1 /*
2 * Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the License); you may
5 * not use this file except in compliance with the License.
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 */
9
10
11 #include <stdio.h>
12 #include <string.h>
13 #include <stdlib.h>
14 #include <gmssl/zuc.h>
15
16
bswap_buf(uint32_t * buf,size_t nwords)17 static void bswap_buf(uint32_t *buf, size_t nwords)
18 {
19 size_t i;
20 for (i = 0; i < nwords; i++) {
21 uint32_t a = buf[i];
22 buf[i] = (a >> 24) | ((a >> 8) & 0xff00) |
23 ((a << 8) & 0xff0000) | (a << 24);
24 }
25 }
26
zuc_test(void)27 int zuc_test(void)
28 {
29 int err = 0;
30 int i;
31
32 unsigned char key[][16] = {
33 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
34 {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
35 {0x3d,0x4c,0x4b,0xe9,0x6a,0x82,0xfd,0xae,0xb5,0x8f,0x64,0x1d,0xb1,0x7b,0x45,0x5b},
36 };
37 unsigned char iv[][16] = {
38 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
39 {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
40 {0x84,0x31,0x9a,0xa8,0xde,0x69,0x15,0xca,0x1f,0x6b,0xda,0x6b,0xfb,0xd8,0xc7,0x66},
41 };
42 uint32_t ciphertext[][2] = {
43 {0x27bede74, 0x018082da},
44 {0x0657cfa0, 0x7096398b},
45 {0x14f1c272, 0x3279c419},
46 };
47
48 for (i = 0; i < 3; i++) {
49 ZUC_STATE zuc = {{0}};
50 uint32_t buf[3] = {0};
51 zuc_init(&zuc, key[i], iv[i]);
52 zuc_generate_keystream(&zuc, 2, buf);
53 if (buf[0] != ciphertext[i][0] || buf[1] != ciphertext[i][1]) {
54 fprintf(stderr, "error generating ZUC key stream on test vector %d\n", i);
55 err++;
56 } else {
57 fprintf(stderr, "zuc test %d ok\n", i);
58 }
59 }
60
61 return err;
62 }
63
64 /* test vector from GM/T 0001.2-2012 */
zuc_eea_test(void)65 static int zuc_eea_test(void)
66 {
67 int err = 0;
68 unsigned char key[][16] = {
69 {0x17, 0x3d, 0x14, 0xba, 0x50, 0x03, 0x73, 0x1d,
70 0x7a, 0x60, 0x04, 0x94, 0x70, 0xf0, 0x0a, 0x29},
71 {0xe5, 0xbd, 0x3e, 0xa0, 0xeb, 0x55, 0xad, 0xe8,
72 0x66, 0xc6, 0xac, 0x58, 0xbd, 0x54, 0x30, 0x2a},
73 {0xe1, 0x3f, 0xed, 0x21, 0xb4, 0x6e, 0x4e, 0x7e,
74 0xc3, 0x12, 0x53, 0xb2, 0xbb, 0x17, 0xb3, 0xe0},
75 };
76 ZUC_UINT32 count[] = {0x66035492, 0x56823, 0x2738cdaa};
77 ZUC_UINT5 bearer[] = {0x0f, 0x18, 0x1a};
78 ZUC_BIT direction[] = {0, 1, 0};
79 ZUC_UINT32 ibs0[] = {
80 0x6cf65340, 0x735552ab, 0x0c9752fa, 0x6f9025fe,
81 0x0bd675d9, 0x005875b2, 0x00000000,
82 };
83 ZUC_UINT32 ibs1[] = {
84 0x14a8ef69, 0x3d678507, 0xbbe7270a, 0x7f67ff50,
85 0x06c3525b, 0x9807e467, 0xc4e56000, 0xba338f5d,
86 0x42955903, 0x67518222, 0x46c80d3b, 0x38f07f4b,
87 0xe2d8ff58, 0x05f51322, 0x29bde93b, 0xbbdcaf38,
88 0x2bf1ee97, 0x2fbf9977, 0xbada8945, 0x847a2a6c,
89 0x9ad34a66, 0x7554e04d, 0x1f7fa2c3, 0x3241bd8f,
90 0x01ba220d,
91 };
92 ZUC_UINT32 ibs2[] = {
93 0x8d74e20d, 0x54894e06, 0xd3cb13cb, 0x3933065e,
94 0x8674be62, 0xadb1c72b, 0x3a646965, 0xab63cb7b,
95 0x7854dfdc, 0x27e84929, 0xf49c64b8, 0x72a490b1,
96 0x3f957b64, 0x827e71f4, 0x1fbd4269, 0xa42c97f8,
97 0x24537027, 0xf86e9f4a, 0xd82d1df4, 0x51690fdd,
