1 /* 2 * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* Internal tests for the modes module */ 11 12 /* 13 * This file uses the low level AES functions (which are deprecated for 14 * non-internal use) in order to test the modes code 15 */ 16 #include "internal/deprecated.h" 17 18 #include <stdio.h> 19 #include <string.h> 20 21 #include <openssl/aes.h> 22 #include <openssl/modes.h> 23 #include "testutil.h" 24 #include "crypto/modes.h" 25 #include "internal/nelem.h" 26 27 typedef struct { 28 size_t size; 29 const unsigned char *data; 30 } SIZED_DATA; 31 32 /********************************************************************** 33 * 34 * Test of cts128 35 * 36 ***/ 37 38 /* cts128 test vectors from RFC 3962 */ 39 static const unsigned char cts128_test_key[16] = "chicken teriyaki"; 40 static const unsigned char cts128_test_input[64] = 41 "I would like the" " General Gau's C" 42 "hicken, please, " "and wonton soup."; 43 static const unsigned char cts128_test_iv[] = { 44 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 45 }; 46 47 static const unsigned char vector_17[17] = { 48 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, 49 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f, 50 0x97 51 }; 52 53 static const unsigned char vector_31[31] = { 54 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, 55 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22, 56 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 57 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 58 }; 59 60 static const unsigned char vector_32[32] = { 61 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 62 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, 63 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 64 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 65 }; 66 67 static const unsigned char vector_47[47] = { 68 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 69 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 70 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, 71 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e, 72 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 73 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 74 }; 75 76 static const unsigned char vector_48[48] = { 77 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 78 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 79 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 80 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8, 81 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 82 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 83 }; 84 85 static const unsigned char vector_64[64] = { 86 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 87 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 88 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 89 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, 90 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, 91 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40, 92 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 93 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 94 }; 95 96 #define CTS128_TEST_VECTOR(len) \ 97 { \ 98 sizeof(vector_##len), vector_##len \ 99 } 100 static const SIZED_DATA aes_cts128_vectors[] = { 101 CTS128_TEST_VECTOR(17), 102 CTS128_TEST_VECTOR(31), 103 CTS128_TEST_VECTOR(32), 104 CTS128_TEST_VECTOR(47), 105 CTS128_TEST_VECTOR(48), 106 CTS128_TEST_VECTOR(64), 107 }; 108 109 static AES_KEY *cts128_encrypt_key_schedule(void) 110 { 111 static int init_key = 1; 112 static AES_KEY ks; 113 114 if (init_key) { 115 AES_set_encrypt_key(cts128_test_key, 128, &ks); 116 init_key = 0; 117 } 118 return &ks; 119 } 120 121 static AES_KEY *cts128_decrypt_key_schedule(void) 122 { 123 static int init_key = 1; 124 static AES_KEY ks; 125 126 if (init_key) { 127 AES_set_decrypt_key(cts128_test_key, 128, &ks); 128 init_key = 0; 129 } 130 return &ks; 131 } 132 133 typedef struct { 134 const char *case_name; 135 size_t (*last_blocks_correction)(const unsigned char *in, 136 unsigned char *out, size_t len); 137 size_t (*encrypt_block)(const unsigned char *in, 138 unsigned char *out, size_t len, 139 const void *key, unsigned char ivec[16], 140 block128_f block); 141 size_t (*encrypt_stream)(const unsigned char *in, unsigned char *out, 142 size_t len, const void *key, 143 unsigned char ivec[16], cbc128_f cbc); 144 size_t (*decrypt_block)(const unsigned char *in, 145 unsigned char *out, size_t len, 146 const void *key, unsigned char ivec[16], 147 block128_f block); 148 size_t (*decrypt_stream)(const unsigned char *in, unsigned char *out, 149 size_t len, const void *key, 150 unsigned char ivec[16], cbc128_f cbc); 151 } CTS128_FIXTURE; 152 153 static size_t last_blocks_correction(const unsigned char *in, 154 unsigned char *out, size_t len) 155 { 156 size_t tail; 157 158 memcpy(out, in, len); 159 if ((tail = len % 16) == 0) 160 tail = 16; 161 tail += 16; 162 163 return tail; 164 } 165 166 static size_t last_blocks_correction_nist(const unsigned char *in, 167 unsigned char *out, size_t len) 168 { 169 size_t tail; 170 171 if ((tail = len % 16) == 0) 172 tail = 16; 173 len -= 16 + tail; 174 memcpy(out, in, len); 175 /* flip two last blocks */ 176 memcpy(out + len, in + len + 16, tail); 177 memcpy(out + len + tail, in + len, 16); 178 len += 16 + tail; 179 tail = 16; 180 181 return tail; 182 } 183 184 static int execute_cts128(const CTS128_FIXTURE *fixture, int num) 185 { 186 const unsigned char *test_iv = cts128_test_iv; 187 size_t test_iv_len = sizeof(cts128_test_iv); 188 const unsigned char *orig_vector = aes_cts128_vectors[num].data; 189 size_t len = aes_cts128_vectors[num].size; 190 const unsigned char *test_input = cts128_test_input; 191 const AES_KEY *encrypt_key_schedule = cts128_encrypt_key_schedule(); 192 const AES_KEY *decrypt_key_schedule = cts128_decrypt_key_schedule(); 193 unsigned char iv[16]; 194 /* The largest test inputs are = 64 bytes. */ 195 unsigned char cleartext[64], ciphertext[64], vector[64]; 196 size_t tail, size; 197 198 TEST_info("%s_vector_%lu", fixture->case_name, (unsigned long)len); 199 200 tail = fixture->last_blocks_correction(orig_vector, vector, len); 201 202 /* test block-based encryption */ 203 memcpy(iv, test_iv, test_iv_len); 204 if (!TEST_size_t_eq(fixture->encrypt_block(test_input, ciphertext, len, 205 encrypt_key_schedule, iv, 206 (block128_f)AES_encrypt), len) 207 || !TEST_mem_eq(ciphertext, len, vector, len) 208 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) 209 return 0; 210 211 /* test block-based decryption */ 212 memcpy(iv, test_iv, test_iv_len); 213 size = fixture->decrypt_block(ciphertext, cleartext, len, 214 decrypt_key_schedule, iv, 215 (block128_f)AES_decrypt); 216 if (!TEST_true(len == size || len + 16 == size) 217 || !TEST_mem_eq(cleartext, len, test_input, len) 218 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) 219 return 0; 220 221 /* test streamed encryption */ 222 memcpy(iv, test_iv, test_iv_len); 223 if (!TEST_size_t_eq(fixture->encrypt_stream(test_input, ciphertext, len, 224 encrypt_key_schedule, iv, 225 (cbc128_f) AES_cbc_encrypt), 226 len) 227 || !TEST_mem_eq(ciphertext, len, vector, len) 228 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) 229 return 0; 230 231 /* test streamed decryption */ 232 memcpy(iv, test_iv, test_iv_len); 233 if (!TEST_size_t_eq(fixture->decrypt_stream(ciphertext, cleartext, len, 234 decrypt_key_schedule, iv, 235 (cbc128_f)AES_cbc_encrypt), 236 len) 237 || !TEST_mem_eq(cleartext, len, test_input, len) 238 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) 239 return 0; 240 241 return 1; 242 } 243 244 static int test_aes_cts128(int idx) 245 { 246 static const CTS128_FIXTURE fixture_cts128 = { 247 "aes_cts128", last_blocks_correction, 248 CRYPTO_cts128_encrypt_block, CRYPTO_cts128_encrypt, 249 CRYPTO_cts128_decrypt_block, CRYPTO_cts128_decrypt 250 }; 251 252 return execute_cts128(&fixture_cts128, idx); 253 } 254 255 static int test_aes_cts128_nist(int idx) 256 { 257 static const CTS128_FIXTURE fixture_cts128_nist = { 258 "aes_cts128_nist", last_blocks_correction_nist, 259 CRYPTO_nistcts128_encrypt_block, CRYPTO_nistcts128_encrypt, 260 CRYPTO_nistcts128_decrypt_block, CRYPTO_nistcts128_decrypt 261 }; 262 263 return execute_cts128(&fixture_cts128_nist, idx); 264 } 265 266 /* 267 * 268 * Test of gcm128 269 * 270 */ 271 272 /* Test Case 1 */ 273 static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 }; 274 static const u8 T1[] = { 275 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, 276 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a 277 }; 278 279 /* Test Case 2 */ 280 # define K2 K1 281 # define A2 A1 282 # define IV2 IV1 283 static const u8 P2[16]; 284 static const u8 C2[] = { 285 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, 286 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 287 }; 288 289 static const u8 T2[] = { 290 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd, 291 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf 292 }; 293 294 /* Test Case 3 */ 295 # define A3 A2 296 static const u8 K3[] = { 297 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 298 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 299 }; 300 301 static const u8 P3[] = { 302 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 303 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 304 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 305 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 306 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 307 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 308 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 309 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 310 }; 311 312 static const u8 IV3[] = { 313 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 314 0xde, 0xca, 0xf8, 0x88 315 }; 316 317 static const u8 C3[] = { 318 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, 319 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, 320 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, 321 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, 322 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 323 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, 324 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 325 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 326 }; 327 328 static const u8 T3[] = { 329 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6, 330 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 331 }; 332 333 /* Test Case 4 */ 334 # define K4 K3 335 # define IV4 IV3 336 static const u8 P4[] = { 337 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 338 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 339 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 340 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 341 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 342 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 343 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 344 0xba, 0x63, 0x7b, 0x39 345 }; 346 347 static const u8 A4[] = { 348 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 349 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 350 0xab, 0xad, 0xda, 0xd2 351 }; 352 353 static const u8 C4[] = { 354 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, 355 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, 356 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, 357 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, 358 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 359 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, 360 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 361 0x3d, 0x58, 0xe0, 0x91 362 }; 363 364 static const u8 T4[] = { 365 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, 366 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 367 }; 368 369 /* Test Case 5 */ 370 # define K5 K4 371 # define P5 P4 372 # define A5 A4 373 static const u8 IV5[] = { 374 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad 375 }; 376 377 static const u8 C5[] = { 378 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a, 379 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55, 380 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8, 381 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23, 382 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2, 383 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42, 384 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07, 385 0xc2, 0x3f, 0x45, 0x98 386 }; 387 388 static const u8 T5[] = { 389 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85, 390 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb 391 }; 392 393 /* Test Case 6 */ 394 # define K6 