2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* Internal tests for the modes module */
15 #include <openssl/aes.h>
16 #include <openssl/modes.h>
17 #include "../crypto/modes/modes_lcl.h"
19 #include "test_main_custom.h"
24 const unsigned char *data;
27 /**********************************************************************
33 /* cts128 test vectors from RFC 3962 */
34 static const unsigned char cts128_test_key[16] = "chicken teriyaki";
35 static const unsigned char cts128_test_input[64] =
36 "I would like the" " General Gau's C"
37 "hicken, please, " "and wonton soup.";
38 static const unsigned char cts128_test_iv[] =
39 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
41 static const unsigned char vector_17[17] = {
42 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
43 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
47 static const unsigned char vector_31[31] = {
48 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
49 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
50 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
51 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
54 static const unsigned char vector_32[32] = {
55 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
56 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
57 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
58 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
61 static const unsigned char vector_47[47] = {
62 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
63 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
64 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
65 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
66 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
67 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
70 static const unsigned char vector_48[48] = {
71 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
72 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
73 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
74 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
75 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
76 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
79 static const unsigned char vector_64[64] = {
80 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
81 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
82 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
83 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
84 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
85 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
86 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
87 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
90 #define CTS128_TEST_VECTOR(len) \
92 sizeof(vector_##len), vector_##len \
94 static const SIZED_DATA cts128_vectors[] = {
95 CTS128_TEST_VECTOR(17),
96 CTS128_TEST_VECTOR(31),
97 CTS128_TEST_VECTOR(32),
98 CTS128_TEST_VECTOR(47),
99 CTS128_TEST_VECTOR(48),
100 CTS128_TEST_VECTOR(64),
103 static AES_KEY *cts128_encrypt_key_schedule()
105 static int init_key = 1;
109 AES_set_encrypt_key(cts128_test_key, 128, &ks);
115 static AES_KEY *cts128_decrypt_key_schedule()
117 static int init_key = 1;
121 AES_set_decrypt_key(cts128_test_key, 128, &ks);
128 const char *case_name;
130 size_t (*transform_output)(const unsigned char *in, unsigned char *out,
132 size_t (*encrypt_block)(const unsigned char *in,
133 unsigned char *out, size_t len,
134 const void *key, unsigned char ivec[16],
136 size_t (*encrypt)(const unsigned char *in, unsigned char *out,
137 size_t len, const void *key,
138 unsigned char ivec[16], cbc128_f cbc);
139 size_t (*decrypt_block)(const unsigned char *in,
140 unsigned char *out, size_t len,
141 const void *key, unsigned char ivec[16],
143 size_t (*decrypt)(const unsigned char *in, unsigned char *out,
144 size_t len, const void *key,
145 unsigned char ivec[16], cbc128_f cbc);
149 static CTS128_FIXTURE setup_cts128(const char *const test_case_name)
151 CTS128_FIXTURE fixture;
152 fixture.case_name = test_case_name;
156 static size_t transform_output(const unsigned char *in, unsigned char *out,
161 memcpy(out, in, len);
162 if ((tail = len % 16) == 0)
169 static size_t transform_output_nist(const unsigned char *in, unsigned char *out,
174 if ((tail = len % 16) == 0)
177 memcpy(out, in, len);
178 /* flip two last blocks */
179 memcpy(out + len, in + len + 16, tail);
180 memcpy(out + len + tail, in + len, 16);
187 static int execute_cts128(CTS128_FIXTURE fixture)
189 const unsigned char *test_iv = cts128_test_iv;
190 size_t test_iv_len = sizeof(cts128_test_iv);
191 const unsigned char *orig_vector = cts128_vectors[fixture.num].data;
192 size_t len = cts128_vectors[fixture.num].size;
193 const unsigned char *test_input = cts128_test_input;
194 const AES_KEY *encrypt_key_schedule = cts128_encrypt_key_schedule();
195 const AES_KEY *decrypt_key_schedule = cts128_decrypt_key_schedule();
196 unsigned char iv[16];
197 /* The largest test inputs are = 64 bytes. */
198 unsigned char cleartext[64], ciphertext[64], vector[64];
201 fprintf(stderr, "%s_vector_%" OSSLzu "\n", fixture.case_name, len);
204 tail = fixture.transform_output(orig_vector, vector, len);
206 /* test block-based encryption */
207 memcpy(iv, test_iv, test_iv_len);
208 fixture.encrypt_block(test_input, ciphertext, len,
209 encrypt_key_schedule, iv,
210 (block128_f)AES_encrypt);
211 if (memcmp(ciphertext, vector, len)) {
212 fprintf(stderr, "block encrypt: output_%" OSSLzu " mismatch\n", len);
215 if (memcmp(iv, vector + len - tail, sizeof(iv))) {
216 fprintf(stderr, "block encrypt: iv_%" OSSLzu " mismatch\n", len);
220 /* test block-based decryption */
221 memcpy(iv, test_iv, test_iv_len);
222 fixture.decrypt_block(ciphertext, cleartext, len,
223 decrypt_key_schedule, iv,
224 (block128_f)AES_decrypt);
225 if (memcmp(cleartext, test_input, len)) {
226 fprintf(stderr, "block decrypt: input_%" OSSLzu " mismatch\n", len);
229 if (memcmp(iv, vector + len - tail, sizeof(iv))) {
230 fprintf(stderr, "block decrypt: iv_%" OSSLzu " mismatch\n", len);
234 /* test streamed encryption */
235 memcpy(iv, test_iv, test_iv_len);
236 fixture.encrypt(test_input, ciphertext, len, encrypt_key_schedule,
237 iv, (cbc128_f) AES_cbc_encrypt);
238 if (memcmp(ciphertext, vector, len)) {
239 fprintf(stderr, "stream encrypt: output_%" OSSLzu " mismatch\n", len);
242 if (memcmp(iv, vector + len - tail, sizeof(iv))) {
243 fprintf(stderr, "stream encrypt: iv_%" OSSLzu " mismatch\n", len);
247 /* test streamed decryption */
248 memcpy(iv, test_iv, test_iv_len);
249 fixture.decrypt(ciphertext, cleartext, len, decrypt_key_schedule, iv,
250 (cbc128_f)AES_cbc_encrypt);
251 if (memcmp(cleartext, test_input, len)) {
252 fprintf(stderr, "stream decrypt: input_%" OSSLzu " mismatch\n", len);
255 if (memcmp(iv, vector + len - tail, sizeof(iv))) {
256 fprintf(stderr, "stream decrypt: iv_%" OSSLzu " mismatch\n", len);
263 static int test_cts128(int idx)
265 SETUP_TEST_FIXTURE(CTS128_FIXTURE, setup_cts128);
266 fixture.transform_output = transform_output;
267 fixture.encrypt_block = CRYPTO_cts128_encrypt_block;
268 fixture.encrypt = CRYPTO_cts128_encrypt;
269 fixture.decrypt_block = CRYPTO_cts128_decrypt_block;
270 fixture.decrypt = CRYPTO_cts128_decrypt;
271 fixture.case_name = "cts128";
273 EXECUTE_TEST_NO_TEARDOWN(execute_cts128);
276 static int test_cts128_nist(int idx)
278 SETUP_TEST_FIXTURE(CTS128_FIXTURE, setup_cts128);
279 fixture.transform_output = transform_output_nist;
280 fixture.encrypt_block = CRYPTO_nistcts128_encrypt_block;
281 fixture.encrypt = CRYPTO_nistcts128_encrypt;
282 fixture.decrypt_block = CRYPTO_nistcts128_decrypt_block;
283 fixture.decrypt = CRYPTO_nistcts128_decrypt;
284 fixture.case_name = "cts128_nist";
286 EXECUTE_TEST_NO_TEARDOWN(execute_cts128);
289 /**********************************************************************
296 static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 };
297 static const u8 T1[] = {
298 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
299 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a
