2 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* Internal tests for the modes module */
13 * This file uses the low level AES functions (which are deprecated for
14 * non-internal use) in order to test the modes code
16 #include "internal/deprecated.h"
21 #include <openssl/aes.h>
22 #include <openssl/modes.h>
24 #include "crypto/modes.h"
25 #include "internal/nelem.h"
29 const unsigned char *data
;
32 /**********************************************************************
38 /* cts128 test vectors from RFC 3962 */
39 static const unsigned char cts128_test_key
[16] = "chicken teriyaki";
40 static const unsigned char cts128_test_input
[64] =
41 "I would like the" " General Gau's C"
42 "hicken, please, " "and wonton soup.";
43 static const unsigned char cts128_test_iv
[] =
44 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
46 static const unsigned char vector_17
[17] = {
47 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
48 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
52 static const unsigned char vector_31
[31] = {
53 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
54 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
55 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
56 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
59 static const unsigned char vector_32
[32] = {
60 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
61 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
62 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
63 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
66 static const unsigned char vector_47
[47] = {
67 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
68 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
69 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
70 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
71 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
72 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
75 static const unsigned char vector_48
[48] = {
76 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
77 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
78 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
79 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
80 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
81 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
84 static const unsigned char vector_64
[64] = {
85 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
86 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
87 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
88 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
89 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
90 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
91 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
92 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
95 #define CTS128_TEST_VECTOR(len) \
97 sizeof(vector_##len), vector_##len \
99 static const SIZED_DATA aes_cts128_vectors
[] = {
100 CTS128_TEST_VECTOR(17),
101 CTS128_TEST_VECTOR(31),
102 CTS128_TEST_VECTOR(32),
103 CTS128_TEST_VECTOR(47),
104 CTS128_TEST_VECTOR(48),
105 CTS128_TEST_VECTOR(64),
108 static AES_KEY
*cts128_encrypt_key_schedule(void)
110 static int init_key
= 1;
114 AES_set_encrypt_key(cts128_test_key
, 128, &ks
);
120 static AES_KEY
*cts128_decrypt_key_schedule(void)
122 static int init_key
= 1;
126 AES_set_decrypt_key(cts128_test_key
, 128, &ks
);
133 const char *case_name
;
134 size_t (*last_blocks_correction
)(const unsigned char *in
,
135 unsigned char *out
, size_t len
);
136 size_t (*encrypt_block
)(const unsigned char *in
,
137 unsigned char *out
, size_t len
,
138 const void *key
, unsigned char ivec
[16],
140 size_t (*encrypt_stream
)(const unsigned char *in
, unsigned char *out
,
141 size_t len
, const void *key
,
142 unsigned char ivec
[16], cbc128_f cbc
);
143 size_t (*decrypt_block
)(const unsigned char *in
,
144 unsigned char *out
, size_t len
,
145 const void *key
, unsigned char ivec
[16],
147 size_t (*decrypt_stream
)(const unsigned char *in
, unsigned char *out
,
148 size_t len
, const void *key
,
149 unsigned char ivec
[16], cbc128_f cbc
);
152 static size_t last_blocks_correction(const unsigned char *in
,
153 unsigned char *out
, size_t len
)
157 memcpy(out
, in
, len
);
158 if ((tail
= len
% 16) == 0)
165 static size_t last_blocks_correction_nist(const unsigned char *in
,
166 unsigned char *out
, size_t len
)
170 if ((tail
= len
% 16) == 0)
173 memcpy(out
, in
, len
);
174 /* flip two last blocks */
175 memcpy(out
+ len
, in
+ len
+ 16, tail
);
176 memcpy(out
+ len
+ tail
, in
+ len
, 16);
183 static int execute_cts128(const CTS128_FIXTURE
*fixture
, int num
)
185 const unsigned char *test_iv
= cts128_test_iv
;
186 size_t test_iv_len
= sizeof(cts128_test_iv
);
187 const unsigned char *orig_vector
= aes_cts128_vectors
[num
].data
;
188 size_t len
= aes_cts128_vectors
[num
].size
;
189 const unsigned char *test_input
= cts128_test_input
;
190 const AES_KEY
*encrypt_key_schedule
= cts128_encrypt_key_schedule();
191 const AES_KEY
*decrypt_key_schedule
= cts128_decrypt_key_schedule();
192 unsigned char iv
[16];
193 /* The largest test inputs are = 64 bytes. */
194 unsigned char cleartext
[64], ciphertext
[64], vector
[64];
197 TEST_info("%s_vector_%lu", fixture
->case_name
, (unsigned long)len
);
199 tail
= fixture
->last_blocks_correction(orig_vector
, vector
, len
);
201 /* test block-based encryption */
202 memcpy(iv
, test_iv
, test_iv_len
);
203 if (!TEST_size_t_eq(fixture
->encrypt_block(test_input
, ciphertext
, len
,
204 encrypt_key_schedule
, iv
,
205 (block128_f
)AES_encrypt
), len
)
206 || !TEST_mem_eq(ciphertext
, len
, vector
, len
)
207 || !TEST_mem_eq(iv
, sizeof(iv
), vector
+ len
- tail
, sizeof(iv
)))
210 /* test block-based decryption */
211 memcpy(iv
, test_iv
, test_iv_len
);
212 size
= fixture
->decrypt_block(ciphertext
, cleartext
, len
,
213 decrypt_key_schedule
, iv
,
214 (block128_f
)AES_decrypt
);
215 if (!TEST_true(len
== size
|| len
+ 16 == size
)
216 || !TEST_mem_eq(cleartext
, len
, test_input
, len
)
217 || !TEST_mem_eq(iv
, sizeof(iv
), vector
+ len
- tail
, sizeof(iv
)))
220 /* test streamed encryption */
221 memcpy(iv
, test_iv
, test_iv_len
);
222 if (!TEST_size_t_eq(fixture
->encrypt_stream(test_input
, ciphertext
, len
,
223 encrypt_key_schedule
, iv
,
224 (cbc128_f
) AES_cbc_encrypt
),
226 || !TEST_mem_eq(ciphertext
, len
, vector
, len
)
227 || !TEST_mem_eq(iv
, sizeof(iv
), vector
+ len
- tail
, sizeof(iv
)))
230 /* test streamed decryption */
231 memcpy(iv
, test_iv
, test_iv_len
);
232 if (!TEST_size_t_eq(fixture
->decrypt_stream(ciphertext
, cleartext
, len
,
233 decrypt_key_schedule
, iv
,
234 (cbc128_f
)AES_cbc_encrypt
),
236 || !TEST_mem_eq(cleartext
, len
, test_input
, len
)
237 || !TEST_mem_eq(iv
, sizeof(iv
), vector
+ len
- tail
, sizeof(iv
)))
243 static int test_aes_cts128(int idx
)
245 static const CTS128_FIXTURE fixture_cts128
= {
246 "aes_cts128", last_blocks_correction
,
247 CRYPTO_cts128_encrypt_block
, CRYPTO_cts128_encrypt
,
248 CRYPTO_cts128_decrypt_block
, CRYPTO_cts128_decrypt
