1 /*
2 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* Internal tests for the modes module */
11
12 /*
13 * This file uses the low level AES functions (which are deprecated for
14 * non-internal use) in order to test the modes code
15 */
16 #include "internal/deprecated.h"
17
18 #include <stdio.h>
19 #include <string.h>
20
21 #include <openssl/aes.h>
22 #include <openssl/modes.h>
23 #include "testutil.h"
24 #include "crypto/modes.h"
25 #include "internal/nelem.h"
26
27 typedef struct {
28 size_t size;
29 const unsigned char *data;
30 } SIZED_DATA;
31
32 /**********************************************************************
33 *
34 * Test of cts128
35 *
36 ***/
37
38 /* cts128 test vectors from RFC 3962 */
39 static const unsigned char cts128_test_key[16] = "chicken teriyaki";
40 static const unsigned char cts128_test_input[64] =
41 "I would like the" " General Gau's C"
42 "hicken, please, " "and wonton soup.";
43 static const unsigned char cts128_test_iv[] =
44 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
45
46 static const unsigned char vector_17[17] = {
47 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
48 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
49 0x97
50 };
51
52 static const unsigned char vector_31[31] = {
53 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
54 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
55 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
56 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
57 };
58
59 static const unsigned char vector_32[32] = {
60 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
61 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
62 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
63 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
64 };
65
66 static const unsigned char vector_47[47] = {
67 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
68 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
69 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
70 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
71 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
72 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
73 };
74
75 static const unsigned char vector_48[48] = {
76 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
77 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
78 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
79 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
80 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
81 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
82 };
83
84 static const unsigned char vector_64[64] = {
85 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
86 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
87 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
88 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
89 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
90 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
91 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
92 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
93 };
94
95 #define CTS128_TEST_VECTOR(len) \
96 { \
97 sizeof(vector_##len), vector_##len \
98 }
99 static const SIZED_DATA aes_cts128_vectors[] = {
100 CTS128_TEST_VECTOR(17),
101 CTS128_TEST_VECTOR(31),
102 CTS128_TEST_VECTOR(32),
103 CTS128_TEST_VECTOR(47),
104 CTS128_TEST_VECTOR(48),
105 CTS128_TEST_VECTOR(64),
106 };
107
cts128_encrypt_key_schedule(void)108 static AES_KEY *cts128_encrypt_key_schedule(void)
109 {
110 static int init_key = 1;
111 static AES_KEY ks;
112
113 if (init_key) {
114 AES_set_encrypt_key(cts128_test_key, 128, &ks);
115 init_key = 0;
116 }
117 return &ks;
118 }
119
cts128_decrypt_key_schedule(void)120 static AES_KEY *cts128_decrypt_key_schedule(void)
121 {
122 static int init_key = 1;
123 static AES_KEY ks;
124
125 if (init_key) {
126 AES_set_decrypt_key(cts128_test_key, 128, &ks);
127 init_key = 0;
128 }
129 return &ks;
130 }
131
132 typedef struct {
133 const char *case_name;
134 size_t (*last_blocks_correction)(const unsigned char *in,
135 unsigned char *out, size_t len);
136 size_t (*encrypt_block)(const unsigned char *in,
137 unsigned char *out, size_t len,
138 const void *key, unsigned char ivec[16],
139 block128_f block);
140 size_t (*encrypt_stream)(const unsigned char *in, unsigned char *out,
141 size_t len, const void *key,
142 unsigned char ivec[16], cbc128_f cbc);
143 size_t (*decrypt_block)(const unsigned char *in,
144 unsigned char *out, size_t len,
145 const void *key, unsigned char ivec[16],
146 block128_f block);
147 size_t (*decrypt_stream)(const unsigned char *in, unsigned char *out,
148 size_t len, const void *key,
149 unsigned char ivec[16], cbc128_f cbc);
150 } CTS128_FIXTURE;
151
last_blocks_correction(const unsigned char * in,unsigned char * out,size_t len)152 static size_t last_blocks_correction(const unsigned char *in,
153 unsigned char *out, size_t len)
154 {
155 size_t tail;
156
157 memcpy(out, in, len);
158 if ((tail = len % 16) == 0)
159 tail = 16;
160 tail += 16;
161
162 return tail;
163 }
164
last_blocks_correction_nist(const unsigned char * in,unsigned char * out,size_t len)165 static size_t last_blocks_correction_nist(const unsigned char *in,
166 unsigned char *out, size_t len)
167 {
168 size_t tail;
169
170 if ((tail = len % 16) == 0)
171 tail = 16;
172 len -= 16 + tail;
173 memcpy(out, in, len);
174 /* flip two last blocks */
175 memcpy(out + len, in + len + 16, tail);
176 memcpy(out + len + tail, in + len, 16);
177 len += 16 + tail;
178 tail = 16;
179
180 return tail;
181 }
182
execute_cts128(const CTS128_FIXTURE * fixture,int num)183 static int execute_cts128(const CTS128_FIXTURE *fixture, int num)
184 {
185 const unsigned char *test_iv = cts128_test_iv;
186 size_t test_iv_len = sizeof(cts128_test_iv);
187 const unsigned char *orig_vector = aes_cts128_vectors[num].data;
188 size_t len = aes_cts128_vectors[num].size;
189 const unsigned char *test_input = cts128_test_input;
190 const AES_KEY *encrypt_key_schedule = cts128_encrypt_key_schedule();
191 const AES_KEY *decrypt_key_schedule = cts128_decrypt_key_schedule();
192 unsigned char iv[16];
193 /* The largest test inputs are = 64 bytes. */
194 unsigned char cleartext[64], ciphertext[64], vector[64];
195 size_t tail, size;
196
197 TEST_info("%s_vector_%lu", fixture->case_name, (unsigned long)len);
198
199 tail = fixture->last_blocks_correction(orig_vector, vector, len);