98 0x98b6d03f, 0x3a0ebe3a, 0x312d6b84, 0x0ba5a182,
99 0x0b2a2c97, 0x09c090d2, 0x45ed267c, 0xf845ae41,
100 0xfa975d33, 0x33ac3009, 0xfd40eba9, 0xeb5b8857,
101 0x14b768b6, 0x97138baf, 0x21380eca, 0x49f644d4,
102 0x8689e421, 0x5760b906, 0x739f0d2b, 0x3f091133,
103 0xca15d981, 0xcbe401ba, 0xf72d05ac, 0xe05cccb2,
104 0xd297f4ef, 0x6a5f58d9, 0x1246cfa7, 0x7215b892,
105 0xab441d52, 0x78452795, 0xccb7f5d7, 0x9057a1c4,
106 0xf77f80d4, 0x6db2033c, 0xb79bedf8, 0xe60551ce,
107 0x10c667f6, 0x2a97abaf, 0xabbcd677, 0x2018df96,
108 0xa282ea73, 0x7ce2cb33, 0x1211f60d, 0x5354ce78,
109 0xf9918d9c, 0x206ca042, 0xc9b62387, 0xdd709604,
110 0xa50af16d, 0x8d35a890, 0x6be484cf, 0x2e74a928,
111 0x99403643, 0x53249b27, 0xb4c9ae29, 0xeddfc7da,
112 0x6418791a, 0x4e7baa06, 0x60fa6451, 0x1f2d685c,
113 0xc3a5ff70, 0xe0d2b742, 0x92e3b8a0, 0xcd6b04b1,
114 0xc790b8ea, 0xd2703708, 0x540dea2f, 0xc09c3da7,
115 0x70f65449, 0xc84d817a, 0x4f551055, 0xe19ab850,
116 0x18a0028b, 0x71a144d9, 0x6791e9a3, 0x57793350,
117 0x4eee0060, 0x340c69d2, 0x74e1bf9d, 0x805dcbcc,
118 0x1a6faa97, 0x6800b6ff, 0x2b671dc4, 0x63652fa8,
119 0xa33ee509, 0x74c1c21b, 0xe01eabb2, 0x16743026,
120 0x9d72ee51, 0x1c9dde30, 0x797c9a25, 0xd86ce74f,
121 0x5b961be5, 0xfdfb6807, 0x814039e7, 0x137636bd,
122 0x1d7fa9e0, 0x9efd2007, 0x505906a5, 0xac45dfde,
123 0xed7757bb, 0xee745749, 0xc2963335, 0x0bee0ea6,
124 0xf409df45, 0x80160000,
125 };
126 ZUC_UINT32 obs0[] = {
127 0xa6c85fc6, 0x6afb8533, 0xaafc2518, 0xdfe78494,
128 0x0ee1e4b0, 0x30238cc8, 0x00000000,
129 };
130 ZUC_UINT32 obs1[] = {
131 0x131d43e0, 0xdea1be5c, 0x5a1bfd97, 0x1d852cbf,
132 0x712d7b4f, 0x57961fea, 0x3208afa8, 0xbca433f4,
133 0x56ad09c7, 0x417e58bc, 0x69cf8866, 0xd1353f74,
134 0x865e8078, 0x1d202dfb, 0x3ecff7fc, 0xbc3b190f,
135 0xe82a204e, 0xd0e350fc, 0x0f6f2613, 0xb2f2bca6,
136 0xdf5a473a, 0x57a4a00d, 0x985ebad8, 0x80d6f238,
137 0x64a07b01,
138 };
139 ZUC_UINT32 obs2[] = {
140 0x94eaa4aa, 0x30a57137, 0xddf09b97, 0xb25618a2,
141 0x0a13e2f1, 0x0fa5bf81, 0x61a879cc, 0x2ae797a6,
142 0xb4cf2d9d, 0xf31debb9, 0x905ccfec, 0x97de605d,
143 0x21c61ab8, 0x531b7f3c, 0x9da5f039, 0x31f8a064,
144 0x2de48211, 0xf5f52ffe, 0xa10f392a, 0x04766998,
145 0x5da454a2, 0x8f080961, 0xa6c2b62d, 0xaa17f33c,
146 0xd60a4971, 0xf48d2d90, 0x9394a55f, 0x48117ace,
147 0x43d708e6, 0xb77d3dc4, 0x6d8bc017, 0xd4d1abb7,
148 0x7b7428c0, 0x42b06f2f, 0x99d8d07c, 0x9879d996,
149 0x00127a31, 0x985f1099, 0xbbd7d6c1, 0x519ede8f,
150 0x5eeb4a61, 0x0b349ac0, 0x1ea23506, 0x91756bd1,
151 0x05c974a5, 0x3eddb35d, 0x1d4100b0, 0x12e522ab,
152 0x41f4c5f2, 0xfde76b59, 0xcb8b96d8, 0x85cfe408,
153 0x0d1328a0, 0xd636cc0e, 0xdc05800b, 0x76acca8f,
154 0xef672084, 0xd1f52a8b, 0xbd8e0993, 0x320992c7,
155 0xffbae17c, 0x408441e0, 0xee883fc8, 0xa8b05e22,
156 0xf5ff7f8d, 0x1b48c74c, 0x468c467a, 0x028f09fd,
157 0x7ce91109, 0xa570a2d5, 0xc4d5f4fa, 0x18c5dd3e,
158 0x4562afe2, 0x4ef77190, 0x1f59af64, 0x5898acef,
159 0x088abae0, 0x7e92d52e, 0xb2de5504, 0x5bb1b7c4,
160 0x164ef2d7, 0xa6cac15e, 0xeb926d7e, 0xa2f08b66,
161 0xe1f759f3, 0xaee44614, 0x725aa3c7, 0x482b3084,
