Google Git
Sign in
flutter / third_party / openssl / d836d71b2da026b4ed9a2233657b2289ab8e4be0 / . / test / modes_internal_test.c
blob: 57045035e9b138c90f3ac3128b7af0a27e957c8b [file] [log] [blame]
Richard Levittef2ae2342016-10-27 19:57:41 +0200[diff] [blame]1/*
2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/* Internal tests for the modes module */
11
12#include <stdio.h>
13#include <string.h>
14
15#include <openssl/aes.h>
16#include <openssl/modes.h>
17#include "../crypto/modes/modes_lcl.h"
18#include "testutil.h"
19#include "e_os.h"
20
21typedef struct {
22 size_t size;
23 const unsigned char *data;
24} SIZED_DATA;
25
26/**********************************************************************
27 *
28 * Test of cts128
29 *
30 ***/
31
Richard Levittef2ae2342016-10-27 19:57:41 +0200[diff] [blame]32/* cts128 test vectors from RFC 3962 */
33static const unsigned char cts128_test_key[16] = "chicken teriyaki";
34static const unsigned char cts128_test_input[64] =
35 "I would like the" " General Gau's C"
36 "hicken, please, " "and wonton soup.";
37static const unsigned char cts128_test_iv[] =
38 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
39
40static const unsigned char vector_17[17] = {
41 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
42 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
43 0x97
44};
45
46static const unsigned char vector_31[31] = {
47 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
48 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
49 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
50 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
51};
52
53static const unsigned char vector_32[32] = {
54 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
55 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
56 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
57 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
58};
59
60static const unsigned char vector_47[47] = {
61 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
62 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
63 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
64 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
65 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
66 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
67};
68
69static const unsigned char vector_48[48] = {
70 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
71 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
72 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
73 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
74 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
75 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
76};
77
78static const unsigned char vector_64[64] = {
79 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
80 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
81 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
82 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
83 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
84 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
85 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
86 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
87};
88
89#define CTS128_TEST_VECTOR(len) \
90 { \
91 sizeof(vector_##len), vector_##len \
92 }
93static const SIZED_DATA cts128_vectors[] = {
94 CTS128_TEST_VECTOR(17),
95 CTS128_TEST_VECTOR(31),
96 CTS128_TEST_VECTOR(32),
97 CTS128_TEST_VECTOR(47),
98 CTS128_TEST_VECTOR(48),
99 CTS128_TEST_VECTOR(64),
100};
101
102static AES_KEY *cts128_encrypt_key_schedule()
103{
104 static int init_key = 1;
105 static AES_KEY ks;
106
107 if (init_key) {
108 AES_set_encrypt_key(cts128_test_key, 128, &ks);
109 init_key = 0;
110 }
111 return &ks;
112}
113
114static AES_KEY *cts128_decrypt_key_schedule()
115{
116 static int init_key = 1;
117 static AES_KEY ks;
118
119 if (init_key) {
120 AES_set_decrypt_key(cts128_test_key, 128, &ks);
121 init_key = 0;
122 }
123 return &ks;
124}
125
Emilia Kasperd836d712016-11-04 16:06:12 +0100[diff] [blame^]126typedef struct {
127 const char *case_name;
128 int num;
129 size_t (*transform_output)(const unsigned char *in, unsigned char *out,
130 size_t len);
131 size_t (*encrypt_block)(const unsigned char *in,
132 unsigned char *out, size_t len,
133 const void *key, unsigned char ivec[16],
134 block128_f block);
135 size_t (*encrypt)(const unsigned char *in, unsigned char *out,
136 size_t len, const void *key,
137 unsigned char ivec[16], cbc128_f cbc);
138 size_t (*decrypt_block)(const unsigned char *in,
139 unsigned char *out, size_t len,
140 const void *key, unsigned char ivec[16],
141 block128_f block);
142 size_t (*decrypt)(const unsigned char *in, unsigned char *out,
143 size_t len, const void *key,
144 unsigned char ivec[16], cbc128_f cbc);
145} CTS128_FIXTURE;
146
147
148static CTS128_FIXTURE setup_cts128(const char *const test_case_name)
Richard Levittef2ae2342016-10-27 19:57:41 +0200[diff] [blame]149{
Emilia Kasperd836d712016-11-04 16:06:12 +0100[diff] [blame^]150 CTS128_FIXTURE fixture;
151 fixture.case_name = test_case_name;
152 return fixture;
Richard Levittef2ae2342016-10-27 19:57:41 +0200[diff] [blame]153}
154
Emilia Kasperd836d712016-11-04 16:06:12 +0100[diff] [blame^]155static size_t transform_output(const unsigned char *in, unsigned char *out,
156 size_t len)
157{
158 size_t tail;
159
160 memcpy(out, in, len);
161 if ((tail = len % 16) == 0)
162 tail = 16;
163 tail += 16;
164
165 return tail;
166}
167
168static size_t transform_output_nist(const unsigned char *in, unsigned char *out,
169 size_t len)
170{
171 size_t tail;
172
173 if ((tail = len % 16) == 0)
174 tail = 16;
175 len -= 16 + tail;
176 memcpy(out, in, len);
177 /* flip two last blocks */
178 memcpy(out + len, in + len + 16, tail);
179 memcpy(out + len + tail, in + len, 16);
180 len += 16 + tail;
181 tail = 16;
182
183 return tail;
184}
185
186static int execute_cts128(CTS128_FIXTURE fixture)
187{