K5 395 # define P6 P5 396 # define A6 A5 397 static const u8 IV6[] = { 398 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, 399 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, 400 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, 401 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, 402 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, 403 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, 404 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, 405 0xa6, 0x37, 0xb3, 0x9b 406 }; 407 408 static const u8 C6[] = { 409 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6, 410 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94, 411 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8, 412 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7, 413 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90, 414 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f, 415 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03, 416 0x4c, 0x34, 0xae, 0xe5 417 }; 418 419 static const u8 T6[] = { 420 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa, 421 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50 422 }; 423 424 /* Test Case 7 */ 425 static const u8 K7[24], P7[] = { 0 }, A7[] = { 0 }, IV7[12], C7[] = { 0 }; 426 static const u8 T7[] = { 427 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b, 428 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 429 }; 430 431 /* Test Case 8 */ 432 # define K8 K7 433 # define IV8 IV7 434 # define A8 A7 435 static const u8 P8[16]; 436 static const u8 C8[] = { 437 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41, 438 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 439 }; 440 441 static const u8 T8[] = { 442 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab, 443 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb 444 }; 445 446 /* Test Case 9 */ 447 # define A9 A8 448 static const u8 K9[] = { 449 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 450 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 451 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c 452 }; 453 454 static const u8 P9[] = { 455 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 456 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 457 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 458 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 459 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 460 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 461 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 462 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 463 }; 464 465 static const u8 IV9[] = { 466 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 467 0xde, 0xca, 0xf8, 0x88 468 }; 469 470 static const u8 C9[] = { 471 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, 472 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, 473 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, 474 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, 475 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, 476 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, 477 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, 478 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 479 }; 480 481 static const u8 T9[] = { 482 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf, 483 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 484 }; 485 486 /* Test Case 10 */ 487 # define K10 K9 488 # define IV10 IV9 489 static const u8 P10[] = { 490 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 491 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 492 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 493 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 494 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 495 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 496 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 497 0xba, 0x63, 0x7b, 0x39 498 }; 499 500 static const u8 A10[] = { 501 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 502 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 503 0xab, 0xad, 0xda, 0xd2 504 }; 505 506 static const u8 C10[] = { 507 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, 508 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, 509 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, 510 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, 511 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, 512 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, 513 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, 514 0xcc, 0xda, 0x27, 0x10 515 }; 516 517 static const u8 T10[] = { 518 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f, 519 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c 520 }; 521 522 /* Test Case 11 */ 523 # define K11 K10 524 # define P11 P10 525 # define A11 A10 526 static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad }; 527 528 static const u8 C11[] = { 529 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54, 530 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8, 531 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f, 532 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57, 533 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75, 534 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9, 535 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f, 536 0xa0, 0xf0, 0x62, 0xf7 537 }; 538 539 static const u8 T11[] = { 540 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24, 541 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8 542 }; 543 544 /* Test Case 12 */ 545 # define K12 K11 546 # define P12 P11 547 # define A12 A11 548 static const u8 IV12[] = { 549 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, 550 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, 551 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, 552 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, 553 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, 554 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, 555 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, 556 0xa6, 0x37, 0xb3, 0x9b 557 }; 558 559 static const u8 C12[] = { 560 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c, 561 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff, 562 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef, 563 