1 /*
2 * This file and its contents are supplied under the terms of the
3 * Common Development and Distribution License ("CDDL"), version 1.0.
4 * You may only use this file in accordance with the terms of version
5 * 1.0 of the CDDL.
6 *
7 * A full copy of the text of the CDDL should have accompanied this
8 * source. A copy of the CDDL is also available via the Internet at
9 * http://www.illumos.org/license/CDDL.
10 */
11
12 /*
13 * Copyright 2023-2026 RackTop Systems, Inc.
14 */
15
16 /*
17 * Verify correct hash computations using the MAC function group.
18 * See MAC_FG in cryptotest.h, cryptotest_mac_fg in testfuncs.c
19 *
20 * See also aes_gmac_enc.c which uses ENCR_FG in place of MAC_FG
21 */
22
23 #include <aes/aes_impl.h>
24 #include <strings.h>
25 #include <stdio.h>
26 #include "cryptotest.h"
27 #include "aes_gmac.h"
28
29 /*
30 * Size of param (in 8-byte chunks for alignment) large enough for both
31 * CK_GCM_PARAMS and CK_AES_GMAC_PARAMS.
32 */
33 #define PARAM_SIZE_64 8
34
35 static size_t updatelens[] = {
36 1, AES_BLOCK_LEN, AES_BLOCK_LEN + 1, 2*AES_BLOCK_LEN,
37 CTEST_UPDATELEN_WHOLE, CTEST_UPDATELEN_END
38 };
39
40 /* Settable (eg. set to 1 for debugging) */
41 int ndata = sizeof (DATA) / sizeof (DATA[0]);
42
43 int
main(void)44 main(void)
45 {
46 int errs = 0;
47 int i, j;
48 uint8_t N[1024];
49 uint64_t param[PARAM_SIZE_64];
50
51 cryptotest_t args = {
52 .out = N,
53 .outlen = sizeof (N),
54 .mechname = SUN_CKM_AES_GMAC,
55 .updatelens = updatelens
56 };
57
58 (void) fprintf(stderr, "\t\t\t=== MAC ===\n----------\n\n");
59
60 (void) fprintf(stderr, "\t\t\t=== all input ===\n----------\n\n");
61 for (i = 0; i < ndata; i++) {
62 args.in = DATA[i];
63 args.key = KEY[i];
64
65 args.inlen = DATALEN[i];
66 args.keylen = KEYLEN[i];
67
68 bzero(param, sizeof (param));
69 args.param = param;
70 args.plen = gmac_param_len();
71 gmac_init_params(param, IV[i], NULL, 0);
72
73 errs += run_test(&args, RES[i], RESLEN[i], MAC_FG);
74 (void) fprintf(stderr, "----------\n");
75 }
76
77 (void) fprintf(stderr, "\t\t\t=== all AAD ===\n----------\n\n");
78 if (cryptotest_pkcs) {
79 /* PKCS does not support passing AAD */
80 (void) fprintf(stderr, "(skip on PKCS)\n");
81 j = 0;
82 } else {
83 j = ndata;
84 }
85 for (i = 0; i < j; i++) {
86 args.in = NULL;
87 args.key = KEY[i];
88
89 args.inlen = 0;
90 args.keylen = KEYLEN[i];
91
92 bzero(param, sizeof (param));
93 args.param = param;
94 args.plen = gmac_param_len();
95 gmac_init_params(param, IV[i], DATA[i], DATALEN[i]);
96
97 errs += run_test(&args, RES[i], RESLEN[i], MAC_FG);
98 (void) fprintf(stderr, "----------\n");
99 }
100
101 (void) fprintf(stderr, "\t\t\t=== half AAD ===\n----------\n\n");
102 if (cryptotest_pkcs) {
103 (void) fprintf(stderr, "(skip on PKCS)\n");
104 j = 0;
105 } else {
106 j = ndata;
107 }
108 for (i = 0; i < j; i++) {
109 args.in = &DATA[i][DATALEN[i] / 2];
110 args.key = KEY[i];
111
112 args.inlen = DATALEN[i] - DATALEN[i] / 2;
113 args.keylen = KEYLEN[i];
114
115 bzero(param, sizeof (param));
116 args.param = param;
117 args.plen = gmac_param_len();
118 gmac_init_params(param, IV[i], DATA[i], DATALEN[i] / 2);
119
120 errs += run_test(&args, RES[i], RESLEN[i], MAC_FG);
121 (void) fprintf(stderr, "----------\n");
122 }
123
124 (void) fprintf(stderr, "\t\t\t=== 16-byte AAD ===\n----------\n\n");
125 if (cryptotest_pkcs) {
126 (void) fprintf(stderr, "(skip on PKCS)\n");
127 j = 0;
128 } else {
129 j = ndata;
130 }
131 for (i = 0; i < j; i++) {
132 if (DATALEN[i] <= 16) {
133 (void) fprintf(stderr, "len < 16; skip\n----------\n");
134 continue;
135 }
136
137 args.in = &DATA[i][16];
138 args.key = KEY[i];
139
140 args.inlen = DATALEN[i] - 16;
141 args.keylen = KEYLEN[i];
142
143 bzero(param, sizeof (param));
144 args.param = param;
145 args.plen = gmac_param_len();
146 gmac_init_params(param, IV[i], DATA[i], 16);
147
148 errs += run_test(&args, RES[i], RESLEN[i], MAC_FG);
149 (void) fprintf(stderr, "----------\n");
150 }
151
152 if (errs != 0) {
153 (void) fprintf(stderr, "%d tests failed\n", errs);
154 return (1);
155 }
156 (void) fprintf(stderr, "all tests pass\n");
157
158 return (0);
159 }
160