1 /* 2 * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* Internal tests for the modes module */ 11 12 /* 13 * This file uses the low level AES functions (which are deprecated for 14 * non-internal use) in order to test the modes code 15 */ 16 #include "internal/deprecated.h" 17 18 #include <stdio.h> 19 #include <string.h> 20 21 #include <openssl/aes.h> 22 #include <openssl/modes.h> 23 #include "testutil.h" 24 #include "crypto/modes.h" 25 #include "internal/nelem.h" 26 27 typedef struct { 28 size_t size; 29 const unsigned char *data; 30 } SIZED_DATA; 31 32 /********************************************************************** 33 * 34 * Test of cts128 35 * 36 ***/ 37 38 /* cts128 test vectors from RFC 3962 */ 39 static const unsigned char cts128_test_key[16] = "chicken teriyaki"; 40 static const unsigned char cts128_test_input[64] = "I would like the" 41 " General Gau's C" 42 "hicken, please, " 43 "and wonton soup."; 44 static const unsigned char cts128_test_iv[] = { 45 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 46 }; 47 48 static const unsigned char vector_17[17] = { 49 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, 50 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f, 51 0x97 52 }; 53 54 static const unsigned char vector_31[31] = { 55 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, 56 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22, 57 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 58 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 59 }; 60 61 static const unsigned char vector_32[32] = { 62 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 63 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, 64 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 65 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 66 }; 67 68 static const unsigned char vector_47[47] = { 69 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 70 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 71 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, 72 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e, 73 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 74 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 75 }; 76 77 static const unsigned char vector_48[48] = { 78 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 79 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 80 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 81 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8, 82 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 83 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 84 }; 85 86 static const unsigned char vector_64[64] = { 87 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 88 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 89 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 90 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, 91 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, 92 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40, 93 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 94 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 95 }; 96 97 #define CTS128_TEST_VECTOR(len) \ 98 { \ 99 sizeof(vector_##len), vector_##len \ 100 } 101 static const SIZED_DATA aes_cts128_vectors[] = { 102 CTS128_TEST_VECTOR(17), 103 CTS128_TEST_VECTOR(31), 104 CTS128_TEST_VECTOR(32), 105 CTS128_TEST_VECTOR(47), 106 CTS128_TEST_VECTOR(48), 107 CTS128_TEST_VECTOR(64), 108 }; 109 110 static AES_KEY *cts128_encrypt_key_schedule(void) 111 { 112 static int init_key = 1; 113 static AES_KEY ks; 114 115 if (init_key) { 116 AES_set_encrypt_key(cts128_test_key, 128, &ks); 117 init_key = 0; 118 } 119 return &ks; 120 } 121 122 static AES_KEY *cts128_decrypt_key_schedule(void) 123 { 124 static int init_key = 1; 125 static AES_KEY ks; 126 127 if (init_key) { 128 AES_set_decrypt_key(cts128_test_key, 128, &ks); 129 init_key = 0; 130 } 131 return &ks; 132 } 133 134 typedef struct { 135 const char *case_name; 136 size_t (*last_blocks_correction)(const unsigned char *in, 137 unsigned char *out, size_t len); 138 size_t (*encrypt_block)(const unsigned char *in, 139 unsigned char *out, size_t len, 140 const void *key, unsigned char ivec[16], 141 block128_f block); 142 size_t (*encrypt_stream)(const unsigned char *in, unsigned char *out, 143 size_t len, const void *key, 144 unsigned char ivec[16], cbc128_f cbc); 145 size_t (*decrypt_block)(const unsigned char *in, 146 unsigned char *out, size_t len, 147 const void *key, unsigned char ivec[16], 148 block128_f block); 149 size_t (*decrypt_stream)(const unsigned char *in, unsigned char *out, 150 size_t len, const void *key, 151 unsigned char ivec[16], cbc128_f cbc); 152 } CTS128_FIXTURE; 153 154 static size_t last_blocks_correction(const unsigned char *in, 155 unsigned char *out, size_t len) 156 { 157 size_t tail; 158 159 memcpy(out, in, len); 160 if ((tail = len % 16) == 0) 161 tail = 16; 162 tail += 16; 163 164 return tail; 165 } 166 167 static size_t last_blocks_correction_nist(const unsigned char *in, 168 unsigned char *out, size_t len) 169 { 170 size_t tail; 171 172 if ((tail = len % 16) == 0) 173 tail = 16; 174 len -= 16 + tail; 175 memcpy(out, in, len); 176 /* flip two last blocks */ 177 memcpy(out + len, in + len + 16, tail); 178 memcpy(out + len + tail, in + len, 16); 179 len += 16 + tail; 180 tail = 16; 181 182 return tail; 183 } 184 185 static int execute_cts128(const CTS128_FIXTURE *fixture, int num) 186 { 187 const unsigned char *test_iv = cts128_test_iv; 188 size_t test_iv_len = sizeof(cts128_test_iv); 189 const unsigned char *orig_vector = aes_cts128_vectors[num].data; 190 size_t len = aes_cts128_vectors[num].size; 191 const unsigned char *test_input = cts128_test_input; 192 const AES_KEY *encrypt_key_schedule = cts128_encrypt_key_schedule(); 193 const AES_KEY *decrypt_key_schedule = cts128_decrypt_key_schedule(); 194 unsigned char iv[16]; 195 /* The largest test inputs are = 64 bytes. */ 196 unsigned char cleartext[64], ciphertext[64], vector[64]; 197 size_t tail, size; 198 199 TEST_info("%s_vector_%lu", fixture->case_name, (unsigned long)len); 200 201 tail = fixture->last_blocks_correction(orig_vector, vector, len); 202 203 /* test block-based encryption */ 204 memcpy(iv, test_iv, test_iv_len); 205 if (!TEST_size_t_eq(fixture->encrypt_block(test_input, ciphertext, len, 206 encrypt_key_schedule, iv, 207 (block128_f)AES_encrypt), 208 len) 209 || !TEST_mem_eq(ciphertext, len, vector, len) 210 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) 211 return 0; 212 213 /* test block-based decryption */ 214 memcpy(iv, test_iv, test_iv_len); 215 size = fixture->decrypt_block(ciphertext, cleartext, len, 216 decrypt_key_schedule, iv, 217 (block128_f)AES_decrypt); 218 if (!TEST_true(len == size || len + 16 == size) 219 || !TEST_mem_eq(cleartext, len, test_input, len) 220 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) 221 return 0; 222 223 /* test streamed encryption */ 224 memcpy(iv, test_iv, test_iv_len); 225 if (!TEST_size_t_eq(fixture->encrypt_stream(test_input, ciphertext, len, 226 encrypt_key_schedule, iv, 227 (cbc128_f)AES_cbc_encrypt), 228 len) 229 || !TEST_mem_eq(ciphertext, len, vector, len) 230 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) 231 return 0; 232 233 /* test streamed decryption */ 234 memcpy(iv, test_iv, test_iv_len); 235 if (!TEST_size_t_eq(fixture->decrypt_stream(ciphertext, cleartext, len, 236 decrypt_key_schedule, iv, 237 (cbc128_f)AES_cbc_encrypt), 238 len) 239 || !TEST_mem_eq(cleartext, len, test_input, len) 240 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) 241 return 0; 242 243 return 1; 244 } 245 246 static int test_aes_cts128(int idx) 247 { 248 static const CTS128_FIXTURE fixture_cts128 = { 249 "aes_cts128", last_blocks_correction, 250 CRYPTO_cts128_encrypt_block, CRYPTO_cts128_encrypt, 251 CRYPTO_cts128_decrypt_block, CRYPTO_cts128_decrypt 252 }; 253 254 return execute_cts128(&fixture_cts128, idx); 255 } 256 257 static int test_aes_cts128_nist(int idx) 258 { 259 static const CTS128_FIXTURE fixture_cts128_nist = { 260 "aes_cts128_nist", last_blocks_correction_nist, 261 CRYPTO_nistcts128_encrypt_block, CRYPTO_nistcts128_encrypt, 262 CRYPTO_nistcts128_decrypt_block, CRYPTO_nistcts128_decrypt 263 }; 264 265 return execute_cts128(&fixture_cts128_nist, idx); 266 } 267 268 /* 269 * 270 * Test of gcm128 271 * 272 */ 273 274 /* Test Case 1 */ 275 static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 }; 276 static const u8 T1[] = { 277 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, 278 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a 279 }; 280 281 /* Test Case 2 */ 282 #define K2 K1 283 #define A2 A1 284 #define IV2 IV1 285 static const u8 P2[16]; 286 static const u8 C2[] = { 287 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, 288 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 289 }; 290 291 static const u8 T2[] = { 292 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd, 293 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf 294 }; 295 296 /* Test Case 3 */ 297 #define A3 A2 298 static const u8 K3[] = { 299 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 300 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 301 }; 302 303 static const u8 P3[] = { 304 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 305 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 306 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 307 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 308 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 309 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 310 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 311 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 312 }; 313 314 static const u8 IV3[] = { 315 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 316 0xde, 0xca, 0xf8, 0x88 317 }; 318 319 static const u8 C3[] = { 320 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, 321 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, 322 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, 323 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, 324 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 325 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, 326 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 327 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 328 }; 329 330 static const u8 T3[] = { 331 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6, 332 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 333 }; 334 335 /* Test Case 4 */ 336 #define K4 K3 337 #define IV4 IV3 338 static const u8 P4[] = { 339 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 340 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 341 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 342 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 343 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 344 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 345 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 346 0xba, 0x63, 0x7b, 0x39 347 }; 348 349 static const u8 A4[] = { 350 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 351 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 352 0xab, 0xad, 0xda, 0xd2 353 }; 354 355 static const u8 C4[] = { 356 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, 357 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, 358 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, 359 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, 360 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 361 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, 362 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 363 0x3d, 0x58, 0xe0, 0x91 364 }; 365 366 static const u8 T4[] = { 367 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, 368 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 369 }; 370 371 /* Test Case 5 */ 372 #define K5 K4 373 #define P5 P4 374 #define A5 A4 375 static const u8 IV5[] = { 376 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad 377 }; 378 379 static const u8 C5[] = { 380 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a, 381 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55, 382 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8, 383 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23, 384 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2, 385 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42, 386 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07, 387 0xc2, 0x3f, 0x45, 0x98 388 }; 389 390 static const u8 T5[] = { 391 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85, 392 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb 393 }; 394 395 /* Test Case 6 */ 396 #define K6 