]>
Commit | Line | Data |
---|---|---|
f2ae2348 | 1 | /* |
ad887416 | 2 | * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. |
f2ae2348 RL |
3 | * |
4 | * Licensed under the OpenSSL license (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | /* Internal tests for the modes module */ | |
11 | ||
12 | #include <stdio.h> | |
13 | #include <string.h> | |
14 | ||
15 | #include <openssl/aes.h> | |
16 | #include <openssl/modes.h> | |
17 | #include "../crypto/modes/modes_lcl.h" | |
18 | #include "testutil.h" | |
19 | #include "e_os.h" | |
20 | ||
21 | typedef struct { | |
22 | size_t size; | |
23 | const unsigned char *data; | |
24 | } SIZED_DATA; | |
25 | ||
26 | /********************************************************************** | |
27 | * | |
28 | * Test of cts128 | |
29 | * | |
30 | ***/ | |
31 | ||
f2ae2348 RL |
32 | /* cts128 test vectors from RFC 3962 */ |
33 | static const unsigned char cts128_test_key[16] = "chicken teriyaki"; | |
34 | static const unsigned char cts128_test_input[64] = | |
35 | "I would like the" " General Gau's C" | |
36 | "hicken, please, " "and wonton soup."; | |
37 | static const unsigned char cts128_test_iv[] = | |
38 | { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; | |
39 | ||
40 | static const unsigned char vector_17[17] = { | |
41 | 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, | |
42 | 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f, | |
43 | 0x97 | |
44 | }; | |
45 | ||
46 | static const unsigned char vector_31[31] = { | |
47 | 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, | |
48 | 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22, | |
49 | 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, | |
50 | 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 | |
51 | }; | |
52 | ||
53 | static const unsigned char vector_32[32] = { | |
54 | 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, | |
55 | 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, | |
56 | 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, | |
57 | 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 | |
58 | }; | |
59 | ||
60 | static const unsigned char vector_47[47] = { | |
61 | 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, | |
62 | 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, | |
63 | 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, | |
64 | 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e, | |
65 | 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, | |
66 | 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 | |
67 | }; | |
68 | ||
69 | static const unsigned char vector_48[48] = { | |
70 | 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, | |
71 | 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, | |
72 | 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, | |
73 | 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8, | |
74 | 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, | |
75 | 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 | |
76 | }; | |
77 | ||
78 | static const unsigned char vector_64[64] = { | |
79 | 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, | |
80 | 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, | |
81 | 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, | |
82 | 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, | |
83 | 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, | |
84 | 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40, | |
85 | 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, | |
86 | 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 | |
87 | }; | |
88 | ||
89 | #define CTS128_TEST_VECTOR(len) \ | |
90 | { \ | |
91 | sizeof(vector_##len), vector_##len \ | |
92 | } | |
93 | static const SIZED_DATA cts128_vectors[] = { | |
94 | CTS128_TEST_VECTOR(17), | |
95 | CTS128_TEST_VECTOR(31), | |
96 | CTS128_TEST_VECTOR(32), | |
97 | CTS128_TEST_VECTOR(47), | |
98 | CTS128_TEST_VECTOR(48), | |
99 | CTS128_TEST_VECTOR(64), | |
100 | }; | |
101 | ||
102 | static AES_KEY *cts128_encrypt_key_schedule() | |
103 | { | |
104 | static int init_key = 1; | |
105 | static AES_KEY ks; | |
106 | ||
107 | if (init_key) { | |
108 | AES_set_encrypt_key(cts128_test_key, 128, &ks); | |
109 | init_key = 0; | |
110 | } | |
111 | return &ks; | |
112 | } | |
113 | ||
114 | static AES_KEY *cts128_decrypt_key_schedule() | |
115 | { | |
116 | static int init_key = 1; | |
117 | static AES_KEY ks; | |
118 | ||
119 | if (init_key) { | |
120 | AES_set_decrypt_key(cts128_test_key, 128, &ks); | |
121 | init_key = 0; | |
122 | } | |
123 | return &ks; | |
124 | } | |
125 | ||
d836d71b EK |
126 | typedef struct { |
127 | const char *case_name; | |
128 | int num; | |
129 | size_t (*transform_output)(const unsigned char *in, unsigned char *out, | |
130 | size_t len); | |
131 | size_t (*encrypt_block)(const unsigned char *in, | |
132 | unsigned char *out, size_t len, | |
133 | const void *key, unsigned char ivec[16], | |
134 | block128_f block); | |
135 | size_t (*encrypt)(const unsigned char *in, unsigned char *out, | |
