]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/modes_internal_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Create a prototype for OPENSSL_rdtsc
[thirdparty/openssl.git] / test / modes_internal_test.c
1 /*
2 * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* Internal tests for the modes module */
11
12 #include <stdio.h>
13 #include <string.h>
14
15 #include <openssl/aes.h>
16 #include <openssl/modes.h>
17 #include "../crypto/modes/modes_lcl.h"
18 #include "testutil.h"
19 #include "internal/nelem.h"
20 #include "internal/cryptlib.h"
21
22 typedef struct {
23 size_t size;
24 const unsigned char *data;
25 } SIZED_DATA;
26
27 /**********************************************************************
28 *
29 * Test of cts128
30 *
31 ***/
32
33 /* cts128 test vectors from RFC 3962 */
34 static const unsigned char cts128_test_key[16] = "chicken teriyaki";
35 static const unsigned char cts128_test_input[64] =
36 "I would like the" " General Gau's C"
37 "hicken, please, " "and wonton soup.";
38 static const unsigned char cts128_test_iv[] =
39 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
40
41 static const unsigned char vector_17[17] = {
42 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
43 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
44 0x97
45 };
46
47 static const unsigned char vector_31[31] = {
48 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
49 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
50 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
51 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
52 };
53
54 static const unsigned char vector_32[32] = {
55 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
56 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
57 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
58 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
59 };
60
61 static const unsigned char vector_47[47] = {
62 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
63 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
64 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
65 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
66 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
67 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
68 };
69
70 static const unsigned char vector_48[48] = {
71 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
72 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
73 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
74 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
75 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
76 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
77 };
78
79 static const unsigned char vector_64[64] = {
80 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
81 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
82 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
83 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
84 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
85 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
86 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
87 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
88 };
89
90 #define CTS128_TEST_VECTOR(len) \
91 { \
92 sizeof(vector_##len), vector_##len \
93 }
94 static const SIZED_DATA aes_cts128_vectors[] = {
95 CTS128_TEST_VECTOR(17),
96 CTS128_TEST_VECTOR(31),
97 CTS128_TEST_VECTOR(32),
98 CTS128_TEST_VECTOR(47),
99 CTS128_TEST_VECTOR(48),
100 CTS128_TEST_VECTOR(64),
101 };
102
103 static AES_KEY *cts128_encrypt_key_schedule()
104 {
105 static int init_key = 1;
106 static AES_KEY ks;
107
108 if (init_key) {
109 AES_set_encrypt_key(cts128_test_key, 128, &ks);
110 init_key = 0;
111 }
112 return &ks;
113 }
114
115 static AES_KEY *cts128_decrypt_key_schedule()
116 {
117 static int init_key = 1;
118 static AES_KEY ks;
119
120 if (init_key) {
121 AES_set_decrypt_key(cts128_test_key, 128, &ks);
122 init_key = 0;
123 }
124 return &ks;
125 }
126
127 typedef struct {
128 const char *case_name;
129 size_t (*last_blocks_correction)(const unsigned char *in,
130 unsigned char *out, size_t len);
131 size_t (*encrypt_block)(const unsigned char *in,
132 unsigned char *out, size_t len,
133 const void *key, unsigned char ivec[16],
134 block128_f block);
135 size_t (*encrypt_stream)(const unsigned char *in, unsigned char *out,
136 size_t len, const void *key,
137 unsigned char ivec[16], cbc128_f cbc);
138 size_t (*decrypt_block)(const unsigned char *in,
139 unsigned char *out, size_t len,
140 const void *key, unsigned char ivec[16],
141 block128_f block);
142 size_t (*decrypt_stream)(const unsigned char *in, unsigned char *out,
143 size_t len, const void *key,
144 unsigned char ivec[16], cbc128_f cbc);
145 } CTS128_FIXTURE;
146
147 static size_t last_blocks_correction(const unsigned char *in,
148 unsigned char *out, size_t len)
149 {
150 size_t tail;
151
152 memcpy(out, in, len);
153 if ((tail = len % 16) == 0)
154 tail = 16;
155 tail += 16;
156
157 return tail;
158 }
159
160 static size_t last_blocks_correction_nist(const unsigned char *in,
161 unsigned char *out, size_t len)
162 {
163 size_t tail;
164
165 if ((tail = len % 16) == 0)
166 tail = 16;
167 len -= 16 + tail;
168 memcpy(out, in, len);
169 /* flip two last blocks */
170 memcpy(out + len, in + len + 16, tail);
171 memcpy(out + len + tail, in + len, 16);
172 len += 16 + tail;
173 tail = 16;
174
175 return tail;
176 }
177
178 static int execute_cts128(const CTS128_FIXTURE *fixture, int num)
179 {
180 const unsigned char *test_iv = cts128_test_iv;
181 size_t test_iv_len = sizeof(cts128_test_iv);