162 0x4c143ff8, 0x7b53f1e5, 0x83c50125, 0x7dddd096,
163 0xb81268da, 0xa303f172, 0x34c23335, 0x41f0bb8e,
164 0x190648c5, 0x807c866d, 0x71932286, 0x09adb948,
165 0x686f7de2, 0x94a802cc, 0x38f7fe52, 0x08f5ea31,
166 0x96d0167b, 0x9bdd02f0, 0xd2a5221c, 0xa508f893,
167 0xaf5c4b4b, 0xb9f4f520, 0xfd84289b, 0x3dbe7e61,
168 0x497a7e2a, 0x584037ea, 0x637b6981, 0x127174af,
169 0x57b471df, 0x4b2768fd, 0x79c1540f, 0xb3edf2ea,
170 0x22cb69be, 0xc0cf8d93, 0x3d9c6fdd, 0x645e8505,
171 0x91cca3d6, 0x2c0cc000,
172 };
173 ZUC_UINT32 *ibs[] = {ibs0, ibs1, ibs2};
174 ZUC_UINT32 *obs[] = {obs0, obs1, obs2};
175 size_t bits[] = {0xc1, 0x320, 0xfb3};
176 ZUC_UINT32 buf[sizeof(obs2)/4];
177 size_t i;
178
179 for (i = 0; i < sizeof(key)/sizeof(key[i]); i++) {
180 zuc_eea_encrypt(ibs[i], buf, bits[i], key[i], count[i], bearer[i], direction[i]);
181 if (memcmp(buf, obs[i], (bits[i] + 31)/32) != 0) {
182 printf("zuc eea test %zu failed\n", i);
183 err++;
184 } else {
185 printf("zuc eea test %zu ok\n", i);
186 }
187 }
188
189 return err;
190 }
191
192 /* test vector from GM/T 0001.3-2012 */
zuc_eia_test(void)193 static int zuc_eia_test(void)
194 {
195 int err = 0;
196 unsigned char key[][16] = {
197 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
198 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
199 {0xc9, 0xe6, 0xce, 0xc4, 0x60, 0x7c, 0x72, 0xdb,
200 0x00, 0x0a, 0xef, 0xa8, 0x83, 0x85, 0xab, 0x0a},
201 {0x6b, 0x8b, 0x08, 0xee, 0x79, 0xe0, 0xb5, 0x98,
202 0x2d, 0x6d, 0x12, 0x8e, 0xa9, 0xf2, 0x20, 0xcb},
203 };
204 ZUC_UINT32 count[] = {0, 0xa94059daU, 0x561eb2ddU};
205 ZUC_UINT5 bearer[] = {0, 0x0a, 0x1c};
206 ZUC_BIT direction[] = {0, 1, 0};
207 ZUC_UINT32 mesg0[] = {0};
208 ZUC_UINT32 mesg1[] = {
209 0x983b41d4, 0x7d780c9e, 0x1ad11d7e, 0xb70391b1,
210 0xde0b35da, 0x2dc62f83, 0xe7b78d63, 0x06ca0ea0,
211 0x7e941b7b, 0xe91348f9, 0xfcb170e2, 0x217fecd9,
212 0x7f9f68ad, 0xb16e5d7d, 0x21e569d2, 0x80ed775c,
213 0xebde3f40, 0x93c53881, 0x00000000,
214 };
215 ZUC_UINT32 mesg2[] = {
216 0x5bad7247, 0x10ba1c56, 0xd5a315f8, 0xd40f6e09,
217 0x3780be8e, 0x8de07b69, 0x92432018, 0xe08ed96a,
218 0x5734af8b, 0xad8a575d, 0x3a1f162f, 0x85045cc7,
219 0x70925571, 0xd9f5b94e, 0x454a77c1, 0x6e72936b,
220 0xf016ae15, 0x7499f054, 0x3b5d52ca, 0xa6dbeab6,
221 0x97d2bb73, 0xe41b8075, 0xdce79b4b, 0x86044f66,
222 0x1d4485a5, 0x43dd7860, 0x6e0419e8, 0x059859d3,
223 0xcb2b67ce, 0x0977603f, 0x81ff839e, 0x33185954,
224 0x4cfbc8d0, 0x0fef1a4c, 0x8510fb54, 0x7d6b06c6,
225 0x11ef44f1, 0xbce107cf, 0xa45a06aa, 0xb360152b,
226 0x28dc1ebe, 0x6f7fe09b, 0x0516f9a5, 0xb02a1bd8,
227 0x4bb0181e, 0x2e89e19b, 0xd8125930, 0xd178682f,
228 0x3862dc51, 0xb636f04e, 0x720c47c3, 0xce51ad70,
229 0xd94b9b22, 0x55fbae90, 0x6549f499, 0xf8c6d399,
230 0x47ed5e5d, 0xf8e2def1, 0x13253e7b, 0x08d0a76b,
231 0x6bfc68c8, 0x12f375c7, 0x9b8fe5fd, 0x85976aa6,
232 0xd46b4a23, 0x39d8ae51, 0x47f680fb, 0xe70f978b,
233 0x38effd7b, 0x2f7866a2, 0x2554e193, 0xa94e98a6,
234 0x8b74bd25, 0xbb2b3f5f, 0xb0a5fd59, 0x887f9ab6,