136 | size_t len, const void *key, | |
137 | unsigned char ivec[16], cbc128_f cbc); | |
138 | size_t (*decrypt_block)(const unsigned char *in, | |
139 | unsigned char *out, size_t len, | |
140 | const void *key, unsigned char ivec[16], | |
141 | block128_f block); | |
142 | size_t (*decrypt)(const unsigned char *in, unsigned char *out, | |
143 | size_t len, const void *key, | |
144 | unsigned char ivec[16], cbc128_f cbc); | |
145 | } CTS128_FIXTURE; | |
146 | ||
147 | ||
148 | static CTS128_FIXTURE setup_cts128(const char *const test_case_name) | |
149 | { | |
150 | CTS128_FIXTURE fixture; | |
151 | fixture.case_name = test_case_name; | |
152 | return fixture; | |
153 | } | |
154 | ||
155 | static size_t transform_output(const unsigned char *in, unsigned char *out, | |
156 | size_t len) | |
157 | { | |
158 | size_t tail; | |
159 | ||
160 | memcpy(out, in, len); | |
161 | if ((tail = len % 16) == 0) | |
162 | tail = 16; | |
163 | tail += 16; | |
164 | ||
165 | return tail; | |
166 | } | |
167 | ||
168 | static size_t transform_output_nist(const unsigned char *in, unsigned char *out, | |
169 | size_t len) | |
170 | { | |
171 | size_t tail; | |
172 | ||
173 | if ((tail = len % 16) == 0) | |
174 | tail = 16; | |
175 | len -= 16 + tail; | |
176 | memcpy(out, in, len); | |
177 | /* flip two last blocks */ | |
178 | memcpy(out + len, in + len + 16, tail); | |
179 | memcpy(out + len + tail, in + len, 16); | |
180 | len += 16 + tail; | |
181 | tail = 16; | |
182 | ||
183 | return tail; | |
184 | } | |
185 | ||
186 | static int execute_cts128(CTS128_FIXTURE fixture) | |
187 | { | |
188 | const unsigned char *test_iv = cts128_test_iv; | |
189 | size_t test_iv_len = sizeof(cts128_test_iv); | |
190 | const unsigned char *orig_vector = cts128_vectors[fixture.num].data; | |
191 | size_t len = cts128_vectors[fixture.num].size; | |
192 | const unsigned char *test_input = cts128_test_input; | |
193 | const AES_KEY *encrypt_key_schedule = cts128_encrypt_key_schedule(); | |
194 | const AES_KEY *decrypt_key_schedule = cts128_decrypt_key_schedule(); | |
195 | unsigned char iv[16]; | |
196 | /* The largest test inputs are = 64 bytes. */ | |
197 | unsigned char cleartext[64], ciphertext[64], vector[64]; | |
198 | size_t tail; | |
199 | ||
f3ab6c16 | 200 | TEST_info("%s_vector_%lu", fixture.case_name, (unsigned long)len); |
d836d71b EK |
201 | |
202 | tail = fixture.transform_output(orig_vector, vector, len); | |
203 | ||
204 | /* test block-based encryption */ | |
205 | memcpy(iv, test_iv, test_iv_len); | |
206 | fixture.encrypt_block(test_input, ciphertext, len, | |
207 | encrypt_key_schedule, iv, | |
208 | (block128_f)AES_encrypt); | |
f3ab6c16 | 209 | if (!TEST_mem_eq(ciphertext, len, vector, len)) |
d836d71b | 210 | return 0; |
f3ab6c16 RS |
211 | |
212 | if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) | |
d836d71b | 213 | return 0; |
d836d71b EK |
214 | |
215 | /* test block-based decryption */ | |
216 | memcpy(iv, test_iv, test_iv_len); | |
217 | fixture.decrypt_block(ciphertext, cleartext, len, | |
218 | decrypt_key_schedule, iv, | |
219 | (block128_f)AES_decrypt); | |
f3ab6c16 | 220 | if (!TEST_mem_eq(cleartext, len, test_input, len)) |
d836d71b | 221 | return 0; |
f3ab6c16 | 222 | if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) |
d836d71b | 223 | return 0; |
d836d71b EK |
224 | |
225 | /* test streamed encryption */ | |
226 | memcpy(iv, test_iv, test_iv_len); | |
227 | fixture.encrypt(test_input, ciphertext, len, encrypt_key_schedule, | |
228 | iv, (cbc128_f) AES_cbc_encrypt); | |
f3ab6c16 | 229 | if (!TEST_mem_eq(ciphertext, len, vector, len)) |
d836d71b | 230 | return 0; |
f3ab6c16 | 231 | if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) |
d836d71b | 232 | return 0; |
d836d71b EK |
233 | |
234 | /* test streamed decryption */ | |
235 | memcpy(iv, test_iv, test_iv_len); | |
236 | fixture.decrypt(ciphertext, cleartext, len, decrypt_key_schedule, iv, | |
237 | (cbc128_f)AES_cbc_encrypt); | |
f3ab6c16 | 238 | if (!TEST_mem_eq(cleartext, len, test_input, len)) |
d836d71b | 239 | return 0; |
f3ab6c16 | 240 | if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) |
d836d71b | 241 | return 0; |
d836d71b EK |
242 | |
243 | return 1; | |
244 | } | |
245 | ||
246 | static int test_cts128(int idx) | |
f2ae2348 RL |
247 | { |
248 | SETUP_TEST_FIXTURE(CTS128_FIXTURE, setup_cts128); | |
d836d71b EK |
249 | fixture.transform_output = transform_output; |
250 | fixture.encrypt_block = CRYPTO_cts128_encrypt_block; | |
251 | fixture.encrypt = CRYPTO_cts128_encrypt; | |
252 | fixture.decrypt_block = CRYPTO_cts128_decrypt_block; | |
253 | fixture.decrypt = CRYPTO_cts128_decrypt; | |
254 | fixture.case_name = "cts128"; | |
f2ae2348 | 255 | fixture.num = idx; |
d836d71b | 256 | EXECUTE_TEST_NO_TEARDOWN(execute_cts128); |
f2ae2348 RL |
257 | } |
258 | ||
d836d71b | 259 | static int test_cts128_nist(int idx) |
f2ae2348 RL |
260 | { |
261 | SETUP_TEST_FIXTURE(CTS128_FIXTURE, setup_cts128); | |
d836d71b EK |
262 | fixture.transform_output = transform_output_nist; |