188 const unsigned char *test_iv = cts128_test_iv;
189 size_t test_iv_len = sizeof(cts128_test_iv);
190 const unsigned char *orig_vector = cts128_vectors[fixture.num].data;
191 size_t len = cts128_vectors[fixture.num].size;
192 const unsigned char *test_input = cts128_test_input;
193 const AES_KEY *encrypt_key_schedule = cts128_encrypt_key_schedule();
194 const AES_KEY *decrypt_key_schedule = cts128_decrypt_key_schedule();
195 unsigned char iv[16];
196 /* The largest test inputs are = 64 bytes. */
197 unsigned char cleartext[64], ciphertext[64], vector[64];
198 size_t tail;
199
200 fprintf(stderr, "%s_vector_%" OSSLzu "\n", fixture.case_name, len);
201 fflush(stdout);
202
203 tail = fixture.transform_output(orig_vector, vector, len);
204
205 /* test block-based encryption */
206 memcpy(iv, test_iv, test_iv_len);
207 fixture.encrypt_block(test_input, ciphertext, len,
208 encrypt_key_schedule, iv,
209 (block128_f)AES_encrypt);
210 if (memcmp(ciphertext, vector, len)) {
211 fprintf(stderr, "block encrypt: output_%" OSSLzu " mismatch\n", len);
212 return 0;
213 }
214 if (memcmp(iv, vector + len - tail, sizeof(iv))) {
215 fprintf(stderr, "block encrypt: iv_%" OSSLzu " mismatch\n", len);
216 return 0;
217 }
218
219 /* test block-based decryption */
220 memcpy(iv, test_iv, test_iv_len);
221 fixture.decrypt_block(ciphertext, cleartext, len,
222 decrypt_key_schedule, iv,
223 (block128_f)AES_decrypt);
224 if (memcmp(cleartext, test_input, len)) {
225 fprintf(stderr, "block decrypt: input_%" OSSLzu " mismatch\n", len);
226 return 0;
227 }
228 if (memcmp(iv, vector + len - tail, sizeof(iv))) {
229 fprintf(stderr, "block decrypt: iv_%" OSSLzu " mismatch\n", len);
230 return 0;
231 }
232
233 /* test streamed encryption */
234 memcpy(iv, test_iv, test_iv_len);
235 fixture.encrypt(test_input, ciphertext, len, encrypt_key_schedule,
236 iv, (cbc128_f) AES_cbc_encrypt);
237 if (memcmp(ciphertext, vector, len)) {
238 fprintf(stderr, "stream encrypt: output_%" OSSLzu " mismatch\n", len);
239 return 0;
240 }
241 if (memcmp(iv, vector + len - tail, sizeof(iv))) {
242 fprintf(stderr, "stream encrypt: iv_%" OSSLzu " mismatch\n", len);
243 return 0;
244 }
245
246 /* test streamed decryption */
247 memcpy(iv, test_iv, test_iv_len);
248 fixture.decrypt(ciphertext, cleartext, len, decrypt_key_schedule, iv,
249 (cbc128_f)AES_cbc_encrypt);
250 if (memcmp(cleartext, test_input, len)) {
251 fprintf(stderr, "stream decrypt: input_%" OSSLzu " mismatch\n", len);
252 return 0;
253 }
254 if (memcmp(iv, vector + len - tail, sizeof(iv))) {
255 fprintf(stderr, "stream decrypt: iv_%" OSSLzu " mismatch\n", len);
256 return 0;
257 }
258
259 return 1;
260}
261
262static int test_cts128(int idx)
Richard Levittef2ae2342016-10-27 19:57:41 +0200[diff] [blame]263{
264 SETUP_TEST_FIXTURE(CTS128_FIXTURE, setup_cts128);
Emilia Kasperd836d712016-11-04 16:06:12 +0100[diff] [blame^]265 fixture.transform_output = transform_output;
266 fixture.encrypt_block = CRYPTO_cts128_encrypt_block;
267 fixture.encrypt = CRYPTO_cts128_encrypt;
268 fixture.decrypt_block = CRYPTO_cts128_decrypt_block;
269 fixture.decrypt = CRYPTO_cts128_decrypt;
270 fixture.case_name = "cts128";
Richard Levittef2ae2342016-10-27 19:57:41 +0200[diff] [blame]271 fixture.num = idx;
Emilia Kasperd836d712016-11-04 16:06:12 +0100[diff] [blame^]272 EXECUTE_TEST_NO_TEARDOWN(execute_cts128);
Richard Levittef2ae2342016-10-27 19:57:41 +0200[diff] [blame]273}
274
Emilia Kasperd836d712016-11-04 16:06:12 +0100[diff] [blame^]275static int test_cts128_nist(int idx)
276{
277 SETUP_TEST_FIXTURE(CTS128_FIXTURE, setup_cts128);
278 fixture.transform_output = transform_output_nist;
279 fixture.encrypt_block = CRYPTO_nistcts128_encrypt_block;
280 fixture.encrypt = CRYPTO_nistcts128_encrypt;
281 fixture.decrypt_block = CRYPTO_nistcts128_decrypt_block;
282 fixture.decrypt = CRYPTO_nistcts128_decrypt;
283 fixture.case_name = "cts128_nist";
284 fixture.num = idx;
285 EXECUTE_TEST_NO_TEARDOWN(execute_cts128);
286}
287
288/**********************************************************************
289 *
290 * Test of gcm128
291 *
292 ***/
293
Richard Levittef2ae2342016-10-27 19:57:41 +0200[diff] [blame]294/* Test Case 1 */
295static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 };
296static const u8 T1[] = {
297 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
298 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a
299};
300
301/* Test Case 2 */
302# define K2 K1
303# define A2 A1
304# define IV2 IV1
305static const u8 P2[16];
306static const u8 C2[] = {
307 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
308 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78
309};
310
311static const u8 T2[] = {
312 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
313 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf
314};
315
316/* Test Case 3 */
317# define A3 A2
318static const u8 K3[] = {
319 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
320 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
321};
322
323static const u8 P3[] = {
324 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
325 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
326 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
327 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
328 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
329 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
330 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
331 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
332};
333
334static const u8 IV3[] = {
335 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
336 0xde, 0xca, 0xf8, 0x88
337};
338
339static const u8 C3[] = {
340 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
341 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
342 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
343 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
344 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