182 const unsigned char *orig_vector = aes_cts128_vectors[num].data;
183 size_t len = aes_cts128_vectors[num].size;
184 const unsigned char *test_input = cts128_test_input;
185 const AES_KEY *encrypt_key_schedule = cts128_encrypt_key_schedule();
186 const AES_KEY *decrypt_key_schedule = cts128_decrypt_key_schedule();
187 unsigned char iv[16];
188 /* The largest test inputs are = 64 bytes. */
189 unsigned char cleartext[64], ciphertext[64], vector[64];
190 size_t tail, size;
191
192 TEST_info("%s_vector_%lu", fixture->case_name, (unsigned long)len);
193
194 tail = fixture->last_blocks_correction(orig_vector, vector, len);
195
196 /* test block-based encryption */
197 memcpy(iv, test_iv, test_iv_len);
198 if (!TEST_size_t_eq(fixture->encrypt_block(test_input, ciphertext, len,
199 encrypt_key_schedule, iv,
200 (block128_f)AES_encrypt), len)
201 || !TEST_mem_eq(ciphertext, len, vector, len)
202 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
203 return 0;
204
205 /* test block-based decryption */
206 memcpy(iv, test_iv, test_iv_len);
207 size = fixture->decrypt_block(ciphertext, cleartext, len,
208 decrypt_key_schedule, iv,
209 (block128_f)AES_decrypt);
210 if (!TEST_true(len == size || len + 16 == size)
211 || !TEST_mem_eq(cleartext, len, test_input, len)
212 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
213 return 0;
214
215 /* test streamed encryption */
216 memcpy(iv, test_iv, test_iv_len);
217 if (!TEST_size_t_eq(fixture->encrypt_stream(test_input, ciphertext, len,
218 encrypt_key_schedule, iv,
219 (cbc128_f) AES_cbc_encrypt),
220 len)
221 || !TEST_mem_eq(ciphertext, len, vector, len)
222 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
223 return 0;
224
225 /* test streamed decryption */
226 memcpy(iv, test_iv, test_iv_len);
227 if (!TEST_size_t_eq(fixture->decrypt_stream(ciphertext, cleartext, len,
228 decrypt_key_schedule, iv,
229 (cbc128_f)AES_cbc_encrypt),
230 len)
231 || !TEST_mem_eq(cleartext, len, test_input, len)
232 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
233 return 0;
234
235 return 1;
236 }
237
238 static int test_aes_cts128(int idx)
239 {
240 static const CTS128_FIXTURE fixture_cts128 = {
241 "aes_cts128", last_blocks_correction,
242 CRYPTO_cts128_encrypt_block, CRYPTO_cts128_encrypt,
243 CRYPTO_cts128_decrypt_block, CRYPTO_cts128_decrypt
244 };
245
246 return execute_cts128(&fixture_cts128, idx);
247 }
248
249 static int test_aes_cts128_nist(int idx)
250 {
251 static const CTS128_FIXTURE fixture_cts128_nist = {
252 "aes_cts128_nist", last_blocks_correction_nist,
253 CRYPTO_nistcts128_encrypt_block, CRYPTO_nistcts128_encrypt,
254 CRYPTO_nistcts128_decrypt_block, CRYPTO_nistcts128_decrypt
255 };
256
257 return execute_cts128(&fixture_cts128_nist, idx);
258 }
259
260 /*
261 *
262 * Test of gcm128
263 *
264 */
265
266 /* Test Case 1 */
267 static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 };
268 static const u8 T1[] = {
269 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
270 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a
271 };
272
273 /* Test Case 2 */
274 # define K2 K1
275 # define A2 A1
276 # define IV2 IV1
277 static const u8 P2[16];
278 static const u8 C2[] = {
279 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
280 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78
281 };
282
283 static const u8 T2[] = {
284 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
285 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf
286 };
287
288 /* Test Case 3 */
289 # define A3 A2
290 static const u8 K3[] = {
291 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
292 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
293 };
294
295 static const u8 P3[] = {
296 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
297 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
298 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
299 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
300 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
301 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
302 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
303 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
304 };
305
306 static const u8 IV3[] = {
307 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
308 0xde, 0xca, 0xf8, 0x88
309 };
310
311 static const u8 C3[] = {
312 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
313 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
314 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
315 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
316 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
317 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
318 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
319 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85
320 };
321
322 static const u8 T3[] = {
323 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
324 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4
325 };
326
327 /* Test Case 4 */
328 # define K4 K3
329 # define IV4 IV3
330 static const u8 P4[] = {
331 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
332 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
333 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
334 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
335 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
336 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
337 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
338 0xba, 0x63, 0x7b, 0x39
339 };
340
341 static const u8 A4[] = {
342 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
343 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