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45, 564 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9, 565 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3, 566 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7, 567 0xe9, 0xb7, 0x37, 0x3b 568 }; 569 570 static const u8 T12[] = { 571 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb, 572 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 573 }; 574 575 /* Test Case 13 */ 576 static const u8 K13[32], P13[] = { 0 }, A13[] = { 0 }, IV13[12], C13[] = { 0 }; 577 static const u8 T13[] = { 578 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9, 579 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b 580 }; 581 582 /* Test Case 14 */ 583 # define K14 K13 584 # define A14 A13 585 static const u8 P14[16], IV14[12]; 586 static const u8 C14[] = { 587 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 588 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 589 }; 590 591 static const u8 T14[] = { 592 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 593 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 594 }; 595 596 /* Test Case 15 */ 597 # define A15 A14 598 static const u8 K15[] = { 599 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 600 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 601 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 602 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 603 }; 604 605 static const u8 P15[] = { 606 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 607 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 608 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 609 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 610 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 611 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 612 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 613 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 614 }; 615 616 static const u8 IV15[] = { 617 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 618 0xde, 0xca, 0xf8, 0x88 619 }; 620 621 static const u8 C15[] = { 622 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 623 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, 624 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, 625 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 626 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, 627 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 628 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 629 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad 630 }; 631 632 static const u8 T15[] = { 633 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd, 634 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c 635 }; 636 637 /* Test Case 16 */ 638 # define K16 K15 639 # define IV16 IV15 640 static const u8 P16[] = { 641 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 642 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 643 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 644 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 645 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 646 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 647 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 648 0xba, 0x63, 0x7b, 0x39 649 }; 650 651 static const u8 A16[] = { 652 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 653 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 654 0xab, 0xad, 0xda, 0xd2 655 }; 656 657 static const u8 C16[] = { 658 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 659 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, 660 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, 661 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 662 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, 663 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 664 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 665 0xbc, 0xc9, 0xf6, 0x62 666 }; 667 668 static const u8 T16[] = { 669 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 670 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b 671 }; 672 673 /* Test Case 17 */ 674 # define K17 K16 675 # define P17 P16 676 # define A17 A16 677 static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad }; 678 679 static const u8 C17[] = { 680 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 681 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb, 682 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, 683 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 684 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0, 685 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, 686 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 687 0xf4, 0x7c, 0x9b, 0x1f 688 }; 689 690 static const u8 T17[] = { 691 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 692 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2 693 }; 694 695 /* Test Case 18 */ 696 # define K18 K17 697 # define P18 P17 698 # define A18 A17 699 static const u8 IV18[] = { 700 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, 701 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, 702 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, 703 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, 704 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, 705 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, 706 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, 707 0xa6, 0x37, 0xb3, 0x9b 708 }; 709 710 static const u8 C18[] = { 711 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1, 712 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20, 713 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19, 714 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4, 715 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45, 716 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde, 717 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e, 718 0x44, 0xae, 0x7e, 0x3f 719 }; 720 721 static const u8 T18[] = { 722 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0, 723 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a 724 }; 725 726 /* Test Case 19 */ 727 # define K19 K1 728 # define P19 P1 729 # define IV19 IV1 730 # define C19 C1 731 static const u8 A19[] = { 732 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 733 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 734 