From: Tobias Brunner Date: Thu, 13 Mar 2014 13:05:29 +0000 (+0100) Subject: test-vectors: Renumber AES-GCM test vectors according to original source X-Git-Tag: 5.1.3rc1~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a800253fbf04ca077bdf92c7b1642ec02328701e;p=thirdparty%2Fstrongswan.git test-vectors: Renumber AES-GCM test vectors according to original source Also adds several missing ones. --- diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h index 788baae573..33c13d9f47 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors.h +++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h @@ -88,11 +88,18 @@ TEST_VECTOR_AEAD(aes_ccm10) TEST_VECTOR_AEAD(aes_ccm11) TEST_VECTOR_AEAD(aes_gcm1) TEST_VECTOR_AEAD(aes_gcm2) -TEST_VECTOR_AEAD(aes_gcm3) +TEST_VECTOR_AEAD(aes_gcm3_1) +TEST_VECTOR_AEAD(aes_gcm3_2) +TEST_VECTOR_AEAD(aes_gcm3_3) TEST_VECTOR_AEAD(aes_gcm4) -TEST_VECTOR_AEAD(aes_gcm5) -TEST_VECTOR_AEAD(aes_gcm6) TEST_VECTOR_AEAD(aes_gcm7) +TEST_VECTOR_AEAD(aes_gcm8) +TEST_VECTOR_AEAD(aes_gcm9) +TEST_VECTOR_AEAD(aes_gcm10) +TEST_VECTOR_AEAD(aes_gcm13) +TEST_VECTOR_AEAD(aes_gcm14) +TEST_VECTOR_AEAD(aes_gcm15) +TEST_VECTOR_AEAD(aes_gcm16) TEST_VECTOR_SIGNER(aes_xcbc_s1) TEST_VECTOR_SIGNER(aes_xcbc_s2) diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c index 68e6de5d9f..1f33bcbd56 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c @@ -16,10 +16,35 @@ #include /** - * From the Linux kernel, those with an IV. Originally from - * McGrew & Viega - http://citeseer.ist.psu.edu/656989.html + * From McGrew & Viega + * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf + * Formatted to match our API which expects the first four bytes (salt) of the + * IV as part of the key and writes/expects the ICV at the end of the cipher + * text. + * Since our implementations are currently limited to IV lengths of 12 (IV=8, + * SALT=4 as per RFC 4106/5282) the test cases 5/6, 11/12 and 17/18 aren't + * compatible. */ aead_test_vector_t aes_gcm1 = { + .alg = ENCR_AES_GCM_ICV16, .key_size = 16, .salt_size = 4, + .len = 0, .alen = 0, + .key = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00", + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", + .plain = "", + .cipher = "\x58\xe2\xfc\xce\xfa\x7e\x30\x61\x36\x7f\x1d\x57\xa4\xe7\x45\x5a", +}; +aead_test_vector_t aes_gcm2 = { + .alg = ENCR_AES_GCM_ICV16, .key_size = 16, .salt_size = 4, + .len = 16, .alen = 0, + .key = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00", + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", + .plain = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + .cipher = "\x03\x88\xda\xce\x60\xb6\xa3\x92\xf3\x28\xc2\xb9\x71\xb2\xfe\x78" + "\xab\x6e\x47\xd4\x2c\xec\x13\xbd\xf5\x3a\x67\xb2\x12\x57\xbd\xdf", +}; +aead_test_vector_t aes_gcm3_1 = { .alg = ENCR_AES_GCM_ICV8, .key_size = 16, .salt_size = 4, .len = 64, .alen = 0, .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" @@ -35,8 +60,7 @@ aead_test_vector_t aes_gcm1 = { "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x47\x3f\x59\x85" "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6", }; - -aead_test_vector_t aes_gcm2 = { +aead_test_vector_t aes_gcm3_2 = { .alg = ENCR_AES_GCM_ICV12, .key_size = 16, .salt_size = 4, .len = 64, .alen = 0, .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" @@ -52,8 +76,7 @@ aead_test_vector_t aes_gcm2 = { "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x47\x3f\x59\x85" "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6\x2c\xf3\x5a\xbd", }; - -aead_test_vector_t aes_gcm3 = { +aead_test_vector_t aes_gcm3_3 = { .alg = ENCR_AES_GCM_ICV16, .key_size = 16, .salt_size = 4, .len = 64, .alen = 0, .