200
201 /* test block-based encryption */
202 memcpy(iv, test_iv, test_iv_len);
203 if (!TEST_size_t_eq(fixture->encrypt_block(test_input, ciphertext, len,
204 encrypt_key_schedule, iv,
205 (block128_f)AES_encrypt), len)
206 || !TEST_mem_eq(ciphertext, len, vector, len)
207 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
208 return 0;
209
210 /* test block-based decryption */
211 memcpy(iv, test_iv, test_iv_len);
212 size = fixture->decrypt_block(ciphertext, cleartext, len,
213 decrypt_key_schedule, iv,
214 (block128_f)AES_decrypt);
215 if (!TEST_true(len == size || len + 16 == size)
216 || !TEST_mem_eq(cleartext, len, test_input, len)
217 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
218 return 0;
219
220 /* test streamed encryption */
221 memcpy(iv, test_iv, test_iv_len);
222 if (!TEST_size_t_eq(fixture->encrypt_stream(test_input, ciphertext, len,
223 encrypt_key_schedule, iv,
224 (cbc128_f) AES_cbc_encrypt),
225 len)
226 || !TEST_mem_eq(ciphertext, len, vector, len)
227 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
228 return 0;
229
230 /* test streamed decryption */
231 memcpy(iv, test_iv, test_iv_len);
232 if (!TEST_size_t_eq(fixture->decrypt_stream(ciphertext, cleartext, len,
233 decrypt_key_schedule, iv,
234 (cbc128_f)AES_cbc_encrypt),
235 len)
236 || !TEST_mem_eq(cleartext, len, test_input, len)
237 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
238 return 0;
239
240 return 1;
241 }
242
test_aes_cts128(int idx)243 static int test_aes_cts128(int idx)
244 {
245 static const CTS128_FIXTURE fixture_cts128 = {
246 "aes_cts128", last_blocks_correction,
247 CRYPTO_cts128_encrypt_block, CRYPTO_cts128_encrypt,
248 CRYPTO_cts128_decrypt_block, CRYPTO_cts128_decrypt
249 };
250
251 return execute_cts128(&fixture_cts128, idx);
252 }
253
test_aes_cts128_nist(int idx)254 static int test_aes_cts128_nist(int idx)
255 {
256 static const CTS128_FIXTURE fixture_cts128_nist = {
257 "aes_cts128_nist", last_blocks_correction_nist,
258 CRYPTO_nistcts128_encrypt_block, CRYPTO_nistcts128_encrypt,
259 CRYPTO_nistcts128_decrypt_block, CRYPTO_nistcts128_decrypt
260 };
261
262 return execute_cts128(&fixture_cts128_nist, idx);
263 }
264
265 /*
266 *
267 * Test of gcm128
268 *
269 */
270
271 /* Test Case 1 */
272 static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 };
273 static const u8 T1[] = {
274 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
275 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a
276 };
277
278 /* Test Case 2 */
279 # define K2 K1
280 # define A2 A1
281 # define IV2 IV1
282 static const u8 P2[16];
283 static const u8 C2[] = {
284 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
285 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78
286 };
287
288 static const u8 T2[] = {
289 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
290 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf
291 };
292
293 /* Test Case 3 */
294 # define A3 A2
295 static const u8 K3[] = {
296 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
297 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
298 };
299
300 static const u8 P3[] = {
301 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
302 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
303 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
304 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
305 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
306 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
307 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
308 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
309 };
310
311 static const u8 IV3[] = {
312 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
313 0xde, 0xca, 0xf8, 0x88
314 };
315
316 static const u8 C3[] = {
317 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
318 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
319 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
320 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
321 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
322 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
323 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
324 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85
325 };
326
327 static const u8 T3[] = {
328 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
329 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4
330 };
331
332 /* Test Case 4 */
333 # define K4 K3
334 # define IV4 IV3
335 static const u8 P4[] = {
336 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
337 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
338 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
339 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
340 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
341 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
342 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
343 0xba, 0x63, 0x7b, 0x39
344 };
345
346 static const u8 A4[] = {
347 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
348 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
349 0xab, 0xad, 0xda, 0xd2
350 };
351
352 static const u8 C4[] = {
353 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
354 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
355 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
356 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
357 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
358 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
359 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
360 0x3d, 0x58, 0xe0, 0x91
361 };
362
363 static const u8 T4[] = {
364 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
365 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47
366 };
367
368 /* Test Case 5 */
369 # define K5 K4
370 # define P5 P4
371 # define A5 A4
372 static const u8 IV5[] = {
373 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
374 };
375
376 static const u8 C5[] = {
377 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
378 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
379 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
380 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
381 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
382 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
383 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
384 0xc2, 0x3f, 0x45, 0x98