263 | fixture.encrypt_block = CRYPTO_nistcts128_encrypt_block; | |
264 | fixture.encrypt = CRYPTO_nistcts128_encrypt; | |
265 | fixture.decrypt_block = CRYPTO_nistcts128_decrypt_block; | |
266 | fixture.decrypt = CRYPTO_nistcts128_decrypt; | |
267 | fixture.case_name = "cts128_nist"; | |
f2ae2348 | 268 | fixture.num = idx; |
d836d71b | 269 | EXECUTE_TEST_NO_TEARDOWN(execute_cts128); |
f2ae2348 RL |
270 | } |
271 | ||
f3ab6c16 | 272 | /* |
d836d71b EK |
273 | * |
274 | * Test of gcm128 | |
275 | * | |
f3ab6c16 | 276 | */ |
d836d71b | 277 | |
f2ae2348 RL |
278 | /* Test Case 1 */ |
279 | static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 }; | |
280 | static const u8 T1[] = { | |
281 | 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, | |
282 | 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a | |
283 | }; | |
284 | ||
285 | /* Test Case 2 */ | |
286 | # define K2 K1 | |
287 | # define A2 A1 | |
288 | # define IV2 IV1 | |
289 | static const u8 P2[16]; | |
290 | static const u8 C2[] = { | |
291 | 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, | |
292 | 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 | |
293 | }; | |
294 | ||
295 | static const u8 T2[] = { | |
296 | 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd, | |
297 | 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf | |
298 | }; | |
299 | ||
300 | /* Test Case 3 */ | |
301 | # define A3 A2 | |
302 | static const u8 K3[] = { | |
303 | 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, | |
304 | 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 | |
305 | }; | |
306 | ||
307 | static const u8 P3[] = { | |
308 | 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, | |
309 | 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, | |
310 | 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, | |
311 | 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, | |
312 | 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, | |
313 | 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, | |
314 | 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, | |
315 | 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 | |
316 | }; | |
317 | ||
318 | static const u8 IV3[] = { | |
319 | 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, | |
320 | 0xde, 0xca, 0xf8, 0x88 | |
321 | }; | |
322 | ||
323 | static const u8 C3[] = { | |
324 | 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, | |
325 | 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, | |
326 | 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, | |
327 | 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, | |
328 | 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, | |
329 | 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, | |
330 | 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, | |
331 | 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 | |
332 | }; | |
333 | ||
334 | static const u8 T3[] = { | |
335 | 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6, | |
336 | 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 | |
337 | }; | |
338 | ||
339 | /* Test Case 4 */ | |
340 | # define K4 K3 | |
341 | # define IV4 IV3 | |
342 | static const u8 P4[] = { | |
343 | 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, | |
344 | 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, | |
345 | 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, | |
346 | 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, | |
347 | 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, | |
348 | 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, | |
349 | 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, | |
350 | 0xba, 0x63, 0x7b, 0x39 | |
351 | }; | |
352 | ||
353 | static const u8 A4[] = { | |
354 | 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, | |
355 | 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, | |
356 | 0xab, 0xad, 0xda, 0xd2 | |
357 | }; | |
358 | ||
359 | static const u8 C4[] = { | |
360 | 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, | |
361 | 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, | |
362 | 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, | |
363 | 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, | |
364 | 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, | |
365 | 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, | |
366 | 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, | |
367 | 0x3d, 0x58, 0xe0, 0x91 | |
368 | }; | |
369 | ||
370 | static const u8 T4[] = { | |
371 | 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, | |
372 | 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 | |
373 | }; | |
374 | ||
375 | /* Test Case 5 */ | |
376 | # define K5 K4 | |
377 | # define P5 P4 | |
378 | # define A5 A4 | |
379 | static const u8 IV5[] = { | |
380 | 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad | |
381 | }; | |
382 | ||
383 | static const u8 C5[] = { | |
384 | 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a, | |
385 | 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55, | |