251 return execute_cts128(&fixture_cts128
, idx
);
254 static int test_aes_cts128_nist(int idx
)
256 static const CTS128_FIXTURE fixture_cts128_nist
= {
257 "aes_cts128_nist", last_blocks_correction_nist
,
258 CRYPTO_nistcts128_encrypt_block
, CRYPTO_nistcts128_encrypt
,
259 CRYPTO_nistcts128_decrypt_block
, CRYPTO_nistcts128_decrypt
262 return execute_cts128(&fixture_cts128_nist
, idx
);
272 static const u8 K1
[16], P1
[] = { 0 }, A1
[] = { 0 }, IV1
[12], C1
[] = { 0 };
273 static const u8 T1
[] = {
274 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
275 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a
282 static const u8 P2
[16];
283 static const u8 C2
[] = {
284 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
285 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78
288 static const u8 T2
[] = {
289 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
290 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf
295 static const u8 K3
[] = {
296 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
297 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
300 static const u8 P3
[] = {
301 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
302 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
303 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
304 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
305 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
306 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
307 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
308 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
311 static const u8 IV3
[] = {
312 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
313 0xde, 0xca, 0xf8, 0x88
316 static const u8 C3
[] = {
317 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
318 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
319 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
320 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
321 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
322 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
323 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
324 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85
327 static const u8 T3
[] = {
328 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
329 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4
335 static const u8 P4
[] = {
336 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
337 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
338 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
339 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
340 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
341 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
342 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
343 0xba, 0x63, 0x7b, 0x39
346 static const u8 A4
[] = {
347 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
348 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
349 0xab, 0xad, 0xda, 0xd2
352 static const u8 C4
[] = {
353 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
354 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
355 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
356 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
357 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
358 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
359 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
360 0x3d, 0x58, 0xe0, 0x91
363 static const u8 T4
[] = {
364 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
365 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47
372 static const u8 IV5
[] = {
373 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
376 static const u8 C5
[] = {
377 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
378 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
379 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
380 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
381 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
382 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
383 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
384 0xc2, 0x3f, 0x45, 0x98
387 static const u8 T5
[] = {
388 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
389 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb
396 static const u8 IV6
[] = {
397 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
398 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
399 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
400 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
401 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
402 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
403 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
404 0xa6, 0x37, 0xb3, 0x9b
407 static const u8 C6
[] = {
408 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
409 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
410 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
411 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
412 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
413 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
414 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
415 0x4c, 0x34, 0xae, 0xe5
418 static const u8 T6
[] = {
419 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
420 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50
424 static const u8 K7
[24], P7
[] = { 0 }, A7
[] = { 0 }, IV7
[12], C7
[] = { 0 };
425 static const u8 T7
[] = {
426 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
427 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35
434 static const u8 P8
[16];
435 static const u8 C8
[] = {
436 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
437 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00
440 static const u8 T8
[] = {
441 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
442 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb
447 static const u8 K9
[] = {
448 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
449 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
450 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
453 static const u8 P9
[] = {
454 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
455 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
456 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
457 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
458 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
459 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
460 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
461 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
464 static const u8 IV9
[] = {
465 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
466 0xde, 0xca, 0xf8, 0x88
469 static const u8 C9
[] = {
470 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
471 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
472 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
473 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
474 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
475 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