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 735 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 736 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 737 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 738 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 739 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55, 740 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 741 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, 742 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, 743 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 744 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, 745 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 746 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 747 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad 748 }; 749 750 static const u8 T19[] = { 751 0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d, 752 0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92 753 }; 754 755 /* Test Case 20 */ 756 # define K20 K1 757 # define A20 A1 758 /* this results in 0xff in counter LSB */ 759 static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff }; 760 761 static const u8 P20[288]; 762 static const u8 C20[] = { 763 0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a, 764 0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14, 765 0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce, 766 0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f, 767 0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70, 768 0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18, 769 0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf, 770 0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49, 771 0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab, 772 0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c, 773 0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c, 774 0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29, 775 0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1, 776 0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76, 777 0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2, 778 0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce, 779 0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f, 780 0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86, 781 0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb, 782 0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18, 783 0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65, 784 0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42, 785 0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b, 786 0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06, 787 0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24, 788 0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c, 789 0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4, 790 0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64, 791 0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03, 792 0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6, 793 0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90, 794 0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74, 795 0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67, 796 0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46, 797 0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78, 798 0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c 799 }; 800 801 static const u8 T20[] = { 802 0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a, 803 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f 804 }; 805 806 #define GCM128_TEST_VECTOR(n) \ 807 { \ 808 {sizeof(K##n), K##n}, \ 809 {sizeof(IV##n), IV##n}, \ 810 {sizeof(A##n), A##n}, \ 811 {sizeof(P##n), P##n}, \ 812 {sizeof(C##n), C##n}, \ 813 {sizeof(T##n), T##n} \ 814 } 815 static struct gcm128_data { 816 const SIZED_DATA K; 817 const SIZED_DATA IV; 818 const SIZED_DATA A; 819 const SIZED_DATA P; 820 const SIZED_DATA C; 821 const SIZED_DATA T; 822 } gcm128_vectors[] = { 823 GCM128_TEST_VECTOR(1), 824 GCM128_TEST_VECTOR(2), 825 GCM128_TEST_VECTOR(3), 826 GCM128_TEST_VECTOR(4), 827 GCM128_TEST_VECTOR(5), 828 GCM128_TEST_VECTOR(6), 829 GCM128_TEST_VECTOR(7), 830 GCM128_TEST_VECTOR(8), 831 GCM128_TEST_VECTOR(9), 832 GCM128_TEST_VECTOR(10), 833 GCM128_TEST_VECTOR(11), 834 GCM128_TEST_VECTOR(12), 835 GCM128_TEST_VECTOR(13), 836 GCM128_TEST_VECTOR(14), 837 GCM128_TEST_VECTOR(15), 838 GCM128_TEST_VECTOR(16), 839 GCM128_TEST_VECTOR(17), 840 GCM128_TEST_VECTOR(18), 841 GCM128_TEST_VECTOR(19), 842 GCM128_TEST_VECTOR(20) 843 }; 844 845 static int test_gcm128(int idx) 846 { 847 unsigned char out[512]; 848 SIZED_DATA K = gcm128_vectors[idx].K; 849 SIZED_DATA IV = gcm128_vectors[idx].IV; 850 SIZED_DATA A = gcm128_vectors[idx].A; 851 SIZED_DATA P = gcm128_vectors[idx].P; 852 SIZED_DATA C = gcm128_vectors[idx].C; 853 SIZED_DATA T = gcm128_vectors[idx].T; 854 GCM128_CONTEXT ctx; 855 AES_KEY key; 856 857 /* Size 1 inputs are special-cased to signal NULL. */ 858 if (A.size == 1) 859 A.data = NULL; 860 if (P.size == 1) 861 P.data = NULL; 862 if (C.size == 1) 863 C.data = NULL; 864 865 AES_set_encrypt_key(K.data, K.size * 8, &key); 866 867 CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt); 868 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size); 869 memset(out, 0, P.size); 870 if (A.data != NULL) 871 CRYPTO_gcm128_aad(&ctx, A.data, A.size); 872 if (P.data != NULL) 873 if (!TEST_int_ge(CRYPTO_gcm128_encrypt(&ctx, P.data, out, P.size), 0)) 874 return 0; 875 if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16)) 876 || (C.data != NULL 877 && !TEST_mem_eq(out, P.size, C.data, P.size))) 878 return 0; 879 880 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size); 881 memset(out, 0, P.size); 882 if (A.data != NULL) 883 CRYPTO_gcm128_aad(&ctx, A.data, A.size); 884 if (C.data != NULL) 885 CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size); 886 if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16)) 887 || (P.data != NULL 888 && !TEST_mem_eq(out, P.size, P.data, P.size))) 889 return 0; 890 891 return 1; 892 } 893 894 int setup_tests(void) 895 { 896 ADD_ALL_TESTS(test_aes_cts128, OSSL_NELEM(aes_cts128_vectors)); 897 ADD_ALL_TESTS(test_aes_cts128_nist, OSSL_NELEM(aes_cts128_vectors)); 898 ADD_ALL_TESTS(test_gcm128, OSSL_NELEM(gcm128_vectors)); 899 return 1; 900 } 901