345 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
346 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
347 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85
348};
349
350static const u8 T3[] = {
351 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
352 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4
353};
354
355/* Test Case 4 */
356# define K4 K3
357# define IV4 IV3
358static const u8 P4[] = {
359 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
360 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
361 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
362 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
363 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
364 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
365 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
366 0xba, 0x63, 0x7b, 0x39
367};
368
369static const u8 A4[] = {
370 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
371 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
372 0xab, 0xad, 0xda, 0xd2
373};
374
375static const u8 C4[] = {
376 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
377 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
378 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
379 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
380 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
381 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
382 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
383 0x3d, 0x58, 0xe0, 0x91
384};
385
386static const u8 T4[] = {
387 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
388 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47
389};
390
391/* Test Case 5 */
392# define K5 K4
393# define P5 P4
394# define A5 A4
395static const u8 IV5[] = {
396 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
397};
398
399static const u8 C5[] = {
400 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
401 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
402 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
403 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
404 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
405 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
406 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
407 0xc2, 0x3f, 0x45, 0x98
408};
409
410static const u8 T5[] = {
411 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
412 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb
413};
414
415/* Test Case 6 */
416# define K6 K5
417# define P6 P5
418# define A6 A5
419static const u8 IV6[] = {
420 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
421 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
422 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
423 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
424 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
425 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
426 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
427 0xa6, 0x37, 0xb3, 0x9b
428};
429
430static const u8 C6[] = {
431 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
432 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
433 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
434 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
435 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
436 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
437 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
438 0x4c, 0x34, 0xae, 0xe5
439};
440
441static const u8 T6[] = {
442 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
443 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50
444};
445
446/* Test Case 7 */
447static const u8 K7[24], P7[] = { 0 }, A7[] = { 0 }, IV7[12], C7[] = { 0 };
448static const u8 T7[] = {
449 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
450 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35
451};
452
453/* Test Case 8 */
454# define K8 K7
455# define IV8 IV7
456# define A8 A7
457static const u8 P8[16];
458static const u8 C8[] = {
459 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
460 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00
461};
462
463static const u8 T8[] = {
464 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
465 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb
466};
467
468/* Test Case 9 */
469# define A9 A8
470static const u8 K9[] = {
471 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
472 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
473 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
474};
475
476static const u8 P9[] = {
477 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
478 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
479 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
480 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
481 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
482 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
483 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
484 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
485};
486
487static const u8 IV9[] = {
488 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
489 0xde, 0xca, 0xf8, 0x88
490};
491
492static const u8 C9[] = {
493 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
494 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
495 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
496 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
497 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
498 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
499 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
500 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56
501};
502
503static const u8 T9[] = {
504 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
505 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14
506};
507
508/* Test Case 10 */
509# define K10 K9
510# define IV10 IV9
511static const u8 P10[] = {