386 | 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8, | |
387 | 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23, | |
388 | 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2, | |
389 | 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42, | |
390 | 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07, | |
391 | 0xc2, 0x3f, 0x45, 0x98 | |
392 | }; | |
393 | ||
394 | static const u8 T5[] = { | |
395 | 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85, | |
396 | 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb | |
397 | }; | |
398 | ||
399 | /* Test Case 6 */ | |
400 | # define K6 K5 | |
401 | # define P6 P5 | |
402 | # define A6 A5 | |
403 | static const u8 IV6[] = { | |
404 | 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, | |
405 | 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, | |
406 | 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, | |
407 | 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, | |
408 | 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, | |
409 | 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, | |
410 | 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, | |
411 | 0xa6, 0x37, 0xb3, 0x9b | |
412 | }; | |
413 | ||
414 | static const u8 C6[] = { | |
415 | 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6, | |
416 | 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94, | |
417 | 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8, | |
418 | 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7, | |
419 | 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90, | |
420 | 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f, | |
421 | 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03, | |
422 | 0x4c, 0x34, 0xae, 0xe5 | |
423 | }; | |
424 | ||
425 | static const u8 T6[] = { | |
426 | 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa, | |
427 | 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50 | |
428 | }; | |
429 | ||
430 | /* Test Case 7 */ | |
431 | static const u8 K7[24], P7[] = { 0 }, A7[] = { 0 }, IV7[12], C7[] = { 0 }; | |
432 | static const u8 T7[] = { | |
433 | 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b, | |
434 | 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 | |
435 | }; | |
436 | ||
437 | /* Test Case 8 */ | |
438 | # define K8 K7 | |
439 | # define IV8 IV7 | |
440 | # define A8 A7 | |
441 | static const u8 P8[16]; | |
442 | static const u8 C8[] = { | |
443 | 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41, | |
444 | 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 | |
445 | }; | |
446 | ||
447 | static const u8 T8[] = { | |
448 | 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab, | |
449 | 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb | |
450 | }; | |
451 | ||
452 | /* Test Case 9 */ | |
453 | # define A9 A8 | |
454 | static const u8 K9[] = { | |
455 | 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, | |
456 | 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, | |
457 | 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c | |
458 | }; | |
459 | ||
460 | static const u8 P9[] = { | |
461 | 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, | |
462 | 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, | |
463 | 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, | |
464 | 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, | |
465 | 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, | |
466 | 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, | |
467 | 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, | |
468 | 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 | |
469 | }; | |
470 | ||
471 | static const u8 IV9[] = { | |
472 | 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, | |
473 | 0xde, 0xca, 0xf8, 0x88 | |
474 | }; | |
475 | ||
476 | static const u8 C9[] = { | |
477 | 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, | |
478 | 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, | |
479 | 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, | |
480 | 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, | |
481 | 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, | |
482 | 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, | |
483 | 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, | |
484 | 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 | |
485 | }; | |
486 | ||
487 | static const u8 T9[] = { | |
488 | 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf, | |
489 | 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 | |
490 | }; | |
491 | ||
492 | /* Test Case 10 */ | |
493 | # define K10 K9 | |
494 | # define IV10 IV9 | |
495 | static const u8 P10[] = { | |
496 | 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, | |
497 | 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, | |
498 | 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, | |
499 | 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, | |
500 | 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, | |
501 | 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, | |