385 };
386
387 static const u8 T5[] = {
388 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
389 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb
390 };
391
392 /* Test Case 6 */
393 # define K6 K5
394 # define P6 P5
395 # define A6 A5
396 static const u8 IV6[] = {
397 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
398 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
399 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
400 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
401 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
402 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
403 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
404 0xa6, 0x37, 0xb3, 0x9b
405 };
406
407 static const u8 C6[] = {
408 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
409 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
410 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
411 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
412 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
413 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
414 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
415 0x4c, 0x34, 0xae, 0xe5
416 };
417
418 static const u8 T6[] = {
419 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
420 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50
421 };
422
423 /* Test Case 7 */
424 static const u8 K7[24], P7[] = { 0 }, A7[] = { 0 }, IV7[12], C7[] = { 0 };
425 static const u8 T7[] = {
426 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
427 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35
428 };
429
430 /* Test Case 8 */
431 # define K8 K7
432 # define IV8 IV7
433 # define A8 A7
434 static const u8 P8[16];
435 static const u8 C8[] = {
436 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
437 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00
438 };
439
440 static const u8 T8[] = {
441 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
442 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb
443 };
444
445 /* Test Case 9 */
446 # define A9 A8
447 static const u8 K9[] = {
448 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
449 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
450 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
451 };
452
453 static const u8 P9[] = {
454 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
455 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
456 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
457 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
458 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
459 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
460 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
461 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
462 };
463
464 static const u8 IV9[] = {
465 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
466 0xde, 0xca, 0xf8, 0x88
467 };
468
469 static const u8 C9[] = {
470 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
471 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
472 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
473 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
474 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
475 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
476 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
477 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56
478 };
479
480 static const u8 T9[] = {
481 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
482 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14
483 };
484
485 /* Test Case 10 */
486 # define K10 K9
487 # define IV10 IV9
488 static const u8 P10[] = {
489 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
490 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
491 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
492 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
493 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
494 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
495 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
496 0xba, 0x63, 0x7b, 0x39
497 };
498
499 static const u8 A10[] = {
500 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
501 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
502 0xab, 0xad, 0xda, 0xd2
503 };
504
505 static const u8 C10[] = {
506 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
507 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
508 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
509 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
510 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
511 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
512 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
513 0xcc, 0xda, 0x27, 0x10
514 };
515
516 static const u8 T10[] = {
517 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
518 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c
519 };
520
521 /* Test Case 11 */
522 # define K11 K10
523 # define P11 P10
524 # define A11 A10
525 static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
526
527 static const u8 C11[] = {
528 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
529 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
530 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
531 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
532 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
533 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
534 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
535 0xa0, 0xf0, 0x62, 0xf7
536 };
537
538 static const u8 T11[] = {
539 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
540 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8
541 };
542
543 /* Test Case 12 */
544 # define K12 K11
545 # define P12 P11
546 # define A12 A11
547 static const u8 IV12[] = {
548 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
549 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
550 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
551 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
552 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
553 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
554 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
555 0xa6, 0x37, 0xb3, 0x9b
556 };
557
558 static const u8 C12[] = {
559 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
