1/* 2 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10/* Internal tests for the modes module */ 11 12/* 13 * This file uses the low level AES functions (which are deprecated for 14 * non-internal use) in order to test the modes code 15 */ 16#include "internal/deprecated.h" 17 18#include <stdio.h> 19#include <string.h> 20 21#include <openssl/aes.h> 22#include <openssl/modes.h> 23#include "testutil.h" 24#include "crypto/modes.h" 25#include "internal/nelem.h" 26 27typedef struct { 28 size_t size; 29 const unsigned char *data; 30} SIZED_DATA; 31 32/********************************************************************** 33 * 34 * Test of cts128 35 * 36 ***/ 37 38/* cts128 test vectors from RFC 3962 */ 39static const unsigned char cts128_test_key[16] = "chicken teriyaki"; 40static const unsigned char cts128_test_input[64] = 41 "I would like the" " General Gau's C" 42 "hicken, please, " "and wonton soup."; 43static const unsigned char cts128_test_iv[] = 44 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; 45 46static const unsigned char vector_17[17] = { 47 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, 48 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f, 49 0x97 50}; 51 52static const unsigned char vector_31[31] = { 53 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, 54 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22, 55 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 56 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 57}; 58 59static const unsigned char vector_32[32] = { 60 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 61 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, 62 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 63 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 64}; 65 66static const unsigned char vector_47[47] = { 67 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 68 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 69 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, 70 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e, 71 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 72 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 73}; 74 75static const unsigned char vector_48[48] = { 76 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 77 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 78 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 79 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8, 80 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 81 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 82}; 83 84static const unsigned char vector_64[64] = { 85 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 86 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 87 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 88 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, 89 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, 90 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40, 91 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 92 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 93}; 94 95#define CTS128_TEST_VECTOR(len) \ 96 { \ 97 sizeof(vector_##len), vector_##len \ 98 } 99static const SIZED_DATA aes_cts128_vectors[] = { 100 CTS128_TEST_VECTOR(17), 101 CTS128_TEST_VECTOR(31), 102 CTS128_TEST_VECTOR(32), 103 CTS128_TEST_VECTOR(47), 104 CTS128_TEST_VECTOR(48), 105 CTS128_TEST_VECTOR(64), 106}; 107 108static AES_KEY *cts128_encrypt_key_schedule(void) 109{ 110 static int init_key = 1; 111 static AES_KEY ks; 112 113 if (init_key) { 114 AES_set_encrypt_key(cts128_test_key, 128, &ks); 115 init_key = 0; 116 } 117 return &ks; 118} 119 120static AES_KEY *cts128_decrypt_key_schedule(void) 121{ 122 static int init_key = 1; 123 static AES_KEY ks; 124 125 if (init_key) { 126 AES_set_decrypt_key(cts128_test_key, 128, &ks); 127 init_key = 0; 128 } 129 return &ks; 130} 131 132typedef struct { 133 const char *case_name; 134 size_t (*last_blocks_correction)(const unsigned char *in, 135 unsigned char *out, size_t len); 136 size_t (*encrypt_block)(const unsigned char *in, 137 unsigned char *out, size_t len, 138 const void *key, unsigned char ivec[16], 139 block128_f block); 140 size_t (*encrypt_stream)(const unsigned char *in, unsigned char *out, 141 size_t len, const void *key, 142 unsigned char ivec[16], cbc128_f cbc); 143 size_t (*decrypt_block)(const unsigned char *in, 144 unsigned char *out, size_t len, 145 const void *key, unsigned char ivec[16], 146 block128_f block); 147 size_t (*decrypt_stream)(const unsigned char *in, unsigned char *out, 148 size_t len, const void *key, 149 unsigned char ivec[16], cbc128_f cbc); 150} CTS128_FIXTURE; 151 152static size_t last_blocks_correction(const unsigned char *in, 153 unsigned char *out, size_t len) 154{ 155 size_t tail; 156 157 memcpy(out, in, len); 158 if ((tail = len % 16) == 0) 159 tail = 16; 160 tail += 16; 161 162 return tail; 163} 164 165static size_t last_blocks_correction_nist(const unsigned char *in, 166 unsigned char *out, size_t len) 167{ 168 size_t tail; 169 170 if ((tail = len % 16) == 0) 171 tail = 16; 172 len -= 16 + tail; 173 memcpy(out, in, len); 174 /* flip two last blocks */ 175 memcpy(out + len, in + len + 16, tail); 176 memcpy(out + len + tail, in + len, 16); 177 len += 16 + tail; 178 tail = 16; 179 180 return tail; 181} 182 183static int execute_cts128(const CTS128_FIXTURE *fixture, int num) 184{ 185 const unsigned char *test_iv = cts128_test_iv; 186 size_t test_iv_len = sizeof(cts128_test_iv); 187 const unsigned char *orig_vector = aes_cts128_vectors[num].data; 188 size_t len = aes_cts128_vectors[num].size; 189 const unsigned char *test_input = cts128_test_input; 190 const AES_KEY *encrypt_key_schedule = cts128_encrypt_key_schedule(); 191 const AES_KEY *decrypt_key_schedule = cts128_decrypt_key_schedule(); 192 unsigned char iv[16]; 193 /* The largest test inputs are = 64 bytes. */ 194 unsigned char cleartext[64], ciphertext[64], vector[64]; 195 size_t tail, size; 196 197 TEST_info("%s_vector_%lu", fixture->case_name, (unsigned long)len); 198 199 tail = fixture->last_blocks_correction(orig_vector, vector, len); 200 201 /* test block-based encryption */ 202 memcpy(iv, test_iv, test_iv_len); 203 if (!TEST_size_t_eq(fixture->encrypt_block(test_input, ciphertext, len, 204 encrypt_key_schedule, iv, 205 (block128_f)AES_encrypt), len) 206 || !TEST_mem_eq(ciphertext, len, vector, len) 207 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) 208 return 0; 209 210 /* test block-based decryption */ 211 memcpy(iv, test_iv, test_iv_len); 212 size = fixture->decrypt_block(ciphertext, cleartext, len, 213 decrypt_key_schedule, iv, 214 (block128_f)AES_decrypt); 215 if (!TEST_true(len == size || len + 16 == size) 216 || !TEST_mem_eq(cleartext, len, test_input, len) 217 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) 218 return 0; 219 220 /* test streamed encryption */ 221 memcpy(iv, test_iv, test_iv_len); 222 if (!TEST_size_t_eq(fixture->encrypt_stream(test_input, ciphertext, len, 223 encrypt_key_schedule, iv, 224 (cbc128_f) AES_cbc_encrypt), 225 len) 226 || !TEST_mem_eq(ciphertext, len, vector, len) 227 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) 228 return 0; 229 230 /* test streamed decryption */ 231 memcpy(iv, test_iv, test_iv_len); 232 if (!TEST_size_t_eq(fixture->decrypt_stream(ciphertext, cleartext, len, 233 decrypt_key_schedule, iv, 234 (cbc128_f)AES_cbc_encrypt), 235 len) 236 || !TEST_mem_eq(cleartext, len, test_input, len) 237 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) 238 return 0; 239 240 return 1; 241} 242 243static int test_aes_cts128(int idx) 244{ 245 static const CTS128_FIXTURE fixture_cts128 = { 246 "aes_cts128", last_blocks_correction, 247 CRYPTO_cts128_encrypt_block, CRYPTO_cts128_encrypt, 248 CRYPTO_cts128_decrypt_block, CRYPTO_cts128_decrypt 249 }; 250 251 return execute_cts128(&fixture_cts128, idx); 252} 253 254static int test_aes_cts128_nist(int idx) 255{ 256 static const CTS128_FIXTURE fixture_cts128_nist = { 257 "aes_cts128_nist", last_blocks_correction_nist, 258 CRYPTO_nistcts128_encrypt_block, CRYPTO_nistcts128_encrypt, 259 CRYPTO_nistcts128_decrypt_block, CRYPTO_nistcts128_decrypt 260 }; 261 262 return execute_cts128(&fixture_cts128_nist, idx); 263} 264 265/* 266 * 267 * Test of gcm128 268 * 269 */ 270 271/* Test Case 1 */ 272static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 }; 273static const u8 T1[] = { 274 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, 275 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a 276}; 277 278/* Test Case 2 */ 279# define K2 K1 280# define A2 A1 281# define IV2 IV1 282static const u8 P2[16]; 283static const u8 C2[] = { 284 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, 285 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 286}; 287 288static const u8 T2[] = { 289 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd, 290 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf 291}; 292 293/* Test Case 3 */ 294# define A3 A2 295static const u8 K3[] = { 296 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 297 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 298}; 299 300static const u8 P3[] = { 301 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 302 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 303 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 304 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 305 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 306 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 307 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 308 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 309}; 310 311static const u8 IV3[] = { 312 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 313 0xde, 0xca, 0xf8, 0x88 314}; 315 316static const u8 C3[] = { 317 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, 318 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, 319 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, 320 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, 321 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 322 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, 323 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 324 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 325}; 326 327static const u8 T3[] = { 328 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6, 329 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 330}; 331 332/* Test Case 4 */ 333# define K4 K3 334# define IV4 IV3 335static const u8 P4[] = { 336 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 337 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 338 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 339 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 340 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 341 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 342 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 343 0xba, 0x63, 0x7b, 0x39 344}; 345 346static const u8 A4[] = { 347 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 348 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 349 0xab, 0xad, 0xda, 0xd2 350}; 351 352static const u8 C4[] = { 353 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, 354 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, 355 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, 356 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, 357 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 358 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, 359 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 360 0x3d, 0x58, 0xe0, 0x91 361}; 362 363static const u8 T4[] = { 364 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, 365 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 366}; 367 368/* Test Case 5 */ 369# define K5 K4 370# define P5 P4 371# define A5 A4 372static const u8 IV5[] = { 373 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad 374}; 375 376static const u8 C5[] = { 377 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a, 378 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55, 379 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8, 380 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23, 381 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2, 382 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42, 383 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07, 384 0xc2, 0x3f, 0x45, 0x98 385}; 386 387static const u8 T5[] = { 388 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85, 389 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb 390}; 391 392/* Test Case 6 */ 393# define K6 K5 