502 | 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, | |
503 | 0xba, 0x63, 0x7b, 0x39 | |
504 | }; | |
505 | ||
506 | static const u8 A10[] = { | |
507 | 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, | |
508 | 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, | |
509 | 0xab, 0xad, 0xda, 0xd2 | |
510 | }; | |
511 | ||
512 | static const u8 C10[] = { | |
513 | 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, | |
514 | 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, | |
515 | 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, | |
516 | 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, | |
517 | 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, | |
518 | 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, | |
519 | 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, | |
520 | 0xcc, 0xda, 0x27, 0x10 | |
521 | }; | |
522 | ||
523 | static const u8 T10[] = { | |
524 | 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f, | |
525 | 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c | |
526 | }; | |
527 | ||
528 | /* Test Case 11 */ | |
529 | # define K11 K10 | |
530 | # define P11 P10 | |
531 | # define A11 A10 | |
532 | static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad }; | |
533 | ||
534 | static const u8 C11[] = { | |
535 | 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54, | |
536 | 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8, | |
537 | 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f, | |
538 | 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57, | |
539 | 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75, | |
540 | 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9, | |
541 | 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f, | |
542 | 0xa0, 0xf0, 0x62, 0xf7 | |
543 | }; | |
544 | ||
545 | static const u8 T11[] = { | |
546 | 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24, | |
547 | 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8 | |
548 | }; | |
549 | ||
550 | /* Test Case 12 */ | |
551 | # define K12 K11 | |
552 | # define P12 P11 | |
553 | # define A12 A11 | |
554 | static const u8 IV12[] = { | |
555 | 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, | |
556 | 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, | |
557 | 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, | |
558 | 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, | |
559 | 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, | |
560 | 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, | |
561 | 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, | |
562 | 0xa6, 0x37, 0xb3, 0x9b | |
563 | }; | |
564 | ||
565 | static const u8 C12[] = { | |
566 | 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c, | |
567 | 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff, | |
568 | 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef, | |
569 | 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45, | |
570 | 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9, | |
571 | 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3, | |
572 | 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7, | |
573 | 0xe9, 0xb7, 0x37, 0x3b | |
574 | }; | |
575 | ||
576 | static const u8 T12[] = { | |
577 | 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb, | |
578 | 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 | |
579 | }; | |
580 | ||
581 | /* Test Case 13 */ | |
582 | static const u8 K13[32], P13[] = { 0 }, A13[] = { 0 }, IV13[12], C13[] = { 0 }; | |
583 | static const u8 T13[] = { | |
584 | 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9, | |
585 | 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b | |
586 | }; | |
587 | ||
588 | /* Test Case 14 */ | |
589 | # define K14 K13 | |
590 | # define A14 A13 | |
591 | static const u8 P14[16], IV14[12]; | |
592 | static const u8 C14[] = { | |
593 | 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, | |
594 | 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 | |
595 | }; | |
596 | ||
597 | static const u8 T14[] = { | |
598 | 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, | |
599 | 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 | |
600 | }; | |
601 | ||
602 | /* Test Case 15 */ | |
603 | # define A15 A14 | |
604 | static const u8 K15[] = { | |
605 | 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, | |
606 | 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, | |
607 | 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, | |
608 | 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 | |
609 | }; | |
610 | ||
611 | static const u8 P15[] = { | |
612 | 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, | |
613 | 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, | |
614 | 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, | |
615 | 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, | |
616 | 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, | |
617 | 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, | |
618 | 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, | |