344 0xab, 0xad, 0xda, 0xd2
345 };
346
347 static const u8 C4[] = {
348 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
349 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
350 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
351 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
352 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
353 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
354 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
355 0x3d, 0x58, 0xe0, 0x91
356 };
357
358 static const u8 T4[] = {
359 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
360 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47
361 };
362
363 /* Test Case 5 */
364 # define K5 K4
365 # define P5 P4
366 # define A5 A4
367 static const u8 IV5[] = {
368 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
369 };
370
371 static const u8 C5[] = {
372 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
373 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
374 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
375 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
376 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
377 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
378 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
379 0xc2, 0x3f, 0x45, 0x98
380 };
381
382 static const u8 T5[] = {
383 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
384 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb
385 };
386
387 /* Test Case 6 */
388 # define K6 K5
389 # define P6 P5
390 # define A6 A5
391 static const u8 IV6[] = {
392 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
393 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
394 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
395 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
396 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
397 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
398 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
399 0xa6, 0x37, 0xb3, 0x9b
400 };
401
402 static const u8 C6[] = {
403 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
404 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
405 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
406 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
407 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
408 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
409 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
410 0x4c, 0x34, 0xae, 0xe5
411 };
412
413 static const u8 T6[] = {
414 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
415 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50
416 };
417
418 /* Test Case 7 */
419 static const u8 K7[24], P7[] = { 0 }, A7[] = { 0 }, IV7[12], C7[] = { 0 };
420 static const u8 T7[] = {
421 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
422 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35
423 };
424
425 /* Test Case 8 */
426 # define K8 K7
427 # define IV8 IV7
428 # define A8 A7
429 static const u8 P8[16];
430 static const u8 C8[] = {
431 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
432 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00
433 };
434
435 static const u8 T8[] = {
436 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
437 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb
438 };
439
440 /* Test Case 9 */
441 # define A9 A8
442 static const u8 K9[] = {
443 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
444 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
445 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
446 };
447
448 static const u8 P9[] = {
449 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
450 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
451 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
452 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
453 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
454 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
455 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
456 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
457 };
458
459 static const u8 IV9[] = {
460 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
461 0xde, 0xca, 0xf8, 0x88
462 };
463
464 static const u8 C9[] = {
465 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
466 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
467 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
468 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
469 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
470 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
471 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
472 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56
473 };
474
475 static const u8 T9[] = {
476 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
477 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14
478 };
479
480 /* Test Case 10 */
481 # define K10 K9
482 # define IV10 IV9
483 static const u8 P10[] = {
484 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
485 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
486 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
487 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
488 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
489 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
490 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
491 0xba, 0x63, 0x7b, 0x39
492 };
493
494 static const u8 A10[] = {
495 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
496 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
