1 /*
2 * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* Internal tests for the modes module */
11
12 /*
13 * This file uses the low level AES functions (which are deprecated for
14 * non-internal use) in order to test the modes code
15 */
16 #include "internal/deprecated.h"
17
18 #include <stdio.h>
19 #include <string.h>
20
21 #include <openssl/aes.h>
22 #include <openssl/modes.h>
23 #include "testutil.h"
24 #include "crypto/modes.h"
25 #include "internal/nelem.h"
26
27 typedef struct {
28 size_t size;
29 const unsigned char *data;
30 } SIZED_DATA;
31
32 /**********************************************************************
33 *
34 * Test of cts128
35 *
36 ***/
37
38 /* cts128 test vectors from RFC 3962 */
39 static const unsigned char cts128_test_key[16] = "chicken teriyaki";
40 static const unsigned char cts128_test_input[64] = "I would like the"
41 " General Gau's C"
42 "hicken, please, "
43 "and wonton soup.";
44 static const unsigned char cts128_test_iv[] = {
45 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
46 };
47
48 static const unsigned char vector_17[17] = {
49 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
50 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
51 0x97
52 };
53
54 static const unsigned char vector_31[31] = {
55 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
56 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
57 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
58 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
59 };
60
61 static const unsigned char vector_32[32] = {
62 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
63 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
64 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
65 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
66 };
67
68 static const unsigned char vector_47[47] = {
69 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
70 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
71 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
72 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
73 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
74 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
75 };
76
77 static const unsigned char vector_48[48] = {
78 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
79 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
80 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
81 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
82 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
83 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
84 };
85
86 static const unsigned char vector_64[64] = {
87 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
88 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
89 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
90 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
91 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
92 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
93 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
94 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
95 };
96
97 #define CTS128_TEST_VECTOR(len) \
98 { \
99 sizeof(vector_##len), vector_##len \
100 }
101 static const SIZED_DATA aes_cts128_vectors[] = {
102 CTS128_TEST_VECTOR(17),
103 CTS128_TEST_VECTOR(31),
104 CTS128_TEST_VECTOR(32),
105 CTS128_TEST_VECTOR(47),
106 CTS128_TEST_VECTOR(48),
107 CTS128_TEST_VECTOR(64),
108 };
109
cts128_encrypt_key_schedule(void)110 static AES_KEY *cts128_encrypt_key_schedule(void)
111 {
112 static int init_key = 1;
113 static AES_KEY ks;
114
115 if (init_key) {
116 AES_set_encrypt_key(cts128_test_key, 128, &ks);
117 init_key = 0;
118 }
119 return &ks;
120 }
121
cts128_decrypt_key_schedule(void)122 static AES_KEY *cts128_decrypt_key_schedule(void)
123 {
124 static int init_key = 1;
125 static AES_KEY ks;
126
127 if (init_key) {
128 AES_set_decrypt_key(cts128_test_key, 128, &ks);
129 init_key = 0;
130 }
131 return &ks;
132 }
133
134 typedef struct {
135 const char *case_name;
136 size_t (*last_blocks_correction)(const unsigned char *in,
137 unsigned char *out, size_t len);
138 size_t (*encrypt_block)(const unsigned char *in,
139 unsigned char *out, size_t len,
140 const void *key, unsigned char ivec[16],
141 block128_f block);
142 size_t (*encrypt_stream)(const unsigned char *in, unsigned char *out,
143 size_t len, const void *key,
144 unsigned char ivec[16], cbc128_f cbc);
145 size_t (*decrypt_block)(const unsigned char *in,
146 unsigned char *out, size_t len,
147 const void *key, unsigned char ivec[16],
148 block128_f block);
149 size_t (*decrypt_stream)(const unsigned char *in, unsigned char *out,
150 size_t len, const void *key,
151 unsigned char ivec[16], cbc128_f cbc);
152 } CTS128_FIXTURE;
153
last_blocks_correction(const unsigned char * in,unsigned char * out,size_t len)154 static size_t last_blocks_correction(const unsigned char *in,
155 unsigned char *out, size_t len)
156 {
157 size_t tail;
158
159 memcpy(out, in, len);
160 if ((tail = len % 16) == 0)
161 tail = 16;
162 tail += 16;
163
164 return tail;
165 }
166
last_blocks_correction_nist(const unsigned char * in,unsigned char * out,size_t len)167 static size_t last_blocks_correction_nist(const unsigned char *in,
168 unsigned char *out, size_t len)
169 {
170 size_t tail;
171
172 if ((tail = len % 16) == 0)
173 tail = 16;
174 len -= 16 + tail;
175 memcpy(out, in, len);
176 /* flip two last blocks */
177 memcpy(out + len, in + len + 16, tail);
178 memcpy(out + len + tail, in + len, 16);
179 len += 16 + tail;
180 tail = 16;
181
182 return tail;
183 }
184
execute_cts128(const CTS128_FIXTURE * fixture,int num)185 static int execute_cts128(const CTS128_FIXTURE *fixture, int num)
186 {
187 const unsigned char *test_iv = cts128_test_iv;
188 size_t test_iv_len = sizeof(cts128_test_iv);
189 const unsigned char *orig_vector = aes_cts128_vectors[num].data;
190 size_t len = aes_cts128_vectors[num].size;
191 const unsigned char *test_input = cts128_test_input;
192 const AES_KEY *encrypt_key_schedule = cts128_encrypt_key_schedule();
193 const AES_KEY *decrypt_key_schedule = cts128_decrypt_key_schedule();
194 unsigned char iv[16];
195 /* The largest test inputs are = 64 bytes. */
196 unsigned char cleartext[64], ciphertext[64], vector[64];
197 size_t tail, size;
198
199 TEST_info("%s_vector_%lu", fixture->case_name, (unsigned long)len);
200