619 | 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 | |
620 | }; | |
621 | ||
622 | static const u8 IV15[] = { | |
623 | 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, | |
624 | 0xde, 0xca, 0xf8, 0x88 | |
625 | }; | |
626 | ||
627 | static const u8 C15[] = { | |
628 | 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, | |
629 | 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, | |
630 | 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, | |
631 | 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, | |
632 | 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, | |
633 | 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, | |
634 | 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, | |
635 | 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad | |
636 | }; | |
637 | ||
638 | static const u8 T15[] = { | |
639 | 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd, | |
640 | 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c | |
641 | }; | |
642 | ||
643 | /* Test Case 16 */ | |
644 | # define K16 K15 | |
645 | # define IV16 IV15 | |
646 | static const u8 P16[] = { | |
647 | 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, | |
648 | 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, | |
649 | 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, | |
650 | 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, | |
651 | 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, | |
652 | 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, | |
653 | 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, | |
654 | 0xba, 0x63, 0x7b, 0x39 | |
655 | }; | |
656 | ||
657 | static const u8 A16[] = { | |
658 | 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, | |
659 | 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, | |
660 | 0xab, 0xad, 0xda, 0xd2 | |
661 | }; | |
662 | ||
663 | static const u8 C16[] = { | |
664 | 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, | |
665 | 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, | |
666 | 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, | |
667 | 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, | |
668 | 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, | |
669 | 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, | |
670 | 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, | |
671 | 0xbc, 0xc9, 0xf6, 0x62 | |
672 | }; | |
673 | ||
674 | static const u8 T16[] = { | |
675 | 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, | |
676 | 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b | |
677 | }; | |
678 | ||
679 | /* Test Case 17 */ | |
680 | # define K17 K16 | |
681 | # define P17 P16 | |
682 | # define A17 A16 | |
683 | static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad }; | |
684 | ||
685 | static const u8 C17[] = { | |
686 | 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, | |
687 | 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb, | |
688 | 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, | |
689 | 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, | |
690 | 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0, | |
691 | 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, | |
692 | 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, | |
693 | 0xf4, 0x7c, 0x9b, 0x1f | |
694 | }; | |
695 | ||
696 | static const u8 T17[] = { | |
697 | 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, | |
698 | 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2 | |
699 | }; | |
700 | ||
701 | /* Test Case 18 */ | |
702 | # define K18 K17 | |
703 | # define P18 P17 | |
704 | # define A18 A17 | |
705 | static const u8 IV18[] = { | |
706 | 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, | |
707 | 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, | |
708 | 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, | |
709 | 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, | |
710 | 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, | |
711 | 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, | |
712 | 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, | |
713 | 0xa6, 0x37, 0xb3, 0x9b | |
714 | }; | |
715 | ||
716 | static const u8 C18[] = { | |
717 | 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1, | |
718 | 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20, | |
719 | 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19, | |
720 | 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4, | |
721 | 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45, | |
722 | 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde, | |
723 | 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e, | |
724 | 0x44, 0xae, 0x7e, 0x3f | |
725 | }; | |
726 | ||
727 | static const u8 T18[] = { | |
728 | 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0, | |
729 | 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a | |
730 | }; | |
731 | ||
732 | /* Test Case 19 */ | |
733 | # define K19 K1 | |
734 | # define P19 P1 | |
735 | # define IV19 IV1 | |
736 | # define C19 C1 | |