K5 397 #define P6 P5 398 #define A6 A5 399 static const u8 IV6[] = { 400 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, 401 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, 402 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, 403 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, 404 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, 405 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, 406 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, 407 0xa6, 0x37, 0xb3, 0x9b 408 }; 409 410 static const u8 C6[] = { 411 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6, 412 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94, 413 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8, 414 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7, 415 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90, 416 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f, 417 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03, 418 0x4c, 0x34, 0xae, 0xe5 419 }; 420 421 static const u8 T6[] = { 422 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa, 423 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50 424 }; 425 426 /* Test Case 7 */ 427 static const u8 K7[24], P7[] = { 0 }, A7[] = { 0 }, IV7[12], C7[] = { 0 }; 428 static const u8 T7[] = { 429 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b, 430 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 431 }; 432 433 /* Test Case 8 */ 434 #define K8 K7 435 #define IV8 IV7 436 #define A8 A7 437 static const u8 P8[16]; 438 static const u8 C8[] = { 439 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41, 440 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 441 }; 442 443 static const u8 T8[] = { 444 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab, 445 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb 446 }; 447 448 /* Test Case 9 */ 449 #define A9 A8 450 static const u8 K9[] = { 451 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 452 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 453 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c 454 }; 455 456 static const u8 P9[] = { 457 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 458 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 459 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 460 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 461 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 462 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 463 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 464 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 465 }; 466 467 static const u8 IV9[] = { 468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 469 0xde, 0xca, 0xf8, 0x88 470 }; 471 472 static const u8 C9[] = { 473 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, 474 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, 475 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, 476 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, 477 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, 478 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, 479 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, 480 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 481 }; 482 483 static const u8 T9[] = { 484 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf, 485 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 486 }; 487 488 /* Test Case 10 */ 489 #define K10 K9 490 #define IV10 IV9 491 static const u8 P10[] = { 492 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 493 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 494 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 495 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 496 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 497 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 498 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 499 0xba, 0x63, 0x7b, 0x39 500 }; 501 502 static const u8 A10[] = { 503 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 504 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 505 0xab, 0xad, 0xda, 0xd2 506 }; 507 508 static const u8 C10[] = { 509 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, 510 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, 511 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, 512 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, 513 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, 514 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, 515 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, 516 0xcc, 0xda, 0x27, 0x10 517 }; 518 519 static const u8 T10[] = { 520 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f, 521 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c 522 }; 523 524 /* Test Case 11 */ 525 #define K11 K10 526 #define P11 P10 527 #define A11 A10 528 static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad }; 529 530 static const u8 C11[] = { 531 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54, 532 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8, 533 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f, 534 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57, 535 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75, 536 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9, 537 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f, 538 0xa0, 0xf0, 0x62, 0xf7 539 }; 540 541 static const u8 T11[] = { 542 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24, 543 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8 544 }; 545 546 /* Test Case 12 */ 547 #define K12 K11 548 #define P12 P11 549 #define A12 A11 550 static const u8 IV12[] = { 551 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, 552 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, 553 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, 554 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, 555 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, 556 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, 557 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, 558 0xa6, 0x37, 0xb3, 0x9b 559 }; 560 561 static const u8 C12[] = { 562 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c, 563 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff, 564 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef, 565 