201 tail = fixture->last_blocks_correction(orig_vector, vector, len);
202
203 /* test block-based encryption */
204 memcpy(iv, test_iv, test_iv_len);
205 if (!TEST_size_t_eq(fixture->encrypt_block(test_input, ciphertext, len,
206 encrypt_key_schedule, iv,
207 (block128_f)AES_encrypt),
208 len)
209 || !TEST_mem_eq(ciphertext, len, vector, len)
210 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
211 return 0;
212
213 /* test block-based decryption */
214 memcpy(iv, test_iv, test_iv_len);
215 size = fixture->decrypt_block(ciphertext, cleartext, len,
216 decrypt_key_schedule, iv,
217 (block128_f)AES_decrypt);
218 if (!TEST_true(len == size || len + 16 == size)
219 || !TEST_mem_eq(cleartext, len, test_input, len)
220 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
221 return 0;
222
223 /* test streamed encryption */
224 memcpy(iv, test_iv, test_iv_len);
225 if (!TEST_size_t_eq(fixture->encrypt_stream(test_input, ciphertext, len,
226 encrypt_key_schedule, iv,
227 (cbc128_f)AES_cbc_encrypt),
228 len)
229 || !TEST_mem_eq(ciphertext, len, vector, len)
230 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
231 return 0;
232
233 /* test streamed decryption */
234 memcpy(iv, test_iv, test_iv_len);
235 if (!TEST_size_t_eq(fixture->decrypt_stream(ciphertext, cleartext, len,
236 decrypt_key_schedule, iv,
237 (cbc128_f)AES_cbc_encrypt),
238 len)
239 || !TEST_mem_eq(cleartext, len, test_input, len)
240 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
241 return 0;
242
243 return 1;
244 }
245
test_aes_cts128(int idx)246 static int test_aes_cts128(int idx)
247 {
248 static const CTS128_FIXTURE fixture_cts128 = {
249 "aes_cts128", last_blocks_correction,
250 CRYPTO_cts128_encrypt_block, CRYPTO_cts128_encrypt,
251 CRYPTO_cts128_decrypt_block, CRYPTO_cts128_decrypt
252 };
253
254 return execute_cts128(&fixture_cts128, idx);
255 }
256
test_aes_cts128_nist(int idx)257 static int test_aes_cts128_nist(int idx)
258 {
259 static const CTS128_FIXTURE fixture_cts128_nist = {
260 "aes_cts128_nist", last_blocks_correction_nist,
261 CRYPTO_nistcts128_encrypt_block, CRYPTO_nistcts128_encrypt,
262 CRYPTO_nistcts128_decrypt_block, CRYPTO_nistcts128_decrypt
263 };
264
265 return execute_cts128(&fixture_cts128_nist, idx);
266 }
267
268 /*
269 *
270 * Test of gcm128
271 *
272 */
273
274 /* Test Case 1 */
275 static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 };
276 static const u8 T1[] = {
277 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
278 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a
279 };
280
281 /* Test Case 2 */
282 #define K2 K1
283 #define A2 A1
284 #define IV2 IV1
285 static const u8 P2[16];
286 static const u8 C2[] = {
287 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
288 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78
289 };
290
291 static const u8 T2[] = {
292 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
293 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf
294 };
295
296 /* Test Case 3 */
297 #define A3 A2
298 static const u8 K3[] = {
299 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
300 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
301 };
302
303 static const u8 P3[] = {
304 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
305 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
306 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
307 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
308 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
309 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
310 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
311 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
312 };
313
314 static const u8 IV3[] = {
315 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
316 0xde, 0xca, 0xf8, 0x88
317 };
318
319 static const u8 C3[] = {
320 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
321 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
322 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
323 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
324 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
325 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
326 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
327 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85
328 };
329
330 static const u8 T3[] = {
331 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
332 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4
333 };
334
335 /* Test Case 4 */
336 #define K4 K3
337 #define IV4 IV3
338 static const u8 P4[] = {
339 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
340 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
341 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
342 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
343 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
344 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
345 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
346 0xba, 0x63, 0x7b, 0x39
347 };
348
349 static const u8 A4[] = {
350 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
351 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
352 0xab, 0xad, 0xda, 0xd2
353 };
354
355 static const u8 C4[] = {
356 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
357 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
358 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
359 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
360 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
361 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
362 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
363 0x3d, 0x58, 0xe0, 0x91
364 };
365
366 static const u8 T4[] = {
367 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
368 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47
369 };
370
371 /* Test Case 5 */
372 #define K5 K4
373 #define P5 P4
374 #define A5 A4
375 static const u8 IV5[] = {
376 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
377 };
378
379 static const u8 C5[] = {
380 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
381 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
382 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
383 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
384 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
385 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
386 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
