2 * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* Internal tests for the modes module */
15 #include <openssl/aes.h>
16 #include <openssl/modes.h>
17 #include "../crypto/modes/modes_lcl.h"
19 #include "internal/nelem.h"
23 const unsigned char *data;
26 /**********************************************************************
32 /* cts128 test vectors from RFC 3962 */
33 static const unsigned char cts128_test_key[16] = "chicken teriyaki";
34 static const unsigned char cts128_test_input[64] =
35 "I would like the" " General Gau's C"
36 "hicken, please, " "and wonton soup.";
37 static const unsigned char cts128_test_iv[] =
38 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
40 static const unsigned char vector_17[17] = {
41 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
42 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
46 static const unsigned char vector_31[31] = {
47 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
48 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
49 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
50 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
53 static const unsigned char vector_32[32] = {
54 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
55 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
56 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
57 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
60 static const unsigned char vector_47[47] = {
61 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
62 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
63 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
64 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
65 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
66 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
69 static const unsigned char vector_48[48] = {
70 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
71 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
72 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
73 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
74 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
75 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
78 static const unsigned char vector_64[64] = {
79 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
80 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
81 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
82 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
83 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
84 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
85 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
86 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
89 #define CTS128_TEST_VECTOR(len) \
91 sizeof(vector_##len), vector_##len \
93 static const SIZED_DATA aes_cts128_vectors[] = {
94 CTS128_TEST_VECTOR(17),
95 CTS128_TEST_VECTOR(31),
96 CTS128_TEST_VECTOR(32),
97 CTS128_TEST_VECTOR(47),
98 CTS128_TEST_VECTOR(48),
99 CTS128_TEST_VECTOR(64),
102 static AES_KEY *cts128_encrypt_key_schedule()
104 static int init_key = 1;
108 AES_set_encrypt_key(cts128_test_key, 128, &ks);
114 static AES_KEY *cts128_decrypt_key_schedule()
116 static int init_key = 1;
120 AES_set_decrypt_key(cts128_test_key, 128, &ks);
127 const char *case_name;
128 size_t (*last_blocks_correction)(const unsigned char *in,
129 unsigned char *out, size_t len);
130 size_t (*encrypt_block)(const unsigned char *in,
131 unsigned char *out, size_t len,
132 const void *key, unsigned char ivec[16],
134 size_t (*encrypt_stream)(const unsigned char *in, unsigned char *out,
135 size_t len, const void *key,
136 unsigned char ivec[16], cbc128_f cbc);
137 size_t (*decrypt_block)(const unsigned char *in,
138 unsigned char *out, size_t len,
139 const void *key, unsigned char ivec[16],
141 size_t (*decrypt_stream)(const unsigned char *in, unsigned char *out,
142 size_t len, const void *key,
143 unsigned char ivec[16], cbc128_f cbc);
146 static size_t last_blocks_correction(const unsigned char *in,
147 unsigned char *out, size_t len)
151 memcpy(out, in, len);
152 if ((tail = len % 16) == 0)
159 static size_t last_blocks_correction_nist(const unsigned char *in,
160 unsigned char *out, size_t len)
164 if ((tail = len % 16) == 0)
167 memcpy(out, in, len);
168 /* flip two last blocks */
169 memcpy(out + len, in + len + 16, tail);
170 memcpy(out + len + tail, in + len, 16);
177 static int execute_cts128(const CTS128_FIXTURE *fixture, int num)
179 const unsigned char *test_iv = cts128_test_iv;
180 size_t test_iv_len = sizeof(cts128_test_iv);
181 const unsigned char *orig_vector = aes_cts128_vectors[num].data;
182 size_t len = aes_cts128_vectors[num].size;
183 const unsigned char *test_input = cts128_test_input;
184 const AES_KEY *encrypt_key_schedule = cts128_encrypt_key_schedule();
185 const AES_KEY *decrypt_key_schedule = cts128_decrypt_key_schedule();
186 unsigned char iv[16];
187 /* The largest test inputs are = 64 bytes. */
188 unsigned char cleartext[64], ciphertext[64], vector[64];
191 TEST_info("%s_vector_%lu", fixture->case_name, (unsigned long)len);
193 tail = fixture->last_blocks_correction(orig_vector, vector, len);
195 /* test block-based encryption */
196 memcpy(iv, test_iv, test_iv_len);
197 if (!TEST_size_t_eq(fixture->encrypt_block(test_input, ciphertext, len,
198 encrypt_key_schedule, iv,
199 (block128_f)AES_encrypt), len)
200 || !TEST_mem_eq(ciphertext, len, vector, len)
201 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
204 /* test block-based decryption */
205 memcpy(iv, test_iv, test_iv_len);
206 size = fixture->decrypt_block(ciphertext, cleartext, len,
207 decrypt_key_schedule, iv,
208 (block128_f)AES_decrypt);
209 if (!TEST_true(len == size || len + 16 == size)
210 || !TEST_mem_eq(cleartext, len, test_input, len)
211 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
214 /* test streamed encryption */
215 memcpy(iv, test_iv, test_iv_len);
216 if (!TEST_size_t_eq(fixture->encrypt_stream(test_input, ciphertext, len,
217 encrypt_key_schedule, iv,
218 (cbc128_f) AES_cbc_encrypt),
220 || !TEST_mem_eq(ciphertext, len, vector, len)
221 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
224 /* test streamed decryption */
225 memcpy(iv, test_iv, test_iv_len);
226 if (!TEST_size_t_eq(fixture->decrypt_stream(ciphertext, cleartext, len,
227 decrypt_key_schedule, iv,
228 (cbc128_f)AES_cbc_encrypt),
230 || !TEST_mem_eq(cleartext, len, test_input, len)
231 || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
237 static int test_aes_cts128(int idx)
239 static const CTS128_FIXTURE fixture_cts128 = {
240 "aes_cts128", last_blocks_correction,
241 CRYPTO_cts128_encrypt_block, CRYPTO_cts128_encrypt,
242 CRYPTO_cts128_decrypt_block, CRYPTO_cts128_decrypt
245 return execute_cts128(&fixture_cts128, idx);
248 static int test_aes_cts128_nist(int idx)
250 static const CTS128_FIXTURE fixture_cts128_nist = {
251 "aes_cts128_nist", last_blocks_correction_nist,
252 CRYPTO_nistcts128_encrypt_block, CRYPTO_nistcts128_encrypt,