394# define P6 P5 395# define A6 A5 396static const u8 IV6[] = { 397 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, 398 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, 399 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, 400 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, 401 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, 402 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, 403 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, 404 0xa6, 0x37, 0xb3, 0x9b 405}; 406 407static const u8 C6[] = { 408 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6, 409 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94, 410 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8, 411 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7, 412 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90, 413 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f, 414 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03, 415 0x4c, 0x34, 0xae, 0xe5 416}; 417 418static const u8 T6[] = { 419 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa, 420 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50 421}; 422 423/* Test Case 7 */ 424static const u8 K7[24], P7[] = { 0 }, A7[] = { 0 }, IV7[12], C7[] = { 0 }; 425static const u8 T7[] = { 426 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b, 427 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 428}; 429 430/* Test Case 8 */ 431# define K8 K7 432# define IV8 IV7 433# define A8 A7 434static const u8 P8[16]; 435static const u8 C8[] = { 436 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41, 437 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 438}; 439 440static const u8 T8[] = { 441 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab, 442 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb 443}; 444 445/* Test Case 9 */ 446# define A9 A8 447static const u8 K9[] = { 448 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 449 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 450 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c 451}; 452 453static const u8 P9[] = { 454 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 455 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 456 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 457 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 458 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 459 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 460 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 461 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 462}; 463 464static const u8 IV9[] = { 465 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 466 0xde, 0xca, 0xf8, 0x88 467}; 468 469static const u8 C9[] = { 470 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, 471 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, 472 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, 473 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, 474 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, 475 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, 476 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, 477 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 478}; 479 480static const u8 T9[] = { 481 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf, 482 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 483}; 484 485/* Test Case 10 */ 486# define K10 K9 487# define IV10 IV9 488static const u8 P10[] = { 489 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 490 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 491 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 492 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 493 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 494 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 495 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 496 0xba, 0x63, 0x7b, 0x39 497}; 498 499static const u8 A10[] = { 500 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 501 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 502 0xab, 0xad, 0xda, 0xd2 503}; 504 505static const u8 C10[] = { 506 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, 507 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, 508 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, 509 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, 510 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, 511 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, 512 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, 513 0xcc, 0xda, 0x27, 0x10 514}; 515 516static const u8 T10[] = { 517 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f, 518 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c 519}; 520 521/* Test Case 11 */ 522# define K11 K10 523# define P11 P10 524# define A11 A10 525static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad }; 526 527static const u8 C11[] = { 528 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54, 529 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8, 530 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f, 531 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57, 532 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75, 533 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9, 534 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f, 535 0xa0, 0xf0, 0x62, 0xf7 536}; 537 538static const u8 T11[] = { 539 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24, 540 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8 541}; 542 543/* Test Case 12 */ 544# define K12 K11 545# define P12 P11 546# define A12 A11 547static const u8 IV12[] = { 548 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, 549 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, 550 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, 551 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, 552 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, 553 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, 554 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, 555 0xa6, 0x37, 0xb3, 0x9b 556}; 557 558static const u8 C12[] = { 559 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c, 560 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff, 561 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef, 562 