387 0xc2, 0x3f, 0x45, 0x98
388 };
389
390 static const u8 T5[] = {
391 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
392 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb
393 };
394
395 /* Test Case 6 */
396 #define K6 K5
397 #define P6 P5
398 #define A6 A5
399 static const u8 IV6[] = {
400 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
401 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
402 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
403 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
404 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
405 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
406 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
407 0xa6, 0x37, 0xb3, 0x9b
408 };
409
410 static const u8 C6[] = {
411 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
412 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
413 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
414 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
415 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
416 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
417 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
418 0x4c, 0x34, 0xae, 0xe5
419 };
420
421 static const u8 T6[] = {
422 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
423 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50
424 };
425
426 /* Test Case 7 */
427 static const u8 K7[24], P7[] = { 0 }, A7[] = { 0 }, IV7[12], C7[] = { 0 };
428 static const u8 T7[] = {
429 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
430 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35
431 };
432
433 /* Test Case 8 */
434 #define K8 K7
435 #define IV8 IV7
436 #define A8 A7
437 static const u8 P8[16];
438 static const u8 C8[] = {
439 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
440 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00
441 };
442
443 static const u8 T8[] = {
444 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
445 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb
446 };
447
448 /* Test Case 9 */
449 #define A9 A8
450 static const u8 K9[] = {
451 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
452 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
453 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
454 };
455
456 static const u8 P9[] = {
457 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
458 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
459 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
460 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
461 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
462 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
463 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
464 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
465 };
466
467 static const u8 IV9[] = {
468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
469 0xde, 0xca, 0xf8, 0x88
470 };
471
472 static const u8 C9[] = {
473 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
474 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
475 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
476 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
477 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
478 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
479 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
480 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56
481 };
482
483 static const u8 T9[] = {
484 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
485 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14
486 };
487
488 /* Test Case 10 */
489 #define K10 K9
490 #define IV10 IV9
491 static const u8 P10[] = {
492 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
493 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
494 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
495 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
496 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
497 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
498 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
499 0xba, 0x63, 0x7b, 0x39
500 };
501
502 static const u8 A10[] = {
503 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
504 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
505 0xab, 0xad, 0xda, 0xd2
506 };
507
508 static const u8 C10[] = {
509 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
510 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
511 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
512 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
513 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
514 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
515 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
516 0xcc, 0xda, 0x27, 0x10
517 };
518
519 static const u8 T10[] = {
520 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
521 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c
522 };
523
524 /* Test Case 11 */
525 #define K11 K10
526 #define P11 P10
527 #define A11 A10
528 static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
529
530 static const u8 C11[] = {
531 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
532 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
533 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
534 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
535 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
536 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
537 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
538 0xa0, 0xf0, 0x62, 0xf7
539 };
540
541 static const u8 T11[] = {
542 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
543 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8
544 };
545
546 /* Test Case 12 */
547 #define K12 K11
548 #define P12 P11
549 #define A12 A11
550 static const u8 IV12[] = {
551 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
552 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
553 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
554 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
555 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
556 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
557 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
558 0xa6, 0x37, 0xb3, 0x9b
559 };
560
561 static const u8 C12[] = {
562 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