476 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
477 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56
480 static const u8 T9
[] = {
481 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
482 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14
488 static const u8 P10
[] = {
489 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
490 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
491 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
492 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
493 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
494 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
495 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
496 0xba, 0x63, 0x7b, 0x39
499 static const u8 A10
[] = {
500 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
501 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
502 0xab, 0xad, 0xda, 0xd2
505 static const u8 C10
[] = {
506 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
507 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
508 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
509 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
510 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
511 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
512 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
513 0xcc, 0xda, 0x27, 0x10
516 static const u8 T10
[] = {
517 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
518 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c
525 static const u8 IV11
[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
527 static const u8 C11
[] = {
528 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
529 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
530 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
531 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
532 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
533 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
534 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
535 0xa0, 0xf0, 0x62, 0xf7
538 static const u8 T11
[] = {
539 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
540 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8
547 static const u8 IV12
[] = {
548 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
549 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
550 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
551 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
552 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
553 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
554 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
555 0xa6, 0x37, 0xb3, 0x9b
558 static const u8 C12
[] = {
559 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
560 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
561 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
562 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
563 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
564 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
565 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
566 0xe9, 0xb7, 0x37, 0x3b
569 static const u8 T12
[] = {
570 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
571 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
575 static const u8 K13
[32], P13
[] = { 0 }, A13
[] = { 0 }, IV13
[12], C13
[] = { 0 };
576 static const u8 T13
[] = {
577 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
578 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b
584 static const u8 P14
[16], IV14
[12];
585 static const u8 C14
[] = {
586 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
587 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18
590 static const u8 T14
[] = {
591 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
592 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19
597 static const u8 K15
[] = {
598 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
599 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
600 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
601 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
604 static const u8 P15
[] = {
605 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
606 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
607 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
608 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
609 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
610 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
611 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
612 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
615 static const u8 IV15
[] = {
616 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
617 0xde, 0xca, 0xf8, 0x88
620 static const u8 C15
[] = {
621 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
622 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
623 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
624 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
625 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
626 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
627 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
628 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
631 static const u8 T15
[] = {
632 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
633 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c
639 static const u8 P16
[] = {
640 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
641 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
642 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
643 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
644 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
645 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
646 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
647 0xba, 0x63, 0x7b, 0x39
650 static const u8 A16
[] = {
651 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
652 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
653 0xab, 0xad, 0xda, 0xd2
656 static const u8 C16
[] = {
657 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
658 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
659 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
660 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
661 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
662 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
663 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
664 0xbc, 0xc9, 0xf6, 0x62
667 static const u8 T16
[] = {
668 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
669 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
676 static const u8 IV17
[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
678 static const u8 C17
[] = {
679 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
680 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
681 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
682 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
683 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
684 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
685 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