512 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
513 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
514 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
515 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
516 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
517 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
518 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
519 0xba, 0x63, 0x7b, 0x39
520};
521
522static const u8 A10[] = {
523 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
524 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
525 0xab, 0xad, 0xda, 0xd2
526};
527
528static const u8 C10[] = {
529 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
530 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
531 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
532 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
533 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
534 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
535 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
536 0xcc, 0xda, 0x27, 0x10
537};
538
539static const u8 T10[] = {
540 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
541 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c
542};
543
544/* Test Case 11 */
545# define K11 K10
546# define P11 P10
547# define A11 A10
548static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
549
550static const u8 C11[] = {
551 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
552 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
553 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
554 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
555 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
556 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
557 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
558 0xa0, 0xf0, 0x62, 0xf7
559};
560
561static const u8 T11[] = {
562 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
563 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8
564};
565
566/* Test Case 12 */
567# define K12 K11
568# define P12 P11
569# define A12 A11
570static const u8 IV12[] = {
571 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
572 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
573 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
574 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
575 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
576 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
577 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
578 0xa6, 0x37, 0xb3, 0x9b
579};
580
581static const u8 C12[] = {
582 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
583 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
584 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
585 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
586 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
587 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
588 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
589 0xe9, 0xb7, 0x37, 0x3b
590};
591
592static const u8 T12[] = {
593 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
594 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
595};
596
597/* Test Case 13 */
598static const u8 K13[32], P13[] = { 0 }, A13[] = { 0 }, IV13[12], C13[] = { 0 };
599static const u8 T13[] = {
600 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
601 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b
602};
603
604/* Test Case 14 */
605# define K14 K13
606# define A14 A13
607static const u8 P14[16], IV14[12];
608static const u8 C14[] = {
609 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
610 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18
611};
612
613static const u8 T14[] = {
614 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
615 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19
616};
617
618/* Test Case 15 */
619# define A15 A14
620static const u8 K15[] = {
621 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
622 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
623 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
624 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
625};
626
627static const u8 P15[] = {
628 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
629 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
630 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
631 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
632 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
633 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
634 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
635 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
636};
637
638static const u8 IV15[] = {
639 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
640 0xde, 0xca, 0xf8, 0x88
641};
642
643static const u8 C15[] = {
644 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
645 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
646 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
647 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
648 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
649 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
650 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
651 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
652};
653
654static const u8 T15[] = {
655 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
656 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c
657};
658
659/* Test Case 16 */
660# define K16 K15
661# define IV16 IV15
662static const u8 P16[] = {
663 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
664 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
665 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
666 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
667 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
668 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
669 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