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45, 566 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9, 567 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3, 568 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7, 569 0xe9, 0xb7, 0x37, 0x3b 570 }; 571 572 static const u8 T12[] = { 573 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb, 574 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 575 }; 576 577 /* Test Case 13 */ 578 static const u8 K13[32], P13[] = { 0 }, A13[] = { 0 }, IV13[12], C13[] = { 0 }; 579 static const u8 T13[] = { 580 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9, 581 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b 582 }; 583 584 /* Test Case 14 */ 585 #define K14 K13 586 #define A14 A13 587 static const u8 P14[16], IV14[12]; 588 static const u8 C14[] = { 589 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 590 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 591 }; 592 593 static const u8 T14[] = { 594 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 595 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 596 }; 597 598 /* Test Case 15 */ 599 #define A15 A14 600 static const u8 K15[] = { 601 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 602 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 603 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 604 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 605 }; 606 607 static const u8 P15[] = { 608 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 609 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 610 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 611 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 612 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 613 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 614 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 615 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 616 }; 617 618 static const u8 IV15[] = { 619 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 620 0xde, 0xca, 0xf8, 0x88 621 }; 622 623 static const u8 C15[] = { 624 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 625 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, 626 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, 627 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 628 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, 629 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 630 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 631 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad 632 }; 633 634 static const u8 T15[] = { 635 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd, 636 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c 637 }; 638 639 /* Test Case 16 */ 640 #define K16 K15 641 #define IV16 IV15 642 static const u8 P16[] = { 643 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 644 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 645 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 646 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 647 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 648 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 649 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 650 0xba, 0x63, 0x7b, 0x39 651 }; 652 653 static const u8 A16[] = { 654 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 655 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 656 0xab, 0xad, 0xda, 0xd2 657 }; 658 659 static const u8 C16[] = { 660 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 661 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, 662 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, 663 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 664 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, 665 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 666 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 667 0xbc, 0xc9, 0xf6, 0x62 668 }; 669 670 static const u8 T16[] = { 671 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 672 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b 673 }; 674 675 /* Test Case 17 */ 676 #define K17 K16 677 #define P17 P16 678 #define A17 A16 679 static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad }; 680 681 static const u8 C17[] = { 682 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 683 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb, 684 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, 685 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 686 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0, 687 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, 688 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 689 0xf4, 0x7c, 0x9b, 0x1f 690 }; 691 692 static const u8 T17[] = { 693 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 694 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2 695 }; 696 697 /* Test Case 18 */ 698 #define K18 K17 699 #define P18 P17 700 #define A18 A17 701 static const u8 IV18[] = { 702 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, 703 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, 704 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, 705 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, 706 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, 707 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, 708 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, 709 0xa6, 0x37, 0xb3, 0x9b 710 }; 711 712 static const u8 C18[] = { 713 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1, 714 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20, 715 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19, 716 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4, 717 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45, 718 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde, 719 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e, 720 0x44, 0xae, 0x7e, 0x3f 721 }; 722 723 static const u8 T18[] = { 724 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0, 725 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a 726 }; 727 728 /* Test Case 19 */ 729 #define K19 K1 730 #define P19 P1 731 #define IV19 IV1 732 #define C19 C1 733 static const u8 A19[] = { 734 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 735 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 736 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 