737 | static const u8 A19[] = { | |
738 | 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, | |
739 | 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, | |
740 | 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, | |
741 | 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, | |
742 | 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, | |
743 | 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, | |
744 | 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, | |
745 | 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55, | |
746 | 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, | |
747 | 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, | |
748 | 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, | |
749 | 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, | |
750 | 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, | |
751 | 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, | |
752 | 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, | |
753 | 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad | |
754 | }; | |
755 | ||
756 | static const u8 T19[] = { | |
757 | 0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d, | |
758 | 0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92 | |
759 | }; | |
760 | ||
761 | /* Test Case 20 */ | |
762 | # define K20 K1 | |
763 | # define A20 A1 | |
764 | /* this results in 0xff in counter LSB */ | |
765 | static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff }; | |
766 | ||
767 | static const u8 P20[288]; | |
768 | static const u8 C20[] = { | |
769 | 0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a, | |
770 | 0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14, | |
771 | 0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce, | |
772 | 0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f, | |
773 | 0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70, | |
774 | 0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18, | |
775 | 0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf, | |
776 | 0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49, | |
777 | 0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab, | |
778 | 0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c, | |
779 | 0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c, | |
780 | 0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29, | |
781 | 0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1, | |
782 | 0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76, | |
783 | 0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2, | |
784 | 0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce, | |
785 | 0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f, | |
786 | 0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86, | |
787 | 0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb, | |
788 | 0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18, | |
789 | 0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65, | |
790 | 0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42, | |
791 | 0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b, | |
792 | 0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06, | |
793 | 0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24, | |
794 | 0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c, | |
795 | 0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4, | |
796 | 0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64, | |
797 | 0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03, | |
798 | 0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6, | |
799 | 0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90, | |
800 | 0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74, | |
801 | 0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67, | |
802 | 0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46, | |
803 | 0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78, | |
804 | 0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c | |
805 | }; | |
806 | ||
807 | static const u8 T20[] = { | |
808 | 0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a, | |
809 | 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f | |
810 | }; | |
811 | ||
812 | #define GCM128_TEST_VECTOR(n) \ | |
813 | { \ | |
814 | {sizeof(K##n), K##n}, \ | |
815 | {sizeof(IV##n), IV##n}, \ | |
816 | {sizeof(A##n), A##n}, \ | |
817 | {sizeof(P##n), P##n}, \ | |
818 | {sizeof(C##n), C##n}, \ | |
819 | {sizeof(T##n), T##n} \ | |
820 | } | |
821 | static struct gcm128_data { | |
822 | const SIZED_DATA K; | |
823 | const SIZED_DATA IV; | |
824 | const SIZED_DATA A; | |
825 | const SIZED_DATA P; | |
826 | const SIZED_DATA C; | |
827 | const SIZED_DATA T; | |
828 | } gcm128_vectors[] = { | |
829 | GCM128_TEST_VECTOR(1), | |
830 | GCM128_TEST_VECTOR(2), | |
831 | GCM128_TEST_VECTOR(3), | |
832 | GCM128_TEST_VECTOR(4), | |
833 | GCM128_TEST_VECTOR(5), | |
834 | GCM128_TEST_VECTOR(6), | |
835 | GCM128_TEST_VECTOR(7), | |
836 | GCM128_TEST_VECTOR(8), | |
837 | GCM128_TEST_VECTOR(9), | |
