1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
10 */
11
12 /**
13 @file gcm_test.c
14 GCM implementation, testing, by Tom St Denis
15 */
16 #include "tomcrypt.h"
17
18 #ifdef GCM_MODE
19
20 /**
21 Test the GCM code
22 @return CRYPT_OK on success
23 */
gcm_test(void)24 int gcm_test(void)
25 {
26 #ifndef LTC_TEST
27 return CRYPT_NOP;
28 #else
29 static const struct {
30 unsigned char K[32];
31 int keylen;
32 unsigned char P[128];
33 unsigned long ptlen;
34 unsigned char A[128];
35 unsigned long alen;
36 unsigned char IV[128];
37 unsigned long IVlen;
38 unsigned char C[128];
39 unsigned char T[16];
40 } tests[] = {
41
42 /* test case #1 */
43 {
44 /* key */
45 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
46 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
47 16,
48
49 /* plaintext */
50 { 0 },
51 0,
52
53 /* AAD data */
54 { 0 },
55 0,
56
57 /* IV */
58 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
59 0x00, 0x00, 0x00, 0x00 },
60 12,
61
62 /* ciphertext */
63 { 0 },
64
65 /* tag */
66 { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
67 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a }
68 },
69
70 /* test case #2 */
71 {
72 /* key */
73 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
74 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
75 16,
76
77 /* PT */
78 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
79 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
80 16,
81
82 /* ADATA */
83 { 0 },
84 0,
85
86 /* IV */
87 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
88 0x00, 0x00, 0x00, 0x00 },
89 12,
90
91 /* CT */
92 { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
93 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 },
94
95 /* TAG */
96 { 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
97 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf }
98 },
99
100 /* test case #3 */
101 {
102 /* key */
103 { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
104 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
105 16,
106
107 /* PT */
108 { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
109 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
110 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
111 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
112 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
113 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
114 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
115 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55, },
116 64,
117
118 /* ADATA */
119 { 0 },
120 0,
121
122 /* IV */
123 { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
124 0xde, 0xca, 0xf8, 0x88, },
125 12,
126
127 /* CT */
128 { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
129 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
130 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
131 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
132 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
133 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
134 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
135 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85, },
136
137 /* TAG */
138 { 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
139 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4, }
140 },
141
142 /* test case #4 */
143 {
144 /* key */
145 { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
146 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
147 16,
148
149 /* PT */
150 { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
151 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
152 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
153 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
154 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
155 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
156 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
157 0xba, 0x63, 0x7b, 0x39, },
158 60,
159
160 /* ADATA */
161 { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
162 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
163 0xab, 0xad, 0xda, 0xd2, },
164 20,
165
166 /* IV */
167 { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
168 0xde, 0xca, 0xf8, 0x88, },
169 12,
170
171 /* CT */
172 { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
173 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
174 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
175 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
176 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
177 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
178 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
179 0x3d, 0x58, 0xe0, 0x91, },
180
181 /* TAG */
182 { 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
183 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47, }
184
185 },
186
187 /* test case #5 */
188 {
189 /* key */
190 { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
191 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
192 16,
193
194 /* PT */
195 { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
196 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
197 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
198 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
199 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
200 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
201 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
202 0xba, 0x63, 0x7b, 0x39, },
203 60,
204
205 /* ADATA */
206 { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
207 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
208 0xab, 0xad, 0xda, 0xd2, },
209 20,
210
211 /* IV */
212 { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, },
213 8,
214
215 /* CT */
216 { 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
217 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
218 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