497 0xab, 0xad, 0xda, 0xd2
498 };
499
500 static const u8 C10[] = {
501 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
502 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
503 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
504 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
505 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
506 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
507 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
508 0xcc, 0xda, 0x27, 0x10
509 };
510
511 static const u8 T10[] = {
512 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
513 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c
514 };
515
516 /* Test Case 11 */
517 # define K11 K10
518 # define P11 P10
519 # define A11 A10
520 static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
521
522 static const u8 C11[] = {
523 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
524 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
525 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
526 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
527 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
528 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
529 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
530 0xa0, 0xf0, 0x62, 0xf7
531 };
532
533 static const u8 T11[] = {
534 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
535 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8
536 };
537
538 /* Test Case 12 */
539 # define K12 K11
540 # define P12 P11
541 # define A12 A11
542 static const u8 IV12[] = {
543 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
544 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
545 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
546 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
547 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
548 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
549 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
550 0xa6, 0x37, 0xb3, 0x9b
551 };
552
553 static const u8 C12[] = {
554 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
555 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
556 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
557 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
558 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
559 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
560 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
561 0xe9, 0xb7, 0x37, 0x3b
562 };
563
564 static const u8 T12[] = {
565 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
566 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
567 };
568
569 /* Test Case 13 */
570 static const u8 K13[32], P13[] = { 0 }, A13[] = { 0 }, IV13[12], C13[] = { 0 };
571 static const u8 T13[] = {
572 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
573 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b
574 };
575
576 /* Test Case 14 */
577 # define K14 K13
578 # define A14 A13
579 static const u8 P14[16], IV14[12];
580 static const u8 C14[] = {
581 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
582 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18
583 };
584
585 static const u8 T14[] = {
586 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
587 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19
588 };
589
590 /* Test Case 15 */
591 # define A15 A14
592 static const u8 K15[] = {
593 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
594 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
595 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
596 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
597 };
598
599 static const u8 P15[] = {
600 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
601 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
602 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
603 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
604 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
605 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
606 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
607 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
608 };
609
610 static const u8 IV15[] = {
611 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
612 0xde, 0xca, 0xf8, 0x88
613 };
614
615 static const u8 C15[] = {
616 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
617 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
618 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
619 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
620 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
621 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
622 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
623 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
624 };
625
626 static const u8 T15[] = {
627 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
628 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c
629 };
630
631 /* Test Case 16 */
632 # define K16 K15
633 # define IV16 IV15
634 static const u8 P16[] = {
635 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
636 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
637 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
638 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
639 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
640 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
641 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
642 0xba, 0x63, 0x7b, 0x39
643 };
644
645 static const u8 A16[] = {
646 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
647 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