670 0xba, 0x63, 0x7b, 0x39
671};
672
673static const u8 A16[] = {
674 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
675 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
676 0xab, 0xad, 0xda, 0xd2
677};
678
679static const u8 C16[] = {
680 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
681 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
682 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
683 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
684 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
685 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
686 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
687 0xbc, 0xc9, 0xf6, 0x62
688};
689
690static const u8 T16[] = {
691 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
692 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
693};
694
695/* Test Case 17 */
696# define K17 K16
697# define P17 P16
698# define A17 A16
699static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
700
701static const u8 C17[] = {
702 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
703 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
704 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
705 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
706 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
707 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
708 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
709 0xf4, 0x7c, 0x9b, 0x1f
710};
711
712static const u8 T17[] = {
713 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
714 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2
715};
716
717/* Test Case 18 */
718# define K18 K17
719# define P18 P17
720# define A18 A17
721static const u8 IV18[] = {
722 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
723 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
724 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
725 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
726 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
727 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
728 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
729 0xa6, 0x37, 0xb3, 0x9b
730};
731
732static const u8 C18[] = {
733 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
734 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
735 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
736 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
737 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
738 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
739 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
740 0x44, 0xae, 0x7e, 0x3f
741};
742
743static const u8 T18[] = {
744 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
745 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a
746};
747
748/* Test Case 19 */
749# define K19 K1
750# define P19 P1
751# define IV19 IV1
752# define C19 C1
753static const u8 A19[] = {
754 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
755 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
756 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
757 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
758 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
759 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
760 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
761 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
762 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
763 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
764 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
765 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
766 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
767 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
768 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
769 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
770};
771
772static const u8 T19[] = {
773 0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d,
774 0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92
775};
776
777/* Test Case 20 */
778# define K20 K1
779# define A20 A1
780/* this results in 0xff in counter LSB */
781static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff };
782
783static const u8 P20[288];
784static const u8 C20[] = {
785 0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a,
786 0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14,
787 0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce,
788 0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f,
789 0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70,
790 0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18,
791 0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf,
792 0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49,
793 0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab,
794 0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c,
795 0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c,
796 0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29,
797 0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1,
798 0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76,
799 0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2,
800 0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce,
801 0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f,
802 0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86,
803 0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb,
804 0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18,
805 0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65,
806 0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42,
807 0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b,
808 0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06,
809 0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24,
810 0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c,
811 0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4,