838 | GCM128_TEST_VECTOR(10), | |
839 | GCM128_TEST_VECTOR(11), | |
840 | GCM128_TEST_VECTOR(12), | |
841 | GCM128_TEST_VECTOR(13), | |
842 | GCM128_TEST_VECTOR(14), | |
843 | GCM128_TEST_VECTOR(15), | |
844 | GCM128_TEST_VECTOR(16), | |
845 | GCM128_TEST_VECTOR(17), | |
846 | GCM128_TEST_VECTOR(18), | |
847 | GCM128_TEST_VECTOR(19), | |
848 | GCM128_TEST_VECTOR(20) | |
849 | }; | |
850 | ||
d836d71b | 851 | static int test_gcm128(int idx) |
f2ae2348 | 852 | { |
d836d71b EK |
853 | unsigned char out[512]; |
854 | SIZED_DATA K = gcm128_vectors[idx].K; | |
855 | SIZED_DATA IV = gcm128_vectors[idx].IV; | |
856 | SIZED_DATA A = gcm128_vectors[idx].A; | |
857 | SIZED_DATA P = gcm128_vectors[idx].P; | |
858 | SIZED_DATA C = gcm128_vectors[idx].C; | |
859 | SIZED_DATA T = gcm128_vectors[idx].T; | |
860 | GCM128_CONTEXT ctx; | |
861 | AES_KEY key; | |
d836d71b EK |
862 | |
863 | /* Size 1 inputs are special-cased to signal NULL. */ | |
864 | if (A.size == 1) | |
865 | A.data = NULL; | |
866 | if (P.size == 1) | |
867 | P.data = NULL; | |
868 | if (C.size == 1) | |
869 | C.data = NULL; | |
870 | ||
871 | AES_set_encrypt_key(K.data, K.size * 8, &key); | |
872 | ||
873 | CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt); | |
874 | CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size); | |
875 | memset(out, 0, P.size); | |
f3ab6c16 | 876 | if (A.data != NULL) |
d836d71b | 877 | CRYPTO_gcm128_aad(&ctx, A.data, A.size); |
f3ab6c16 | 878 | if (P.data != NULL) |
d836d71b | 879 | CRYPTO_gcm128_encrypt( &ctx, P.data, out, P.size); |
f3ab6c16 RS |
880 | if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16)) |
881 | || (C.data != NULL | |
882 | && !TEST_mem_eq(out, P.size, C.data, P.size))) | |
883 | return 0; | |
d836d71b EK |
884 | |
885 | CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size); | |
886 | memset(out, 0, P.size); | |
f3ab6c16 | 887 | if (A.data != NULL) |
d836d71b | 888 | CRYPTO_gcm128_aad(&ctx, A.data, A.size); |
f3ab6c16 | 889 | if (C.data != NULL) |
d836d71b | 890 | CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size); |
f3ab6c16 RS |
891 | if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16)) |
892 | || (P.data != NULL | |
893 | && !TEST_mem_eq(out, P.size, P.data, P.size))) | |
894 | return 0; | |
d836d71b | 895 | |
f3ab6c16 | 896 | return 1; |
d836d71b EK |
897 | } |
898 | ||
899 | static void benchmark_gcm128(const unsigned char *K, size_t Klen, | |
900 | const unsigned char *IV, size_t IVlen) | |
901 | { | |
902 | #ifdef OPENSSL_CPUID_OBJ | |
903 | GCM128_CONTEXT ctx; | |
904 | AES_KEY key; | |
905 | size_t start, gcm_t, ctr_t, OPENSSL_rdtsc(); | |
906 | union { | |
907 | u64 u; | |
908 | u8 c[1024]; | |
909 | } buf; | |
910 | ||
911 | AES_set_encrypt_key(K, Klen * 8, &key); | |
912 | CRYPTO_gcm128_init(&ctx, &key, (block128_f) AES_encrypt); | |
913 | CRYPTO_gcm128_setiv(&ctx, IV, IVlen); | |
914 | ||
915 | CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf)); | |
916 | start = OPENSSL_rdtsc(); | |
917 | CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf)); | |
918 | gcm_t = OPENSSL_rdtsc() - start; | |
919 | ||
920 | CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf), | |
921 | &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres, | |
922 | (block128_f) AES_encrypt); | |
923 | start = OPENSSL_rdtsc(); | |
924 | CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf), | |
925 | &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres, | |
926 | (block128_f) AES_encrypt); | |
927 | ctr_t = OPENSSL_rdtsc() - start; | |
928 | ||
929 | printf("%.2f-%.2f=%.2f\n", | |
930 | gcm_t / (double)sizeof(buf), | |
931 | ctr_t / (double)sizeof(buf), | |
932 | (gcm_t - ctr_t) / (double)sizeof(buf)); | |
933 | # ifdef GHASH | |
934 | { | |
935 | void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], | |
936 | const u8 *inp, size_t len) = ctx.ghash; | |
937 | ||
938 | GHASH((&ctx), buf.c, sizeof(buf)); | |
939 | start = OPENSSL_rdtsc(); | |
940 | for (i = 0; i < 100; ++i) | |
941 | GHASH((&ctx), buf.c, sizeof(buf)); | |
942 | gcm_t = OPENSSL_rdtsc() - start; | |
943 | printf("%.2f\n", gcm_t / (double)sizeof(buf) / (double)i); | |
944 | } | |
945 | # endif | |
946 | #else | |
947 | fprintf(stderr, | |
948 | "Benchmarking of modes isn't available on this platform\n"); | |
949 | #endif | |
f2ae2348 RL |
950 | } |
951 | ||
ad887416 | 952 | int setup_tests(void) |
f2ae2348 | 953 | { |
ad887416 P |
954 | if (test_has_option("-h")) { |
955 | printf("-h\tThis help\n"); | |
956 | printf("-b\tBenchmark gcm128 in addition to the tests\n"); | |
957 | return 1; | |
f2ae2348 RL |
958 | } |
959 | ||
d836d71b EK |
960 | ADD_ALL_TESTS(test_cts128, OSSL_NELEM(cts128_vectors)); |
961 | ADD_ALL_TESTS(test_cts128_nist, OSSL_NELEM(cts128_vectors)); | |
962 | ADD_ALL_TESTS(test_gcm128, OSSL_NELEM(gcm128_vectors)); | |
ad887416 P |
963 | return 1; |
964 | } | |
f2ae2348 | 965 | |
ad887416 P |
966 | void cleanup_tests(void) |
967 | { | |
968 | if (test_has_option("-b")) | |
f2ae2348 | 969 | benchmark_gcm128(K1, sizeof(K1), IV1, sizeof(IV1)); |
f2ae2348 | 970 | } |