648 0xab, 0xad, 0xda, 0xd2
649 };
650
651 static const u8 C16[] = {
652 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
653 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
654 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
655 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
656 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
657 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
658 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
659 0xbc, 0xc9, 0xf6, 0x62
660 };
661
662 static const u8 T16[] = {
663 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
664 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
665 };
666
667 /* Test Case 17 */
668 # define K17 K16
669 # define P17 P16
670 # define A17 A16
671 static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
672
673 static const u8 C17[] = {
674 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
675 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
676 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
677 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
678 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
679 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
680 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
681 0xf4, 0x7c, 0x9b, 0x1f
682 };
683
684 static const u8 T17[] = {
685 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
686 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2
687 };
688
689 /* Test Case 18 */
690 # define K18 K17
691 # define P18 P17
692 # define A18 A17
693 static const u8 IV18[] = {
694 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
695 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
696 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
697 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
698 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
699 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
700 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
701 0xa6, 0x37, 0xb3, 0x9b
702 };
703
704 static const u8 C18[] = {
705 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
706 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
707 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
708 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
709 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
710 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
711 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
712 0x44, 0xae, 0x7e, 0x3f
713 };
714
715 static const u8 T18[] = {
716 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
717 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a
718 };
719
720 /* Test Case 19 */
721 # define K19 K1
722 # define P19 P1
723 # define IV19 IV1
724 # define C19 C1
725 static const u8 A19[] = {
726 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
727 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
728 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
729 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
730 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
731 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
732 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
733 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
734 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
735 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
736 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
737 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
738 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
739 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
740 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
741 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
742 };
743
744 static const u8 T19[] = {
745 0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d,
746 0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92
747 };
748
749 /* Test Case 20 */
750 # define K20 K1
751 # define A20 A1
752 /* this results in 0xff in counter LSB */
753 static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff };
754
755 static const u8 P20[288];
756 static const u8 C20[] = {
757 0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a,
758 0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14,
759 0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce,
760 0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f,
761 0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70,
762 0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18,
763 0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf,
764 0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49,
765 0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab,
766 0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c,
767 0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c,
768 0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29,
769 0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1,
770 0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76,
771 0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2,
772 0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce,
773 0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f,
774 0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86,
775 0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb,
776 0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18,
777 0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65,
778 0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42,
779 0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b,
780 0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06,