235 0x8159b717, 0x8d5b7b67, 0x7cb546bf, 0x41eadca2,
236 0x16fc1085, 0x0128f8bd, 0xef5c8d89, 0xf96afa4f,
237 0xa8b54885, 0x565ed838, 0xa950fee5, 0xf1c3b0a4,
238 0xf6fb71e5, 0x4dfd169e, 0x82cecc72, 0x66c850e6,
239 0x7c5ef0ba, 0x960f5214, 0x060e71eb, 0x172a75fc,
240 0x1486835c, 0xbea65344, 0x65b055c9, 0x6a72e410,
241 0x52241823, 0x25d83041, 0x4b40214d, 0xaa8091d2,
242 0xe0fb010a, 0xe15c6de9, 0x0850973b, 0xdf1e423b,
243 0xe148a237, 0xb87a0c9f, 0x34d4b476, 0x05b803d7,
244 0x43a86a90, 0x399a4af3, 0x96d3a120, 0x0a62f3d9,
245 0x507962e8, 0xe5bee6d3, 0xda2bb3f7, 0x237664ac,
246 0x7a292823, 0x900bc635, 0x03b29e80, 0xd63f6067,
247 0xbf8e1716, 0xac25beba, 0x350deb62, 0xa99fe031,
248 0x85eb4f69, 0x937ecd38, 0x7941fda5, 0x44ba67db,
249 0x09117749, 0x38b01827, 0xbcc69c92, 0xb3f772a9,
250 0xd2859ef0, 0x03398b1f, 0x6bbad7b5, 0x74f7989a,
251 0x1d10b2df, 0x798e0dbf, 0x30d65874, 0x64d24878,
252 0xcd00c0ea, 0xee8a1a0c, 0xc753a279, 0x79e11b41,
253 0xdb1de3d5, 0x038afaf4, 0x9f5c682c, 0x3748d8a3,
254 0xa9ec54e6, 0xa371275f, 0x1683510f, 0x8e4f9093,
255 0x8f9ab6e1, 0x34c2cfdf, 0x4841cba8, 0x8e0cff2b,
256 0x0bcc8e6a, 0xdcb71109, 0xb5198fec, 0xf1bb7e5c,
257 0x531aca50, 0xa56a8a3b, 0x6de59862, 0xd41fa113,
258 0xd9cd9578, 0x08f08571, 0xd9a4bb79, 0x2af271f6,
259 0xcc6dbb8d, 0xc7ec36e3, 0x6be1ed30, 0x8164c31c,
260 0x7c0afc54, 0x1c000000,
261 };
262 ZUC_UINT32 *mesg[] = {mesg0, mesg1, mesg2};
263 size_t bits[] = {1, 0x241, 0x1626};
264 ZUC_UINT32 mac[] = {0xc8a9595eU, 0xfae8ff0bU, 0x0ca12792U};
265 size_t i;
266
267 bswap_buf(mesg0, sizeof(mesg0)/sizeof(mesg0[0]));
268 bswap_buf(mesg1, sizeof(mesg1)/sizeof(mesg1[0]));
269 bswap_buf(mesg2, sizeof(mesg2)/sizeof(mesg2[0]));
270
271 for (i = 0; i < sizeof(key)/sizeof(key[0]); i++) {
272 ZUC_UINT32 T;
273 T = zuc_eia_generate_mac(mesg[i], bits[i], key[i],
274 count[i], bearer[i], direction[i]);
275 if (T != mac[i]) {
276 printf("zuc eia test %zu failed\n", i);
277 err++;
278 } else {
279 printf("zuc eia test %zu ok\n", i);
280 }
281 }
282
283 return err;
284 }
285
286 /* from ZUC256 draft */
zuc256_test(void)287 int zuc256_test(void)
288 {
289 int err = 0;
290 int i;
291
292 unsigned char key[][32] = {
293 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
294 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
295 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
296 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
297 {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
298 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
299 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
300 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff}
301 };
302 unsigned char iv[][23] = {
303 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
304 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
305 0x00,0x00,0x00,0x00,0x00,0x00,0x00},
306 {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
307 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
308 0xff,0xff,0xff,0xff,0xff,0xff,0xff},
309 };
310 uint32_t ciphertext[][20] = {