812 0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64,
813 0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03,
814 0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6,
815 0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90,
816 0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74,
817 0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67,
818 0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46,
819 0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78,
820 0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c
821};
822
823static const u8 T20[] = {
824 0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a,
825 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f
826};
827
828#define GCM128_TEST_VECTOR(n) \
829 { \
830 {sizeof(K##n), K##n}, \
831 {sizeof(IV##n), IV##n}, \
832 {sizeof(A##n), A##n}, \
833 {sizeof(P##n), P##n}, \
834 {sizeof(C##n), C##n}, \
835 {sizeof(T##n), T##n} \
836 }
837static struct gcm128_data {
838 const SIZED_DATA K;
839 const SIZED_DATA IV;
840 const SIZED_DATA A;
841 const SIZED_DATA P;
842 const SIZED_DATA C;
843 const SIZED_DATA T;
844} gcm128_vectors[] = {
845 GCM128_TEST_VECTOR(1),
846 GCM128_TEST_VECTOR(2),
847 GCM128_TEST_VECTOR(3),
848 GCM128_TEST_VECTOR(4),
849 GCM128_TEST_VECTOR(5),
850 GCM128_TEST_VECTOR(6),
851 GCM128_TEST_VECTOR(7),
852 GCM128_TEST_VECTOR(8),
853 GCM128_TEST_VECTOR(9),
854 GCM128_TEST_VECTOR(10),
855 GCM128_TEST_VECTOR(11),
856 GCM128_TEST_VECTOR(12),
857 GCM128_TEST_VECTOR(13),
858 GCM128_TEST_VECTOR(14),
859 GCM128_TEST_VECTOR(15),
860 GCM128_TEST_VECTOR(16),
861 GCM128_TEST_VECTOR(17),
862 GCM128_TEST_VECTOR(18),
863 GCM128_TEST_VECTOR(19),
864 GCM128_TEST_VECTOR(20)
865};
866
Emilia Kasperd836d712016-11-04 16:06:12 +0100[diff] [blame^]867static int test_gcm128(int idx)
Richard Levittef2ae2342016-10-27 19:57:41 +0200[diff] [blame]868{
Emilia Kasperd836d712016-11-04 16:06:12 +0100[diff] [blame^]869 unsigned char out[512];
870 SIZED_DATA K = gcm128_vectors[idx].K;
871 SIZED_DATA IV = gcm128_vectors[idx].IV;
872 SIZED_DATA A = gcm128_vectors[idx].A;
873 SIZED_DATA P = gcm128_vectors[idx].P;
874 SIZED_DATA C = gcm128_vectors[idx].C;
875 SIZED_DATA T = gcm128_vectors[idx].T;
876 GCM128_CONTEXT ctx;
877 AES_KEY key;
878 int err = 0;
879
880 /* Size 1 inputs are special-cased to signal NULL. */
881 if (A.size == 1)
882 A.data = NULL;
883 if (P.size == 1)
884 P.data = NULL;
885 if (C.size == 1)
886 C.data = NULL;
887
888 AES_set_encrypt_key(K.data, K.size * 8, &key);
889
890 CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt);
891 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
892 memset(out, 0, P.size);
893 if (A.data)
894 CRYPTO_gcm128_aad(&ctx, A.data, A.size);
895 if (P.data)
896 CRYPTO_gcm128_encrypt( &ctx, P.data, out, P.size);
897 if (CRYPTO_gcm128_finish(&ctx, T.data, 16)
898 || (C.data && memcmp(out, C.data, P.size)))
899 err++, fprintf(stderr, "encrypt test#%d failed.\n", idx);
900
901 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
902 memset(out, 0, P.size);
903 if (A.data)
904 CRYPTO_gcm128_aad(&ctx, A.data, A.size);
905 if (C.data)
906 CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size);
907 if (CRYPTO_gcm128_finish(&ctx, T.data, 16)
908 || (P.data && memcmp(out, P.data, P.size)))
909 err++, fprintf(stderr, "decrypt test#%d failed.\n", idx);
910
911 return err == 0;
912}
913
914static void benchmark_gcm128(const unsigned char *K, size_t Klen,
915 const unsigned char *IV, size_t IVlen)
916{
917#ifdef OPENSSL_CPUID_OBJ
918 GCM128_CONTEXT ctx;
919 AES_KEY key;
920 size_t start, gcm_t, ctr_t, OPENSSL_rdtsc();
921 union {
922 u64 u;
923 u8 c[1024];
924 } buf;
925
926 AES_set_encrypt_key(K, Klen * 8, &key);
927 CRYPTO_gcm128_init(&ctx, &key, (block128_f) AES_encrypt);
928 CRYPTO_gcm128_setiv(&ctx, IV, IVlen);
929
930 CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf));
931 start = OPENSSL_rdtsc();
932 CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf));
933 gcm_t = OPENSSL_rdtsc() - start;
934
935 CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf),
936 &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres,
937 (block128_f) AES_encrypt);
938 start = OPENSSL_rdtsc();
939 CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf),
940 &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres,
941 (block128_f) AES_encrypt);
942 ctr_t = OPENSSL_rdtsc() - start;
943
944 printf("%.2f-%.2f=%.2f\n",
945 gcm_t / (double)sizeof(buf),
946 ctr_t / (double)sizeof(buf),
947 (gcm_t - ctr_t) / (double)sizeof(buf));
948# ifdef GHASH
949 {
950 void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
951 const u8 *inp, size_t len) = ctx.ghash;
952
953 GHASH((&ctx), buf.c, sizeof(buf));
954 start = OPENSSL_rdtsc();
955 for (i = 0; i < 100; ++i)
956 GHASH((&ctx), buf.c, sizeof(buf));
957 gcm_t = OPENSSL_rdtsc() - start;
958 printf("%.2f\n", gcm_t / (double)sizeof(buf) / (double)i);
959 }
960# endif
961#else
962 fprintf(stderr,
963 "Benchmarking of modes isn't available on this platform\n");
964#endif
Richard Levittef2ae2342016-10-27 19:57:41 +0200[diff] [blame]965}
966
967int main(int argc, char **argv)
968{
969 int result = 0;
970 int iter_argv;
971 int benchmark = 0;
972
973 for (iter_argv = 1; iter_argv < argc; iter_argv++) {
974 if (strcmp(argv[iter_argv], "-b") == 0)
975 benchmark = 1;
976 else if (strcmp(argv[iter_argv], "-h") == 0)
977 goto help;
978 }
979
Emilia Kasperd836d712016-11-04 16:06:12 +0100[diff] [blame^]980 ADD_ALL_TESTS(test_cts128, OSSL_NELEM(cts128_vectors));
981 ADD_ALL_TESTS(test_cts128_nist, OSSL_NELEM(cts128_vectors));
982 ADD_ALL_TESTS(test_gcm128, OSSL_NELEM(gcm128_vectors));
Richard Levittef2ae2342016-10-27 19:57:41 +0200[diff] [blame]983
984 result = run_tests(argv[0]);
985
986 if (benchmark)
987 benchmark_gcm128(K1, sizeof(K1), IV1, sizeof(IV1));
988
989 return result;
990
991 help:
992 printf("-h\tThis help\n");
993 printf("-b\tBenchmark gcm128 in addition to the tests\n");
994
995 return 0;
996}