737 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 738 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 739 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 740 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 741 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55, 742 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 743 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, 744 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, 745 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 746 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, 747 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 748 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 749 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad 750 }; 751 752 static const u8 T19[] = { 753 0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d, 754 0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92 755 }; 756 757 /* Test Case 20 */ 758 #define K20 K1 759 #define A20 A1 760 /* this results in 0xff in counter LSB */ 761 static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff }; 762 763 static const u8 P20[288]; 764 static const u8 C20[] = { 765 0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a, 766 0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14, 767 0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce, 768 0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f, 769 0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70, 770 0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18, 771 0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf, 772 0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49, 773 0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab, 774 0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c, 775 0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c, 776 0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29, 777 0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1, 778 0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76, 779 0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2, 780 0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce, 781 0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f, 782 0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86, 783 0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb, 784 0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18, 785 0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65, 786 0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42, 787 0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b, 788 0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06, 789 0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24, 790 0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c, 791 0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4, 792 0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64, 793 0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03, 794 0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6, 795 0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90, 796 0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74, 797 0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67, 798 0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46, 799 0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78, 800 0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c 801 }; 802 803 static const u8 T20[] = { 804 0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a, 805 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f 806 }; 807 808 #define GCM128_TEST_VECTOR(n) \ 809 { \ 810 { sizeof(K##n), K##n }, \ 811 { sizeof(IV##n), IV##n }, \ 812 { sizeof(A##n), A##n }, \ 813 { sizeof(P##n), P##n }, \ 814 { sizeof(C##n), C##n }, \ 815 { \ 816 sizeof(T##n), T##n \ 817 } \ 818 } 819 static struct gcm128_data { 820 const SIZED_DATA K; 821 const SIZED_DATA IV; 822 const SIZED_DATA A; 823 const SIZED_DATA P; 824 const SIZED_DATA C; 825 const SIZED_DATA T; 826 } gcm128_vectors[] = { 827 GCM128_TEST_VECTOR(1), 828 GCM128_TEST_VECTOR(2), 829 GCM128_TEST_VECTOR(3), 830 GCM128_TEST_VECTOR(4), 831 GCM128_TEST_VECTOR(5), 832 GCM128_TEST_VECTOR(6), 833 GCM128_TEST_VECTOR(7), 834 GCM128_TEST_VECTOR(8), 835 GCM128_TEST_VECTOR(9), 836 GCM128_TEST_VECTOR(10), 837 GCM128_TEST_VECTOR(11), 838 GCM128_TEST_VECTOR(12), 839 GCM128_TEST_VECTOR(13), 840 GCM128_TEST_VECTOR(14), 841 GCM128_TEST_VECTOR(15), 842 GCM128_TEST_VECTOR(16), 843 GCM128_TEST_VECTOR(17), 844 GCM128_TEST_VECTOR(18), 845 GCM128_TEST_VECTOR(19), 846 GCM128_TEST_VECTOR(20) 847 }; 848 849 static int test_gcm128(int idx) 850 { 851 unsigned char out[512]; 852 SIZED_DATA K = gcm128_vectors[idx].K; 853 SIZED_DATA IV = gcm128_vectors[idx].IV; 854 SIZED_DATA A = gcm128_vectors[idx].A; 855 SIZED_DATA P = gcm128_vectors[idx].P; 856 SIZED_DATA C = gcm128_vectors[idx].C; 857 SIZED_DATA T = gcm128_vectors[idx].T; 858 GCM128_CONTEXT ctx; 859 AES_KEY key; 860 861 /* Size 1 inputs are special-cased to signal NULL. */ 862 if (A.size == 1) 863 A.data = NULL; 864 if (P.size == 1) 865 P.data = NULL; 866 if (C.size == 1) 867 C.data = NULL; 868 869 AES_set_encrypt_key(K.data, K.size * 8, &key); 870 871 CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt); 872 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size); 873 memset(out, 0, P.size); 874 if (A.data != NULL) 875 CRYPTO_gcm128_aad(&ctx, A.data, A.size); 876 if (P.data != NULL) 877 if (!TEST_int_ge(CRYPTO_gcm128_encrypt(&ctx, P.data, out, P.size), 0)) 878 return 0; 879 if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16)) 880 || (C.data != NULL 881 && !TEST_mem_eq(out, P.size, C.data, P.size))) 882 return 0; 883 884 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size); 885 memset(out, 0, P.size); 886 if (A.data != NULL) 887 CRYPTO_gcm128_aad(&ctx, A.data, A.size); 888 if (C.data != NULL) 889 CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size); 890 if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16)) 891 || (P.data != NULL 892 && !TEST_mem_eq(out, P.size, P.data, P.size))) 893 return 0; 894 895 return 1; 896 } 897 898 int setup_tests(void) 899 { 900 ADD_ALL_TESTS(test_aes_cts128, OSSL_NELEM(aes_cts128_vectors)); 901 ADD_ALL_TESTS(test_aes_cts128_nist, OSSL_NELEM(aes_cts128_vectors)); 902 ADD_ALL_TESTS(test_gcm128, OSSL_NELEM(gcm128_vectors)); 903 return 1; 904 } 905