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45, 563 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9, 564 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3, 565 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7, 566 0xe9, 0xb7, 0x37, 0x3b 567}; 568 569static const u8 T12[] = { 570 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb, 571 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 572}; 573 574/* Test Case 13 */ 575static const u8 K13[32], P13[] = { 0 }, A13[] = { 0 }, IV13[12], C13[] = { 0 }; 576static const u8 T13[] = { 577 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9, 578 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b 579}; 580 581/* Test Case 14 */ 582# define K14 K13 583# define A14 A13 584static const u8 P14[16], IV14[12]; 585static const u8 C14[] = { 586 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 587 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 588}; 589 590static const u8 T14[] = { 591 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 592 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 593}; 594 595/* Test Case 15 */ 596# define A15 A14 597static const u8 K15[] = { 598 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 599 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 600 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 601 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 602}; 603 604static const u8 P15[] = { 605 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 606 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 607 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 608 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 609 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 610 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 611 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 612 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 613}; 614 615static const u8 IV15[] = { 616 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 617 0xde, 0xca, 0xf8, 0x88 618}; 619 620static const u8 C15[] = { 621 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 622 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, 623 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, 624 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 625 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, 626 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 627 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 628 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad 629}; 630 631static const u8 T15[] = { 632 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd, 633 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c 634}; 635 636/* Test Case 16 */ 637# define K16 K15 638# define IV16 IV15 639static const u8 P16[] = { 640 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 641 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 642 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 643 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 644 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 645 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 646 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 647 0xba, 0x63, 0x7b, 0x39 648}; 649 650static const u8 A16[] = { 651 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 652 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 653 0xab, 0xad, 0xda, 0xd2 654}; 655 656static const u8 C16[] = { 657 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 658 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, 659 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, 660 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 661 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, 662 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 663 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 664 0xbc, 0xc9, 0xf6, 0x62 665}; 666 667static const u8 T16[] = { 668 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 669 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b 670}; 671 672/* Test Case 17 */ 673# define K17 K16 674# define P17 P16 675# define A17 A16 676static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad }; 677 678static const u8 C17[] = { 679 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 680 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb, 681 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, 682 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 683 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0, 684 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, 685 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 686 0xf4, 0x7c, 0x9b, 0x1f 687}; 688 689static const u8 T17[] = { 690 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 691 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2 692}; 693 694/* Test Case 18 */ 695# define K18 K17 696# define P18 P17 697# define A18 A17 698static const u8 IV18[] = { 699 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, 700 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, 701 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, 702 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, 703 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, 704 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, 705 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, 706 0xa6, 0x37, 0xb3, 0x9b 707}; 708 709static const u8 C18[] = { 710 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1, 711 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20, 712 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19, 713 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4, 714 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45, 715 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde, 716 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e, 717 0x44, 0xae, 0x7e, 0x3f 718}; 719 720static const u8 T18[] = { 721 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0, 722 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a 723}; 724 725/* Test Case 19 */ 726# define K19 K1 727# define P19 P1 728# define IV19 IV1 729# define C19 C1 730static const u8 A19[] = { 731 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 732 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 733 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 