560 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
561 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
562 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
563 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
564 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
565 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
566 0xe9, 0xb7, 0x37, 0x3b
567 };
568
569 static const u8 T12[] = {
570 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
571 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
572 };
573
574 /* Test Case 13 */
575 static const u8 K13[32], P13[] = { 0 }, A13[] = { 0 }, IV13[12], C13[] = { 0 };
576 static const u8 T13[] = {
577 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
578 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b
579 };
580
581 /* Test Case 14 */
582 # define K14 K13
583 # define A14 A13
584 static const u8 P14[16], IV14[12];
585 static const u8 C14[] = {
586 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
587 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18
588 };
589
590 static const u8 T14[] = {
591 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
592 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19
593 };
594
595 /* Test Case 15 */
596 # define A15 A14
597 static const u8 K15[] = {
598 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
599 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
600 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
601 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
602 };
603
604 static const u8 P15[] = {
605 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
606 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
607 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
608 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
609 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
610 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
611 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
612 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
613 };
614
615 static const u8 IV15[] = {
616 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
617 0xde, 0xca, 0xf8, 0x88
618 };
619
620 static const u8 C15[] = {
621 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
622 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
623 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
624 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
625 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
626 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
627 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
628 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
629 };
630
631 static const u8 T15[] = {
632 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
633 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c
634 };
635
636 /* Test Case 16 */
637 # define K16 K15
638 # define IV16 IV15
639 static const u8 P16[] = {
640 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
641 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
642 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
643 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
644 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
645 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
646 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
647 0xba, 0x63, 0x7b, 0x39
648 };
649
650 static const u8 A16[] = {
651 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
652 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
653 0xab, 0xad, 0xda, 0xd2
654 };
655
656 static const u8 C16[] = {
657 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
658 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
659 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
660 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
661 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
662 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
663 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
664 0xbc, 0xc9, 0xf6, 0x62
665 };
666
667 static const u8 T16[] = {
668 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
669 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
670 };
671
672 /* Test Case 17 */
673 # define K17 K16
674 # define P17 P16
675 # define A17 A16
676 static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
677
678 static const u8 C17[] = {
679 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
680 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
681 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
682 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
683 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
684 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
685 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
686 0xf4, 0x7c, 0x9b, 0x1f
687 };
688
689 static const u8 T17[] = {
690 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
691 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2
692 };
693
694 /* Test Case 18 */
695 # define K18 K17
696 # define P18 P17
697 # define A18 A17
698 static const u8 IV18[] = {
699 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
700 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
701 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
702 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
703 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
704 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
705 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
706 0xa6, 0x37, 0xb3, 0x9b
707 };
708
709 static const u8 C18[] = {
710 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
711 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
712 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
713 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
714 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
715 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
716 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
717 0x44, 0xae, 0x7e, 0x3f
718 };
719
720 static const u8 T18[] = {
721 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
722 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a
723 };
724
725 /* Test Case 19 */
726 # define K19 K1
727 # define P19 P1
728 # define IV19 IV1
729 # define C19 C1
730 static const u8 A19[] = {
731 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
732 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