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" @@ -69,7 +92,6 @@ aead_test_vector_t aes_gcm3 = { "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x47\x3f\x59\x85" "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6\x2c\xf3\x5a\xbd\x2b\xa6\xfa\xb4", }; - aead_test_vector_t aes_gcm4 = { .alg = ENCR_AES_GCM_ICV16, .key_size = 16, .salt_size = 4, .len = 60, .alen = 20, @@ -88,8 +110,26 @@ aead_test_vector_t aes_gcm4 = { "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x5b\xc9\x4f\xbc" "\x32\x21\xa5\xdb\x94\xfa\xe9\x5a\xe7\x12\x1a\x47", }; - -aead_test_vector_t aes_gcm5 = { +aead_test_vector_t aes_gcm7 = { + .alg = ENCR_AES_GCM_ICV16, .key_size = 24, .salt_size = 4, + .len = 0, .alen = 0, + .key = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", + .plain = "", + .cipher = "\xcd\x33\xb2\x8a\xc7\x73\xf7\x4b\xa0\x0e\xd1\xf3\x12\x57\x24\x35", +}; +aead_test_vector_t aes_gcm8 = { + .alg = ENCR_AES_GCM_ICV16, .key_size = 24, .salt_size = 4, + .len = 16, .alen = 0, + .key = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", + .plain = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + .cipher = "\x98\xe7\x24\x7c\x07\xf0\xfe\x41\x1c\x26\x7e\x43\x84\xb0\xf6\x00" + "\x2f\xf5\x8d\x80\x03\x39\x27\xab\x8e\xf4\xd4\x58\x75\x14\xf0\xfb", +}; +aead_test_vector_t aes_gcm9 = { .alg = ENCR_AES_GCM_ICV16, .key_size = 24, .salt_size = 4, .len = 64, .alen = 0, .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" @@ -105,8 +145,46 @@ aead_test_vector_t aes_gcm5 = { "\x18\xe2\x44\x8b\x2f\xe3\x24\xd9\xcc\xda\x27\x10\xac\xad\xe2\x56" "\x99\x24\xa7\xc8\x58\x73\x36\xbf\xb1\x18\x02\x4d\xb8\x67\x4a\x14", }; - -aead_test_vector_t aes_gcm6 = { +aead_test_vector_t aes_gcm10 = { + .alg = ENCR_AES_GCM_ICV16, .key_size = 24, .salt_size = 4, + .len = 60, .alen = 20, + .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" + "\xfe\xff\xe9\x92\x86\x65\x73\x1c\xca\xfe\xba\xbe", + .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88", + .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" + "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" + "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" + "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39", + .adata = "\xfe\xed\xfa\xce\xde\xad\xbe\xef\xfe\xed\xfa\xce\xde\xad\xbe\xef" + "\xab\xad\xda\xd2", + .cipher = "\x39\x80\xca\x0b\x3c\x00\xe8\x41\xeb\x06\xfa\xc4\x87\x2a\x27\x57" + "\x85\x9e\x1c\xea\xa6\xef\xd9\x84\x62\x85\x93\xb4\x0c\xa1\xe1\x9c" + "\x7d\x77\x3d\x00\xc1\x44\xc5\x25\xac\x61\x9d\x18\xc8\x4a\x3f\x47" + "\x18\xe2\x44\x8b\x2f\xe3\x24\xd9\xcc\xda\x27\x10\x25\x19\x49\x8e" + "\x80\xf1\x47\x8f\x37\xba\x55\xbd\x6d\x27\x61\x8c", +}; +aead_test_vector_t aes_gcm13 = { + .alg = ENCR_AES_GCM_ICV16, .key_size = 32, .salt_size = 4, + .len = 0, .alen = 0, + .key = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00", + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", + .plain = "", + .cipher = "\x53\x0f\x8a\xfb\xc7\x45\x36\xb9\xa9\x63\xb4\xf1\xc4\xcb\x73\x8b", +}; +aead_test_vector_t aes_gcm14 = { + .alg = ENCR_AES_GCM_ICV16, .key_size = 32, .salt_size = 4, + .len = 16, .alen = 0, + .key = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00", + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", + .plain = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", + .cipher = "\xce\xa7\x40\x3d\x4d\x60\x6b\x6e\x07\x4e\xc5\xd3\xba\xf3\x9d\x18" + "\xd0\xd1\xc8\xa7\x99\x99\x6b\xf0\x26\x5b\x98\xb5\xd4\x8a\xb9\x19", +}; +aead_test_vector_t aes_gcm15 = { .alg = ENCR_AES_GCM_ICV16, .key_size = 32, .salt_size = 4, .len = 64, .alen = 0, .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08" @@ -123,8 +201,7 @@ aead_test_vector_t aes_gcm6 = { "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a\xbc\xc9\xf6\x62\x89\x80\x15\xad" "\xb0\x94\xda\xc5\xd9\x34\x71\xbd\xec\x1a\x50\x22\x70\xe3\xcc\x6c", }; - -aead_test_vector_t aes_gcm7 = { +aead_test_vector_t aes_gcm16 = { .alg = ENCR_AES_GCM_ICV16, .key_size = 32, .salt_size = 4, .len = 60, .alen = 20, .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"