311 {0x58d03ad6,0x2e032ce2,0xdafc683a,0x39bdcb03,0x52a2bc67,
312 0xf1b7de74,0x163ce3a1,0x01ef5558,0x9639d75b,0x95fa681b,
313 0x7f090df7,0x56391ccc,0x903b7612,0x744d544c,0x17bc3fad,
314 0x8b163b08,0x21787c0b,0x97775bb8,0x4943c6bb,0xe8ad8afd},
315 {0x3356cbae,0xd1a1c18b,0x6baa4ffe,0x343f777c,0x9e15128f,
316 0x251ab65b,0x949f7b26,0xef7157f2,0x96dd2fa9,0xdf95e3ee,
317 0x7a5be02e,0xc32ba585,0x505af316,0xc2f9ded2,0x7cdbd935,
318 0xe441ce11,0x15fd0a80,0xbb7aef67,0x68989416,0xb8fac8c2}
319 };
320
321 for (i = 0; i < sizeof(key)/sizeof(key[0]); i++) {
322 ZUC_STATE zuc_key;
323 uint32_t buf[20] = {0};
324
325 zuc256_init(&zuc_key, key[i], iv[i]);
326 zuc_generate_keystream(&zuc_key, 20, buf);
327
328 if (memcmp(buf, ciphertext[i], 20) != 0) {
329 printf("zuc256 test %d failed\n", i);
330 err++;
331 } else {
332 printf("zuc256 test %d ok\n", i);
333 }
334 }
335
336 return err;
337 }
338
zuc256_mac_test(void)339 int zuc256_mac_test(void)
340 {
341 int err = 0;
342 unsigned char key[][32] = {
343 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
344 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
345 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
346 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
347 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
348 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
349 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
350 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
351 {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
352 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
353 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
354 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
355 {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
356 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
357 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
358 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff}
359 };
360 unsigned char iv[][23] = {
361 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
362 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
363 0x00,0x00,0x00,0x00,0x00,0x00,0x00},
364 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
365 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
366 0x00,0x00,0x00,0x00,0x00,0x00,0x00},
367 {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
368 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
369 0xff,0xff,0xff,0xff,0xff,0xff,0xff},
370 {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
371 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
372 0xff,0xff,0xff,0xff,0xff,0xff,0xff},
373 };
374 unsigned char msg[][50] = {
375 /* 400 zero bits */
376 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
377 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
378 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
379 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
380 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
381 /* 4000 bits */
382 {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