733 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
734 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
735 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
736 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
737 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
738 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
739 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
740 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
741 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
742 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
743 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
744 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
745 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
746 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
747 };
748
749 static const u8 T19[] = {
750 0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d,
751 0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92
752 };
753
754 /* Test Case 20 */
755 # define K20 K1
756 # define A20 A1
757 /* this results in 0xff in counter LSB */
758 static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff };
759
760 static const u8 P20[288];
761 static const u8 C20[] = {
762 0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a,
763 0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14,
764 0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce,
765 0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f,
766 0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70,
767 0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18,
768 0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf,
769 0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49,
770 0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab,
771 0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c,
772 0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c,
773 0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29,
774 0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1,
775 0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76,
776 0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2,
777 0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce,
778 0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f,
779 0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86,
780 0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb,
781 0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18,
782 0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65,
783 0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42,
784 0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b,
785 0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06,
786 0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24,
787 0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c,
788 0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4,
789 0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64,
790 0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03,
791 0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6,
792 0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90,
793 0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74,
794 0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67,
795 0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46,
796 0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78,
797 0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c
798 };
799
800 static const u8 T20[] = {
801 0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a,
802 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f
803 };
804
805 #define GCM128_TEST_VECTOR(n) \
806 { \
807 {sizeof(K##n), K##n}, \
808 {sizeof(IV##n), IV##n}, \
809 {sizeof(A##n), A##n}, \
810 {sizeof(P##n), P##n}, \
811 {sizeof(C##n), C##n}, \
812 {sizeof(T##n), T##n} \
813 }
814 static struct gcm128_data {
815 const SIZED_DATA K;
816 const SIZED_DATA IV;
817 const SIZED_DATA A;
818 const SIZED_DATA P;
819 const SIZED_DATA C;
820 const SIZED_DATA T;
821 } gcm128_vectors[] = {
822 GCM128_TEST_VECTOR(1),
823 GCM128_TEST_VECTOR(2),
824 GCM128_TEST_VECTOR(3),
825 GCM128_TEST_VECTOR(4),
826 GCM128_TEST_VECTOR(5),
827 GCM128_TEST_VECTOR(6),
828 GCM128_TEST_VECTOR(7),
829 GCM128_TEST_VECTOR(8),
830 GCM128_TEST_VECTOR(9),
831 GCM128_TEST_VECTOR(10),
832 GCM128_TEST_VECTOR(11),
833 GCM128_TEST_VECTOR(12),
834 GCM128_TEST_VECTOR(13),
835 GCM128_TEST_VECTOR(14),
836 GCM128_TEST_VECTOR(15),
837 GCM128_TEST_VECTOR(16),
838 GCM128_TEST_VECTOR(17),
839 GCM128_TEST_VECTOR(18),
840 GCM128_TEST_VECTOR(19),
841 GCM128_TEST_VECTOR(20)
842 };
843
test_gcm128(int idx)844 static int test_gcm128(int idx)
845 {
846 unsigned char out[512];
847 SIZED_DATA K = gcm128_vectors[idx].K;
848 SIZED_DATA IV = gcm128_vectors[idx].IV;
849 SIZED_DATA A = gcm128_vectors[idx].A;
850 SIZED_DATA P = gcm128_vectors[idx].P;
851 SIZED_DATA C = gcm128_vectors[idx].C;
852 SIZED_DATA T = gcm128_vectors[idx].T;
853 GCM128_CONTEXT ctx;
854 AES_KEY key;
855
856 /* Size 1 inputs are special-cased to signal NULL. */
857 if (A.size == 1)
858 A.data = NULL;
859 if (P.size == 1)
860 P.data = NULL;
861 if (C.size == 1)
862 C.data = NULL;
863
864 AES_set_encrypt_key(K.data, K.size * 8, &key);
865
866 CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt);
867 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
868 memset(out, 0, P.size);
869 if (A.data != NULL)
870 CRYPTO_gcm128_aad(&ctx, A.data, A.size);
871 if (P.data != NULL)
872 if (!TEST_int_ge(CRYPTO_gcm128_encrypt( &ctx, P.data, out, P.size), 0))
873 return 0;
874 if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
875 || (C.data != NULL
876 && !TEST_mem_eq(out, P.size, C.data, P.size)))
877 return 0;
878
879 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
880 memset(out, 0, P.size);
881 if (A.data != NULL)
882 CRYPTO_gcm128_aad(&ctx, A.data, A.size);
883 if (C.data != NULL)
884 CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size);
885 if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
886 || (P.data != NULL
887 && !TEST_mem_eq(out, P.size, P.data, P.size)))
888 return 0;
889
890 return 1;
891 }
892
setup_tests(void)893 int setup_tests(void)
894 {
895 ADD_ALL_TESTS(test_aes_cts128, OSSL_NELEM(aes_cts128_vectors));
896 ADD_ALL_TESTS(test_aes_cts128_nist, OSSL_NELEM(aes_cts128_vectors));
897 ADD_ALL_TESTS(test_gcm128, OSSL_NELEM(gcm128_vectors));
898 return 1;
899 }
900