VECTOR(6),
852 GCM128_TEST_VECTOR(7),
853 GCM128_TEST_VECTOR(8),
854 GCM128_TEST_VECTOR(9),
855 GCM128_TEST_VECTOR(10),
856 GCM128_TEST_VECTOR(11),
857 GCM128_TEST_VECTOR(12),
858 GCM128_TEST_VECTOR(13),
859 GCM128_TEST_VECTOR(14),
860 GCM128_TEST_VECTOR(15),
861 GCM128_TEST_VECTOR(16),
862 GCM128_TEST_VECTOR(17),
863 GCM128_TEST_VECTOR(18),
864 GCM128_TEST_VECTOR(19),
865 GCM128_TEST_VECTOR(20)
866};
867
d836d71b 868static int test_gcm128(int idx)
f2ae2348 869{
d836d71b
EK		 870 unsigned char out[512];
871 SIZED_DATA K = gcm128_vectors[idx].K;
872 SIZED_DATA IV = gcm128_vectors[idx].IV;
873 SIZED_DATA A = gcm128_vectors[idx].A;
874 SIZED_DATA P = gcm128_vectors[idx].P;
875 SIZED_DATA C = gcm128_vectors[idx].C;
876 SIZED_DATA T = gcm128_vectors[idx].T;
877 GCM128_CONTEXT ctx;
878 AES_KEY key;
879 int err = 0;
880
881 /* Size 1 inputs are special-cased to signal NULL. */
882 if (A.size == 1)
883 A.data = NULL;
884 if (P.size == 1)
885 P.data = NULL;
886 if (C.size == 1)
887 C.data = NULL;
888
889 AES_set_encrypt_key(K.data, K.size * 8, &key);
890
891 CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt);
892 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
893 memset(out, 0, P.size);
894 if (A.data)
895 CRYPTO_gcm128_aad(&ctx, A.data, A.size);
896 if (P.data)
897 CRYPTO_gcm128_encrypt( &ctx, P.data, out, P.size);
898 if (CRYPTO_gcm128_finish(&ctx, T.data, 16)
899 || (C.data && memcmp(out, C.data, P.size)))
900 err++, fprintf(stderr, "encrypt test#%d failed.\n", idx);
901
902 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
903 memset(out, 0, P.size);
904 if (A.data)
905 CRYPTO_gcm128_aad(&ctx, A.data, A.size);
906 if (C.data)
907 CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size);
908 if (CRYPTO_gcm128_finish(&ctx, T.data, 16)
909 || (P.data && memcmp(out, P.data, P.size)))
910 err++, fprintf(stderr, "decrypt test#%d failed.\n", idx);
911
912 return err == 0;
913}
914
915static void benchmark_gcm128(const unsigned char *K, size_t Klen,
916 const unsigned char *IV, size_t IVlen)
917{
918#ifdef OPENSSL_CPUID_OBJ
919 GCM128_CONTEXT ctx;
920 AES_KEY key;
921 size_t start, gcm_t, ctr_t, OPENSSL_rdtsc();
922 union {
923 u64 u;
924 u8 c[1024];
925 } buf;
926
927 AES_set_encrypt_key(K, Klen * 8, &key);
928 CRYPTO_gcm128_init(&ctx, &key, (block128_f) AES_encrypt);
929 CRYPTO_gcm128_setiv(&ctx, IV, IVlen);
930
931 CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf));
932 start = OPENSSL_rdtsc();
933 CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf));
934 gcm_t = OPENSSL_rdtsc() - start;
935
936 CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf),
937 &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres,
938 (block128_f) AES_encrypt);
939 start = OPENSSL_rdtsc();
940 CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf),
941 &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres,
942 (block128_f) AES_encrypt);
943 ctr_t = OPENSSL_rdtsc() - start;
944
945 printf("%.2f-%.2f=%.2f\n",
946 gcm_t / (double)sizeof(buf),
947 ctr_t / (double)sizeof(buf),
948 (gcm_t - ctr_t) / (double)sizeof(buf));
949# ifdef GHASH
950 {
951 void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
952 const u8 *inp, size_t len) = ctx.ghash;
953
954 GHASH((&ctx), buf.c, sizeof(buf));
955 start = OPENSSL_rdtsc();
956 for (i = 0; i < 100; ++i)
957 GHASH((&ctx), buf.c, sizeof(buf));
958 gcm_t = OPENSSL_rdtsc() - start;
959 printf("%.2f\n", gcm_t / (double)sizeof(buf) / (double)i);
960 }
961# endif
962#else
963 fprintf(stderr,
964 "Benchmarking of modes isn't available on this platform\n");
965#endif
f2ae2348
RL		 966}
967
e364c3b2 968int test_main(int argc, char **argv)
f2ae2348
RL		 969{
970 int result = 0;
971 int iter_argv;
972 int benchmark = 0;
973
974 for (iter_argv = 1; iter_argv < argc; iter_argv++) {
975 if (strcmp(argv[iter_argv], "-b") == 0)
976 benchmark = 1;
977 else if (strcmp(argv[iter_argv], "-h") == 0)
978 goto help;
979 }
980
d836d71b
EK		 981 ADD_ALL_TESTS(test_cts128, OSSL_NELEM(cts128_vectors));
982 ADD_ALL_TESTS(test_cts128_nist, OSSL_NELEM(cts128_vectors));
983 ADD_ALL_TESTS(test_gcm128, OSSL_NELEM(gcm128_vectors));
f2ae2348
RL		 984
985 result = run_tests(argv[0]);
986
987 if (benchmark)
988 benchmark_gcm128(K1, sizeof(K1), IV1, sizeof(IV1));
989
990 return result;
991
992 help:
993 printf("-h\tThis help\n");
994 printf("-b\tBenchmark gcm128 in addition to the tests\n");
995
996 return 0;
997}
A mirror of the official openssl repository