253 CRYPTO_nistcts128_decrypt_block, CRYPTO_nistcts128_decrypt
256 return execute_cts128(&fixture_cts128_nist, idx);
266 static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 };
267 static const u8 T1[] = {
268 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
269 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a
276 static const u8 P2[16];
277 static const u8 C2[] = {
278 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
279 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78
282 static const u8 T2[] = {
283 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
284 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf
289 static const u8 K3[] = {
290 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
291 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
294 static const u8 P3[] = {
295 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
296 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
297 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
298 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
299 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
300 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
301 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
302 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
305 static const u8 IV3[] = {
306 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
307 0xde, 0xca, 0xf8, 0x88
310 static const u8 C3[] = {
311 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
312 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
313 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
314 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
315 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
316 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
317 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
318 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85
321 static const u8 T3[] = {
322 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
323 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4
329 static const u8 P4[] = {
330 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
331 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
332 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
333 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
334 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
335 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
336 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
337 0xba, 0x63, 0x7b, 0x39
340 static const u8 A4[] = {
341 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
342 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
343 0xab, 0xad, 0xda, 0xd2
346 static const u8 C4[] = {
347 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
348 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
349 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
350 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
351 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
352 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
353 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
354 0x3d, 0x58, 0xe0, 0x91
357 static const u8 T4[] = {
358 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
359 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47
366 static const u8 IV5[] = {
367 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
370 static const u8 C5[] = {
371 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
372 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
373 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
374 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
375 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
376 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
377 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
378 0xc2, 0x3f, 0x45, 0x98
381 static const u8 T5[] = {
382 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
383 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb
390 static const u8 IV6[] = {
391 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
392 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
393 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
394 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
395 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
396 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
397 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
398 0xa6, 0x37, 0xb3, 0x9b
401 static const u8 C6[] = {
402 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
403 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
404 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
405 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
406 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
407 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
408 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
409 0x4c, 0x34, 0xae, 0xe5
412 static const u8 T6[] = {
413 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
414 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50
418 static const u8 K7[24], P7[] = { 0 }, A7[] = { 0 }, IV7[12], C7[] = { 0 };
419 static const u8 T7[] = {
420 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
421 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35
428 static const u8 P8[16];
429 static const u8 C8[] = {
430 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
431 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00
434 static const u8 T8[] = {
435 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
436 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb
441 static const u8 K9[] = {
442 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
443 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
444 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
447 static const u8 P9[] = {
448 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
449 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
450 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
451 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
452 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
453 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
454 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
455 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
458 static const u8 IV9[] = {
459 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
460 0xde, 0xca, 0xf8, 0x88
463 static const u8 C9[] = {
464 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
465 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
466 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
467 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
468 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
469 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
470 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
471 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56
474 static const u8 T9[] = {