734 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 735 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 736 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 737 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 738 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55, 739 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 740 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, 741 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, 742 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 743 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, 744 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 745 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 746 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad 747}; 748 749static const u8 T19[] = { 750 0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d, 751 0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92 752}; 753 754/* Test Case 20 */ 755# define K20 K1 756# define A20 A1 757/* this results in 0xff in counter LSB */ 758static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff }; 759 760static const u8 P20[288]; 761static const u8 C20[] = { 762 0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a, 763 0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14, 764 0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce, 765 0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f, 766 0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70, 767 0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18, 768 0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf, 769 0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49, 770 0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab, 771 0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c, 772 0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c, 773 0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29, 774 0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1, 775 0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76, 776 0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2, 777 0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce, 778 0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f, 779 0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86, 780 0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb, 781 0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18, 782 0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65, 783 0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42, 784 0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b, 785 0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06, 786 0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24, 787 0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c, 788 0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4, 789 0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64, 790 0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03, 791 0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6, 792 0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90, 793 0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74, 794 0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67, 795 0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46, 796 0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78, 797 0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c 798}; 799 800static const u8 T20[] = { 801 0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a, 802 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f 803}; 804 805#define GCM128_TEST_VECTOR(n) \ 806 { \ 807 {sizeof(K##n), K##n}, \ 808 {sizeof(IV##n), IV##n}, \ 809 {sizeof(A##n), A##n}, \ 810 {sizeof(P##n), P##n}, \ 811 {sizeof(C##n), C##n}, \ 812 {sizeof(T##n), T##n} \ 813 } 814static struct gcm128_data { 815 const SIZED_DATA K; 816 const SIZED_DATA IV; 817 const SIZED_DATA A; 818 const SIZED_DATA P; 819 const SIZED_DATA C; 820 const SIZED_DATA T; 821} gcm128_vectors[] = { 822 GCM128_TEST_VECTOR(1), 823 GCM128_TEST_VECTOR(2), 824 GCM128_TEST_VECTOR(3), 825 GCM128_TEST_VECTOR(4), 826 GCM128_TEST_VECTOR(5), 827 GCM128_TEST_VECTOR(6), 828 GCM128_TEST_VECTOR(7), 829 GCM128_TEST_VECTOR(8), 830 GCM128_TEST_VECTOR(9), 831 GCM128_TEST_VECTOR(10), 832 GCM128_TEST_VECTOR(11), 833 GCM128_TEST_VECTOR(12), 834 GCM128_TEST_VECTOR(13), 835 GCM128_TEST_VECTOR(14), 836 GCM128_TEST_VECTOR(15), 837 GCM128_TEST_VECTOR(16), 838 GCM128_TEST_VECTOR(17), 839 GCM128_TEST_VECTOR(18), 840 GCM128_TEST_VECTOR(19), 841 GCM128_TEST_VECTOR(20) 842}; 843 844static int test_gcm128(int idx) 845{ 846 unsigned char out[512]; 847 SIZED_DATA K = gcm128_vectors[idx].K; 848 SIZED_DATA IV = gcm128_vectors[idx].IV; 849 SIZED_DATA A = gcm128_vectors[idx].A; 850 SIZED_DATA P = gcm128_vectors[idx].P; 851 SIZED_DATA C = gcm128_vectors[idx].C; 852 SIZED_DATA T = gcm128_vectors[idx].T; 853 GCM128_CONTEXT ctx; 854 AES_KEY key; 855 856 /* Size 1 inputs are special-cased to signal NULL. */ 857 if (A.size == 1) 858 A.data = NULL; 859 if (P.size == 1) 860 P.data = NULL; 861 if (C.size == 1) 862 C.data = NULL; 863 864 AES_set_encrypt_key(K.data, K.size * 8, &key); 865 866 CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt); 867 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size); 868 memset(out, 0, P.size); 869 if (A.data != NULL) 870 CRYPTO_gcm128_aad(&ctx, A.data, A.size); 871 if (P.data != NULL) 872 if (!TEST_int_ge(CRYPTO_gcm128_encrypt( &ctx, P.data, out, P.size), 0)) 873 return 0; 874 if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16)) 875 || (C.data != NULL 876 && !TEST_mem_eq(out, P.size, C.data, P.size))) 877 return 0; 878 879 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size); 880 memset(out, 0, P.size); 881 if (A.data != NULL) 882 CRYPTO_gcm128_aad(&ctx, A.data, A.size); 883 if (C.data != NULL) 884 CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size); 885 if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16)) 886 || (P.data != NULL 887 && !TEST_mem_eq(out, P.size, P.data, P.size))) 888 return 0; 889 890 return 1; 891} 892 893int setup_tests(void) 894{ 895 ADD_ALL_TESTS(test_aes_cts128, OSSL_NELEM(aes_cts128_vectors)); 896 ADD_ALL_TESTS(test_aes_cts128_nist, OSSL_NELEM(aes_cts128_vectors)); 897 ADD_ALL_TESTS(test_gcm128, OSSL_NELEM(gcm128_vectors)); 898 return 1; 899} 900