219 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
220 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
221 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
222 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
223 0xc2, 0x3f, 0x45, 0x98, },
224
225 /* TAG */
226 { 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
227 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb, }
228 },
229
230 /* test case #6 */
231 {
232 /* key */
233 { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
234 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
235 16,
236
237 /* PT */
238 { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
239 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
240 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
241 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
242 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
243 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
244 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
245 0xba, 0x63, 0x7b, 0x39, },
246 60,
247
248 /* ADATA */
249 { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
250 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
251 0xab, 0xad, 0xda, 0xd2, },
252 20,
253
254 /* IV */
255 { 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
256 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
257 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
258 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
259 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
260 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
261 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
262 0xa6, 0x37, 0xb3, 0x9b, },
263 60,
264
265 /* CT */
266 { 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
267 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
268 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
269 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
270 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
271 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
272 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
273 0x4c, 0x34, 0xae, 0xe5, },
274
275 /* TAG */
276 { 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
277 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50, }
278 },
279
280 /* test case #46 from BG (catches the LTC bug of v1.15) */
281 {
282 /* key */
283 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
284 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
285 16,
286
287 /* PT */
288 { 0xa2, 0xaa, 0xb3, 0xad, 0x8b, 0x17, 0xac, 0xdd,
289 0xa2, 0x88, 0x42, 0x6c, 0xd7, 0xc4, 0x29, 0xb7,
290 0xca, 0x86, 0xb7, 0xac, 0xa0, 0x58, 0x09, 0xc7,
291 0x0c, 0xe8, 0x2d, 0xb2, 0x57, 0x11, 0xcb, 0x53,
292 0x02, 0xeb, 0x27, 0x43, 0xb0, 0x36, 0xf3, 0xd7,
293 0x50, 0xd6, 0xcf, 0x0d, 0xc0, 0xac, 0xb9, 0x29,
294 0x50, 0xd5, 0x46, 0xdb, 0x30, 0x8f, 0x93, 0xb4,
295 0xff, 0x24, 0x4a, 0xfa, 0x9d, 0xc7, 0x2b, 0xcd,
296 0x75, 0x8d, 0x2c },
297 67,
298
299 /* ADATA */
300 { 0x68, 0x8e, 0x1a, 0xa9, 0x84, 0xde, 0x92, 0x6d,
301 0xc7, 0xb4, 0xc4, 0x7f, 0x44 },
302 13,
303
304 /* IV */
305 { 0xb7, 0x21, 0x38, 0xb5, 0xa0, 0x5f, 0xf5, 0x07,
306 0x0e, 0x8c, 0xd9, 0x41, 0x83, 0xf7, 0x61, 0xd8 },
307 16,
308
309 /* CT */
310 { 0xcb, 0xc8, 0xd2, 0xf1, 0x54, 0x81, 0xa4, 0xcc,
311 0x7d, 0xd1, 0xe1, 0x9a, 0xaa, 0x83, 0xde, 0x56,
312 0x78, 0x48, 0x3e, 0xc3, 0x59, 0xae, 0x7d, 0xec,
313 0x2a, 0xb8, 0xd5, 0x34, 0xe0, 0x90, 0x6f, 0x4b,
314 0x46, 0x63, 0xfa, 0xff, 0x58, 0xa8, 0xb2, 0xd7,
315 0x33, 0xb8, 0x45, 0xee, 0xf7, 0xc9, 0xb3, 0x31,
316 0xe9, 0xe1, 0x0e, 0xb2, 0x61, 0x2c, 0x99, 0x5f,
317 0xeb, 0x1a, 0xc1, 0x5a, 0x62, 0x86, 0xcc, 0xe8,
318 0xb2, 0x97, 0xa8 },
319
320 /* TAG */
321 { 0x8d, 0x2d, 0x2a, 0x93, 0x72, 0x62, 0x6f, 0x6b,
322 0xee, 0x85, 0x80, 0x27, 0x6a, 0x63, 0x66, 0xbf }
323 }
324
325 /* rest of test cases are the same except AES key size changes... ignored... */
326 };
327 int idx, err;
328 unsigned long x, y;
329 unsigned char out[2][128], T[2][16];
330
331 /* find aes */
332 idx = find_cipher("aes");
333 if (idx == -1) {
334 idx = find_cipher("rijndael");
335 if (idx == -1) {
336 return CRYPT_NOP;
337 }
338 }
339
340 for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
341 y = sizeof(T[0]);
342 if ((err = gcm_memory(idx, tests[x].K, tests[x].keylen,
343 tests[x].IV, tests[x].IVlen,
344 tests[x].A, tests[x].alen,
345 (unsigned char*)tests[x].P, tests[x].ptlen,
346 out[0], T[0], &y, GCM_ENCRYPT)) != CRYPT_OK) {
347 return err;
348 }
349
350 if (XMEMCMP(out[0], tests[x].C, tests[x].ptlen)) {
351 #if 0
352 printf("\nCiphertext wrong %lu\n", x);
353 for (y = 0; y < tests[x].ptlen; y++) {
354 printf("%02x", out[0][y] & 255);
355 }
356 printf("\n");
357 #endif
358 return CRYPT_FAIL_TESTVECTOR;
359 }
360
361 if (XMEMCMP(T[0], tests[x].T, 16)) {
362 #if 0
363 printf("\nTag on plaintext wrong %lu\n", x);
364 for (y = 0; y < 16; y++) {
365 printf("%02x", T[0][y] & 255);
366 }
367 printf("\n");
368 #endif
369 return CRYPT_FAIL_TESTVECTOR;
370 }
371
372 y = sizeof(T[1]);
373 if ((err = gcm_memory(idx, tests[x].K, tests[x].keylen,
374 tests[x].IV, tests[x].IVlen,
375 tests[x].A, tests[x].alen,
376 out[1], tests[x].ptlen,
377 out[0], T[1], &y, GCM_DECRYPT)) != CRYPT_OK) {
378 return err;
379 }
380
381 if (XMEMCMP(out[1], tests[x].P, tests[x].ptlen)) {
382 #if 0
383 printf("\nplaintext wrong %lu\n", x);
384 for (y = 0; y < tests[x].ptlen; y++) {
385 printf("%02x", out[0][y] & 255);
386 }
387 printf("\n");
388 #endif
389 return CRYPT_FAIL_TESTVECTOR;
390 }
391
392 if (XMEMCMP(T[1], tests[x].T, 16)) {
393 #if 0
394 printf("\nTag on ciphertext wrong %lu\n", x);
395 for (y = 0; y < 16; y++) {
396 printf("%02x", T[1][y] & 255);
397 }
398 printf("\n");
399 #endif
400 return CRYPT_FAIL_TESTVECTOR;
401 }
402
403 }
404 return CRYPT_OK;
405 #endif
406 }
407
408 #endif
409
410
411 /* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_test.c,v $ */
412 /* $Revision: 1.20 $ */
413 /* $Date: 2006/12/03 17:25:44 $ */
414