475 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
476 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14
482 static const u8 P10[] = {
483 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
484 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
485 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
486 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
487 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
488 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
489 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
490 0xba, 0x63, 0x7b, 0x39
493 static const u8 A10[] = {
494 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
495 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
496 0xab, 0xad, 0xda, 0xd2
499 static const u8 C10[] = {
500 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
501 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
502 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
503 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
504 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
505 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
506 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
507 0xcc, 0xda, 0x27, 0x10
510 static const u8 T10[] = {
511 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
512 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c
519 static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
521 static const u8 C11[] = {
522 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
523 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
524 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
525 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
526 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
527 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
528 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
529 0xa0, 0xf0, 0x62, 0xf7
532 static const u8 T11[] = {
533 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
534 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8
541 static const u8 IV12[] = {
542 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
543 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
544 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
545 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
546 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
547 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
548 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
549 0xa6, 0x37, 0xb3, 0x9b
552 static const u8 C12[] = {
553 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
554 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
555 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
556 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
557 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
558 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
559 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
560 0xe9, 0xb7, 0x37, 0x3b
563 static const u8 T12[] = {
564 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
565 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
569 static const u8 K13[32], P13[] = { 0 }, A13[] = { 0 }, IV13[12], C13[] = { 0 };
570 static const u8 T13[] = {
571 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
572 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b
578 static const u8 P14[16], IV14[12];
579 static const u8 C14[] = {
580 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
581 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18
584 static const u8 T14[] = {
585 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
586 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19
591 static const u8 K15[] = {
592 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
593 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
594 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
595 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
598 static const u8 P15[] = {
599 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
600 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
601 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
602 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
603 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
604 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
605 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
606 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
609 static const u8 IV15[] = {
610 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
611 0xde, 0xca, 0xf8, 0x88
614 static const u8 C15[] = {
615 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
616 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
617 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
618 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
619 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
620 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
621 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
622 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
625 static const u8 T15[] = {
626 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
627 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c
633 static const u8 P16[] = {
634 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
635 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
636 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
637 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
638 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
639 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
640 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
641 0xba, 0x63, 0x7b, 0x39
644 static const u8 A16[] = {
645 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
646 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
647 0xab, 0xad, 0xda, 0xd2
650 static const u8 C16[] = {
651 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
652 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
653 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
654 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
655 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
656 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
657 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
658 0xbc, 0xc9, 0xf6, 0x62
661 static const u8 T16[] = {
662 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
663 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
670 static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
672 static const u8 C17[] = {
673 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
674 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
675 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
676 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
677 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
678 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
679 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
680 0xf4, 0x7c, 0x9b, 0x1f
683 static const u8 T17[] = {