383 0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
384 0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
385 0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
386 0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
387 /* 400 zero bits */
388 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
389 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
390 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
391 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
392 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
393 /* 4000 bits */
394 {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
395 0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
396 0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
397 0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
398 0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
399 };
400 unsigned int msg_num[] = {
401 1,
402 10,
403 1,
404 10
405 };
406 unsigned int tag32[][1] = {
407 {0x9b972a74},
408 {0x8754f5cf},
409 {0x1f3079b4},
410 {0x5c7c8b88},
411 };
412 unsigned int tag64[][2] = {
413 {0x673e5499,0x0034d38c},
414 {0x130dc225,0xe72240cc},
415 {0x8c71394d,0x39957725},
416 {0xea1dee54,0x4bb6223b},
417 };
418 unsigned int tag128[][4] = {
419 {0xd85e54bb,0xcb960096,0x7084c952,0xa1654b26},
420 {0xdf1e8307,0xb31cc62b,0xeca1ac6f,0x8190c22f},
421 {0xa35bb274,0xb567c48b,0x28319f11,0x1af34fbd},
422 {0x3a83b554,0xbe408ca5,0x494124ed,0x9d473205},
423 };
424 int i, j;
425
426 bswap_buf((uint32_t *)tag32, sizeof(tag32)/4);
427 bswap_buf((uint32_t *)tag64, sizeof(tag64)/4);
428 bswap_buf((uint32_t *)tag128, sizeof(tag128)/4);
429
430 for (i = 0; i < 4; i++) {
431 ZUC256_MAC_CTX ctx;
432 unsigned char mac[16];
433
434 zuc256_mac_init(&ctx, key[i], iv[i], 32);
435 for (j = 0; j < msg_num[i]; j++) {
436 zuc256_mac_update(&ctx, msg[i], 50);
437 }
438 zuc256_mac_finish(&ctx, NULL, 0, mac);
439 if (memcmp(mac, tag32[i], 4) != 0) {
440 printf("zuc256 mac test %d 32-bit failed\n", i);
441 err++;
442 } else {
443 printf("zuc256 mac test %d 32-bit ok\n", i);
444 }
445
446 zuc256_mac_init(&ctx, key[i], iv[i], 64);
447 for (j = 0; j < msg_num[i]; j++) {
448 zuc256_mac_update(&ctx, msg[i], 50);
449 }
450 zuc256_mac_finish(&ctx, NULL, 0, mac);
451 if (memcmp(mac, tag64[i], 8) != 0) {
452 printf("zuc256 mac test %d 64-bit failed\n", i);
453 err++;
454 } else {
455 printf("zuc256 mac test %d 64-bit ok\n", i);
456 }
457
458 zuc256_mac_init(&ctx, key[i], iv[i], 128);
459 for (j = 0; j < msg_num[i]; j++) {
460 zuc256_mac_update(&ctx, msg[i], 50);
461 }
462 zuc256_mac_finish(&ctx, NULL, 0, mac);
463 if (memcmp(mac, tag128[i], 16) != 0) {
464 printf("zuc256 mac test %d 128-bit failed\n", i);
465 err++;
466 } else {
467 printf("zuc256 mac test %d 128-bit ok\n", i);
468 }
469 }
470
471 return err;
472 }
473
main(void)474 int main(void)
475 {
476 int err = 0;
477 err += zuc_test();
478 err += zuc_eea_test();
479 err += zuc_eia_test();
480 err += zuc256_test();
481 err += zuc256_mac_test();
482 return err;
483 }
484