563 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
564 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
565 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
566 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
567 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
568 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
569 0xe9, 0xb7, 0x37, 0x3b
570 };
571
572 static const u8 T12[] = {
573 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
574 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
575 };
576
577 /* Test Case 13 */
578 static const u8 K13[32], P13[] = { 0 }, A13[] = { 0 }, IV13[12], C13[] = { 0 };
579 static const u8 T13[] = {
580 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
581 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b
582 };
583
584 /* Test Case 14 */
585 #define K14 K13
586 #define A14 A13
587 static const u8 P14[16], IV14[12];
588 static const u8 C14[] = {
589 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
590 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18
591 };
592
593 static const u8 T14[] = {
594 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
595 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19
596 };
597
598 /* Test Case 15 */
599 #define A15 A14
600 static const u8 K15[] = {
601 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
602 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
603 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
604 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
605 };
606
607 static const u8 P15[] = {
608 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
609 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
610 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
611 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
612 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
613 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
614 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
615 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
616 };
617
618 static const u8 IV15[] = {
619 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
620 0xde, 0xca, 0xf8, 0x88
621 };
622
623 static const u8 C15[] = {
624 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
625 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
626 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
627 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
628 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
629 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
630 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
631 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
632 };
633
634 static const u8 T15[] = {
635 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
636 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c
637 };
638
639 /* Test Case 16 */
640 #define K16 K15
641 #define IV16 IV15
642 static const u8 P16[] = {
643 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
644 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
645 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
646 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
647 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
648 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
649 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
650 0xba, 0x63, 0x7b, 0x39
651 };
652
653 static const u8 A16[] = {
654 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
655 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
656 0xab, 0xad, 0xda, 0xd2
657 };
658
659 static const u8 C16[] = {
660 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
661 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
662 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
663 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
664 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
665 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
666 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
667 0xbc, 0xc9, 0xf6, 0x62
668 };
669
670 static const u8 T16[] = {
671 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
672 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
673 };
674
675 /* Test Case 17 */
676 #define K17 K16
677 #define P17 P16
678 #define A17 A16
679 static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
680
681 static const u8 C17[] = {
682 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
683 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
684 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
685 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
686 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
687 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
688 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
689 0xf4, 0x7c, 0x9b, 0x1f
690 };
691
692 static const u8 T17[] = {
693 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
694 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2
695 };
696
697 /* Test Case 18 */
698 #define K18 K17
699 #define P18 P17
700 #define A18 A17
701 static const u8 IV18[] = {
702 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
703 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
704 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
705 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
706 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
707 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
708 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
709 0xa6, 0x37, 0xb3, 0x9b
710 };
711
712 static const u8 C18[] = {
713 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
714 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
715 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
716 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
717 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
718 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
719 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
720 0x44, 0xae, 0x7e, 0x3f
721 };
722
723 static const u8 T18[] = {
724 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
725 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a
726 };
727
728 /* Test Case 19 */
729 #define K19 K1
730 #define P19 P1
731 #define IV19 IV1
732 #define C19 C1
733 static const u8 A19[] = {
734 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
735 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