684 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
685 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2
692 static const u8 IV18[] = {
693 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
694 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
695 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
696 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
697 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
698 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
699 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
700 0xa6, 0x37, 0xb3, 0x9b
703 static const u8 C18[] = {
704 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
705 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
706 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
707 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
708 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
709 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
710 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
711 0x44, 0xae, 0x7e, 0x3f
714 static const u8 T18[] = {
715 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
716 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a
724 static const u8 A19[] = {
725 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
726 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
727 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
728 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
729 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
730 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
731 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
732 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
733 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
734 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
735 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
736 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
737 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
738 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
739 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
740 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
743 static const u8 T19[] = {
744 0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d,
745 0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92
751 /* this results in 0xff in counter LSB */
752 static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff };
754 static const u8 P20[288];
755 static const u8 C20[] = {
756 0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a,
757 0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14,
758 0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce,
759 0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f,
760 0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70,
761 0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18,
762 0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf,
763 0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49,
764 0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab,
765 0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c,
766 0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c,
767 0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29,
768 0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1,
769 0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76,
770 0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2,
771 0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce,
772 0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f,
773 0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86,
774 0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb,
775 0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18,
776 0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65,
777 0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42,
778 0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b,
779 0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06,
780 0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24,
781 0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c,
782 0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4,
783 0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64,
784 0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03,
785 0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6,
786 0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90,
787 0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74,
788 0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67,
789 0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46,
790 0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78,
791 0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c
794 static const u8 T20[] = {
795 0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a,
796 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f
799 #define GCM128_TEST_VECTOR(n) \
801 {sizeof(K##n), K##n}, \
802 {sizeof(IV##n), IV##n}, \
803 {sizeof(A##n), A##n}, \
804 {sizeof(P##n), P##n}, \
805 {sizeof(C##n), C##n}, \
806 {sizeof(T##n), T##n} \
808 static struct gcm128_data {
815 } gcm128_vectors[] = {
816 GCM128_TEST_VECTOR(1),
817 GCM128_TEST_VECTOR(2),
818 GCM128_TEST_VECTOR(3),
819 GCM128_TEST_VECTOR(4),
820 GCM128_TEST_VECTOR(5),
821 GCM128_TEST_VECTOR(6),
822 GCM128_TEST_VECTOR(7),
823 GCM128_TEST_VECTOR(8),
824 GCM128_TEST_VECTOR(9),
825 GCM128_TEST_VECTOR(10),
826 GCM128_TEST_VECTOR(11),
827 GCM128_TEST_VECTOR(12),
828 GCM128_TEST_VECTOR(13),
829 GCM128_TEST_VECTOR(14),
830 GCM128_TEST_VECTOR(15),
831 GCM128_TEST_VECTOR(16),
832 GCM128_TEST_VECTOR(17),
833 GCM128_TEST_VECTOR(18),
834 GCM128_TEST_VECTOR(19),
835 GCM128_TEST_VECTOR(20)
838 static int test_gcm128(int idx)
840 unsigned char out[512];
841 SIZED_DATA K = gcm128_vectors[idx].K;
842 SIZED_DATA IV = gcm128_vectors[idx].IV;
843 SIZED_DATA A = gcm128_vectors[idx].A;
844 SIZED_DATA P = gcm128_vectors[idx].P;
845 SIZED_DATA C = gcm128_vectors[idx].C;
846 SIZED_DATA T = gcm128_vectors[idx].T;
850 /* Size 1 inputs are special-cased to signal NULL. */
858 AES_set_encrypt_key(K.data, K.size * 8, &key);
860 CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt);
861 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
862 memset(out, 0, P.size);
864 CRYPTO_gcm128_aad(&ctx, A.data, A.size);
866 CRYPTO_gcm128_encrypt( &ctx, P.data, out, P.size);
867 if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
869 && !TEST_mem_eq(out, P.size, C.data, P.size)))
872 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
873 memset(out, 0, P.size);
875 CRYPTO_gcm128_aad(&ctx, A.data, A.size);
877 CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size);
878 if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
880 && !TEST_mem_eq(out, P.size, P.data, P.size)))
886 int setup_tests(void)
888 ADD_ALL_TESTS(test_aes_cts128, OSSL_NELEM(aes_cts128_vectors));
889 ADD_ALL_TESTS(test_aes_cts128_nist, OSSL_NELEM(aes_cts128_vectors));
890 ADD_ALL_TESTS(test_gcm128, OSSL_NELEM(gcm128_vectors));