781 0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24,
782 0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c,
783 0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4,
784 0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64,
785 0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03,
786 0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6,
787 0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90,
788 0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74,
789 0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67,
790 0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46,
791 0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78,
792 0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c
793 };
794
795 static const u8 T20[] = {
796 0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a,
797 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f
798 };
799
800 #define GCM128_TEST_VECTOR(n) \
801 { \
802 {sizeof(K##n), K##n}, \
803 {sizeof(IV##n), IV##n}, \
804 {sizeof(A##n), A##n}, \
805 {sizeof(P##n), P##n}, \
806 {sizeof(C##n), C##n}, \
807 {sizeof(T##n), T##n} \
808 }
809 static struct gcm128_data {
810 const SIZED_DATA K;
811 const SIZED_DATA IV;
812 const SIZED_DATA A;
813 const SIZED_DATA P;
814 const SIZED_DATA C;
815 const SIZED_DATA T;
816 } gcm128_vectors[] = {
817 GCM128_TEST_VECTOR(1),
818 GCM128_TEST_VECTOR(2),
819 GCM128_TEST_VECTOR(3),
820 GCM128_TEST_VECTOR(4),
821 GCM128_TEST_VECTOR(5),
822 GCM128_TEST_VECTOR(6),
823 GCM128_TEST_VECTOR(7),
824 GCM128_TEST_VECTOR(8),
825 GCM128_TEST_VECTOR(9),
826 GCM128_TEST_VECTOR(10),
827 GCM128_TEST_VECTOR(11),
828 GCM128_TEST_VECTOR(12),
829 GCM128_TEST_VECTOR(13),
830 GCM128_TEST_VECTOR(14),
831 GCM128_TEST_VECTOR(15),
832 GCM128_TEST_VECTOR(16),
833 GCM128_TEST_VECTOR(17),
834 GCM128_TEST_VECTOR(18),
835 GCM128_TEST_VECTOR(19),
836 GCM128_TEST_VECTOR(20)
837 };
838
839 static int test_gcm128(int idx)
840 {
841 unsigned char out[512];
842 SIZED_DATA K = gcm128_vectors[idx].K;
843 SIZED_DATA IV = gcm128_vectors[idx].IV;
844 SIZED_DATA A = gcm128_vectors[idx].A;
845 SIZED_DATA P = gcm128_vectors[idx].P;
846 SIZED_DATA C = gcm128_vectors[idx].C;
847 SIZED_DATA T = gcm128_vectors[idx].T;
848 GCM128_CONTEXT ctx;
849 AES_KEY key;
850
851 /* Size 1 inputs are special-cased to signal NULL. */
852 if (A.size == 1)
853 A.data = NULL;
854 if (P.size == 1)
855 P.data = NULL;
856 if (C.size == 1)
857 C.data = NULL;
858
859 AES_set_encrypt_key(K.data, K.size * 8, &key);
860
861 CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt);
862 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
863 memset(out, 0, P.size);
864 if (A.data != NULL)
865 CRYPTO_gcm128_aad(&ctx, A.data, A.size);
866 if (P.data != NULL)
867 CRYPTO_gcm128_encrypt( &ctx, P.data, out, P.size);
868 if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
869 || (C.data != NULL
870 && !TEST_mem_eq(out, P.size, C.data, P.size)))
871 return 0;
872
873 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
874 memset(out, 0, P.size);
875 if (A.data != NULL)
876 CRYPTO_gcm128_aad(&ctx, A.data, A.size);
877 if (C.data != NULL)
878 CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size);
879 if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
880 || (P.data != NULL
881 && !TEST_mem_eq(out, P.size, P.data, P.size)))
882 return 0;
883
884 return 1;
885 }
886
887 static void benchmark_gcm128(const unsigned char *K, size_t Klen,
888 const unsigned char *IV, size_t IVlen)
889 {
890 #ifdef OPENSSL_CPUID_OBJ
891 GCM128_CONTEXT ctx;
892 AES_KEY key;
893 uint32_t start, gcm_t, ctr_t;
894 union {
895 u64 u;
896 u8 c[1024];
897 } buf;
898
899 AES_set_encrypt_key(K, Klen * 8, &key);
900 CRYPTO_gcm128_init(&ctx, &key, (block128_f) AES_encrypt);
901 CRYPTO_gcm128_setiv(&ctx, IV, IVlen);
902
903 CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf));
904 start = OPENSSL_rdtsc();
905 CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf));
906 gcm_t = OPENSSL_rdtsc() - start;
907
908 CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf),
909 &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres,
910 (block128_f) AES_encrypt);
911 start = OPENSSL_rdtsc();
912 CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf),
913 &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres,
914 (block128_f) AES_encrypt);
915 ctr_t = OPENSSL_rdtsc() - start;
916
917 printf("%.2f-%.2f=%.2f\n",
918 gcm_t / (double)sizeof(buf),
919 ctr_t / (double)sizeof(buf),
920 (gcm_t - ctr_t) / (double)sizeof(buf));
921 # ifdef GHASH
922 {
923 void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
924 const u8 *inp, size_t len) = ctx.ghash;
925
926 GHASH((&ctx), buf.c, sizeof(buf));
927 start = OPENSSL_rdtsc();
928 for (i = 0; i < 100; ++i)
929 GHASH((&ctx), buf.c, sizeof(buf));
930 gcm_t = OPENSSL_rdtsc() - start;
931 printf("%.2f\n", gcm_t / (double)sizeof(buf) / (double)i);
932 }
933 # endif
934 #else
935 fprintf(stderr,
936 "Benchmarking of modes isn't available on this platform\n");
937 #endif
938 }
939
940 int setup_tests(void)
941 {
942 if (test_has_option("-h")) {
943 printf("-h\tThis help\n");
944 printf("-b\tBenchmark gcm128 in addition to the tests\n");
945 return 1;
946 }
947
948 ADD_ALL_TESTS(test_aes_cts128, OSSL_NELEM(aes_cts128_vectors));
949 ADD_ALL_TESTS(test_aes_cts128_nist, OSSL_NELEM(aes_cts128_vectors));
950 ADD_ALL_TESTS(test_gcm128, OSSL_NELEM(gcm128_vectors));
951 return 1;
952 }
953
954 void cleanup_tests(void)
955 {
956 if (test_has_option("-b"))
957 benchmark_gcm128(K1, sizeof(K1), IV1, sizeof(IV1));
958 }
A mirror of the official openssl repository