686 0xf4, 0x7c, 0x9b, 0x1f
689 static const u8 T17
[] = {
690 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
691 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2
698 static const u8 IV18
[] = {
699 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
700 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
701 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
702 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
703 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
704 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
705 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
706 0xa6, 0x37, 0xb3, 0x9b
709 static const u8 C18
[] = {
710 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
711 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
712 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
713 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
714 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
715 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
716 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
717 0x44, 0xae, 0x7e, 0x3f
720 static const u8 T18
[] = {
721 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
722 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a
730 static const u8 A19
[] = {
731 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
732 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
733 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
734 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
735 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
736 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
737 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
738 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
739 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
740 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
741 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
742 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
743 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
744 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
745 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
746 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
749 static const u8 T19
[] = {
750 0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d,
751 0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92
757 /* this results in 0xff in counter LSB */
758 static const u8 IV20
[64] = { 0xff, 0xff, 0xff, 0xff };
760 static const u8 P20
[288];
761 static const u8 C20
[] = {
762 0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a,
763 0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14,
764 0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce,
765 0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f,
766 0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70,
767 0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18,
768 0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf,
769 0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49,
770 0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab,
771 0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c,
772 0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c,
773 0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29,
774 0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1,
775 0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76,
776 0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2,
777 0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce,
778 0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f,
779 0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86,
780 0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb,
781 0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18,
782 0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65,
783 0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42,
784 0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b,
785 0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06,
786 0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24,
787 0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c,
788 0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4,
789 0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64,
790 0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03,
791 0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6,
792 0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90,
793 0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74,
794 0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67,
795 0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46,
796 0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78,
797 0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c
800 static const u8 T20
[] = {
801 0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a,
802 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f
805 #define GCM128_TEST_VECTOR(n) \
807 {sizeof(K##n), K##n}, \
808 {sizeof(IV##n), IV##n}, \
809 {sizeof(A##n), A##n}, \
810 {sizeof(P##n), P##n}, \
811 {sizeof(C##n), C##n}, \
812 {sizeof(T##n), T##n} \
814 static struct gcm128_data
{
821 } gcm128_vectors
[] = {
822 GCM128_TEST_VECTOR(1),
823 GCM128_TEST_VECTOR(2),
824 GCM128_TEST_VECTOR(3),
825 GCM128_TEST_VECTOR(4),
826 GCM128_TEST_VECTOR(5),
827 GCM128_TEST_VECTOR(6),
828 GCM128_TEST_VECTOR(7),
829 GCM128_TEST_VECTOR(8),
830 GCM128_TEST_VECTOR(9),
831 GCM128_TEST_VECTOR(10),
832 GCM128_TEST_VECTOR(11),
833 GCM128_TEST_VECTOR(12),
834 GCM128_TEST_VECTOR(13),
835 GCM128_TEST_VECTOR(14),
836 GCM128_TEST_VECTOR(15),
837 GCM128_TEST_VECTOR(16),
838 GCM128_TEST_VECTOR(17),
839 GCM128_TEST_VECTOR(18),
840 GCM128_TEST_VECTOR(19),
841 GCM128_TEST_VECTOR(20)
844 static int test_gcm128(int idx
)
846 unsigned char out
[512];
847 SIZED_DATA K
= gcm128_vectors
[idx
].K
;
848 SIZED_DATA IV
= gcm128_vectors
[idx
].IV
;
849 SIZED_DATA A
= gcm128_vectors
[idx
].A
;
850 SIZED_DATA P
= gcm128_vectors
[idx
].P
;
851 SIZED_DATA C
= gcm128_vectors
[idx
].C
;
852 SIZED_DATA T
= gcm128_vectors
[idx
].T
;
856 /* Size 1 inputs are special-cased to signal NULL. */
864 AES_set_encrypt_key(K
.data
, K
.size
* 8, &key
);
866 CRYPTO_gcm128_init(&ctx
, &key
, (block128_f
)AES_encrypt
);
867 CRYPTO_gcm128_setiv(&ctx
, IV
.data
, IV
.size
);
868 memset(out
, 0, P
.size
);
870 CRYPTO_gcm128_aad(&ctx
, A
.data
, A
.size
);
872 if (!TEST_int_ge(CRYPTO_gcm128_encrypt(&ctx
, P
.data
, out
, P
.size
), 0))
874 if (!TEST_false(CRYPTO_gcm128_finish(&ctx
, T
.data
, 16))
876 && !TEST_mem_eq(out
, P
.size
, C
.data
, P
.size
)))
879 CRYPTO_gcm128_setiv(&ctx
, IV
.data
, IV
.size
);
880 memset(out
, 0, P
.size
);
882 CRYPTO_gcm128_aad(&ctx
, A
.data
, A
.size
);
884 CRYPTO_gcm128_decrypt(&ctx
, C
.data
, out
, P
.size
);
885 if (!TEST_false(CRYPTO_gcm128_finish(&ctx
, T
.data
, 16))
887 && !TEST_mem_eq(out
, P
.size
, P
.data
, P
.size
)))
893 int setup_tests(void)
895 ADD_ALL_TESTS(test_aes_cts128
, OSSL_NELEM(aes_cts128_vectors
));
896 ADD_ALL_TESTS(test_aes_cts128_nist
, OSSL_NELEM(aes_cts128_vectors
));
897 ADD_ALL_TESTS(test_gcm128
, OSSL_NELEM(gcm128_vectors
));