736 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
737 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
738 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
739 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
740 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
741 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
742 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
743 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
744 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
745 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
746 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
747 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
748 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
749 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
750 };
751
752 static const u8 T19[] = {
753 0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d,
754 0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92
755 };
756
757 /* Test Case 20 */
758 #define K20 K1
759 #define A20 A1
760 /* this results in 0xff in counter LSB */
761 static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff };
762
763 static const u8 P20[288];
764 static const u8 C20[] = {
765 0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a,
766 0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14,
767 0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce,
768 0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f,
769 0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70,
770 0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18,
771 0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf,
772 0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49,
773 0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab,
774 0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c,
775 0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c,
776 0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29,
777 0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1,
778 0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76,
779 0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2,
780 0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce,
781 0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f,
782 0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86,
783 0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb,
784 0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18,
785 0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65,
786 0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42,
787 0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b,
788 0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06,
789 0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24,
790 0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c,
791 0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4,
792 0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64,
793 0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03,
794 0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6,
795 0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90,
796 0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74,
797 0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67,
798 0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46,
799 0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78,
800 0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c
801 };
802
803 static const u8 T20[] = {
804 0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a,
805 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f
806 };
807
808 #define GCM128_TEST_VECTOR(n) \
809 { \
810 { sizeof(K##n), K##n }, \
811 { sizeof(IV##n), IV##n }, \
812 { sizeof(A##n), A##n }, \
813 { sizeof(P##n), P##n }, \
814 { sizeof(C##n), C##n }, \
815 { \
816 sizeof(T##n), T##n \
817 } \
818 }
819 static struct gcm128_data {
820 const SIZED_DATA K;
821 const SIZED_DATA IV;
822 const SIZED_DATA A;
823 const SIZED_DATA P;
824 const SIZED_DATA C;
825 const SIZED_DATA T;
826 } gcm128_vectors[] = {
827 GCM128_TEST_VECTOR(1),
828 GCM128_TEST_VECTOR(2),
829 GCM128_TEST_VECTOR(3),
830 GCM128_TEST_VECTOR(4),
831 GCM128_TEST_VECTOR(5),
832 GCM128_TEST_VECTOR(6),
833 GCM128_TEST_VECTOR(7),
834 GCM128_TEST_VECTOR(8),
835 GCM128_TEST_VECTOR(9),
836 GCM128_TEST_VECTOR(10),
837 GCM128_TEST_VECTOR(11),
838 GCM128_TEST_VECTOR(12),
839 GCM128_TEST_VECTOR(13),
840 GCM128_TEST_VECTOR(14),
841 GCM128_TEST_VECTOR(15),
842 GCM128_TEST_VECTOR(16),
843 GCM128_TEST_VECTOR(17),
844 GCM128_TEST_VECTOR(18),
845 GCM128_TEST_VECTOR(19),
846 GCM128_TEST_VECTOR(20)
847 };
848
test_gcm128(int idx)849 static int test_gcm128(int idx)
850 {
851 unsigned char out[512];
852 SIZED_DATA K = gcm128_vectors[idx].K;
853 SIZED_DATA IV = gcm128_vectors[idx].IV;
854 SIZED_DATA A = gcm128_vectors[idx].A;
855 SIZED_DATA P = gcm128_vectors[idx].P;
856 SIZED_DATA C = gcm128_vectors[idx].C;
857 SIZED_DATA T = gcm128_vectors[idx].T;
858 GCM128_CONTEXT ctx;
859 AES_KEY key;
860
861 /* Size 1 inputs are special-cased to signal NULL. */
862 if (A.size == 1)
863 A.data = NULL;
864 if (P.size == 1)
865 P.data = NULL;
866 if (C.size == 1)
867 C.data = NULL;
868
869 AES_set_encrypt_key(K.data, K.size * 8, &key);
870
871 CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt);
872 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
873 memset(out, 0, P.size);
874 if (A.data != NULL)
875 CRYPTO_gcm128_aad(&ctx, A.data, A.size);
876 if (P.data != NULL)
877 if (!TEST_int_ge(CRYPTO_gcm128_encrypt(&ctx, P.data, out, P.size), 0))
878 return 0;
879 if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
880 || (C.data != NULL
881 && !TEST_mem_eq(out, P.size, C.data, P.size)))
882 return 0;
883
884 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
885 memset(out, 0, P.size);
886 if (A.data != NULL)
887 CRYPTO_gcm128_aad(&ctx, A.data, A.size);
888 if (C.data != NULL)
889 CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size);
890 if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
891 || (P.data != NULL
892 && !TEST_mem_eq(out, P.size, P.data, P.size)))
893 return 0;
894
895 return 1;
896 }
897
setup_tests(void)898 int setup_tests(void)
899 {
900 ADD_ALL_TESTS(test_aes_cts128, OSSL_NELEM(aes_cts128_vectors));
901 ADD_ALL_TESTS(test_aes_cts128_nist, OSSL_NELEM(aes_cts128_vectors));
902 ADD_ALL_TESTS(test_gcm128, OSSL_NELEM(gcm128_vectors));
903 return 1;
904 }
905