306 static const u8 P2[16];
307 static const u8 C2[] = {
308 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
309 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78
312 static const u8 T2[] = {
313 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
314 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf
319 static const u8 K3[] = {
320 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
321 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
324 static const u8 P3[] = {
325 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
326 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
327 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
328 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
329 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
330 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
331 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
332 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
335 static const u8 IV3[] = {
336 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
337 0xde, 0xca, 0xf8, 0x88
340 static const u8 C3[] = {
341 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
342 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
343 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
344 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
345 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
346 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
347 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
348 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85
351 static const u8 T3[] = {
352 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
353 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4
359 static const u8 P4[] = {
360 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
361 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
362 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
363 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
364 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
365 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
366 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
367 0xba, 0x63, 0x7b, 0x39
370 static const u8 A4[] = {
371 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
372 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
373 0xab, 0xad, 0xda, 0xd2
376 static const u8 C4[] = {
377 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
378 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
379 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
380 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
381 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
382 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
383 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
384 0x3d, 0x58, 0xe0, 0x91
387 static const u8 T4[] = {
388 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
389 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47
396 static const u8 IV5[] = {
397 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
400 static const u8 C5[] = {
401 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
402 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
403 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
404 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
405 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
406 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
407 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
408 0xc2, 0x3f, 0x45, 0x98
411 static const u8 T5[] = {
412 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
413 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb
420 static const u8 IV6[] = {
421 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
422 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
423 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
424 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
425 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
426 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
427 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
428 0xa6, 0x37, 0xb3, 0x9b
431 static const u8 C6[] = {
432 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
433 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
434 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
435 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
436 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
437 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
438 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
439 0x4c, 0x34, 0xae, 0xe5
442 static const u8 T6[] = {
443 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
444 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50
448 static const u8 K7[24], P7[] = { 0 }, A7[] = { 0 }, IV7[12], C7[] = { 0 };
449 static const u8 T7[] = {
450 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
451 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35
458 static const u8 P8[16];
459 static const u8 C8[] = {
460 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
461 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00
464 static const u8 T8[] = {
465 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
466 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb
471 static const u8 K9[] = {
472 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
473 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
474 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
477 static const u8 P9[] = {
478 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
479 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
480 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
481 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
482 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
483 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
484 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
485 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
488 static const u8 IV9[] = {
489 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
490 0xde, 0xca, 0xf8, 0x88
493 static const u8 C9[] = {
494 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
495 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
496 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
497 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
498 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
499 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
500 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
501 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56
504 static const u8 T9[] = {
505 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
506 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14
512 static const u8 P10[] = {
513 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
514 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
515 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
516 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
517 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
518 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
519 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
520 0xba, 0x63, 0x7b, 0x39
523 static const u8 A10[] = {
524 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
525 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
526 0xab, 0xad, 0xda, 0xd2
529 static const u8 C10[] = {
530 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
531 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
532 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
533 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
534 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
535 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
536 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
537 0xcc, 0xda, 0x27, 0x10
540 static const u8 T10[] = {
541 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
542 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c
549 static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
551 static const u8 C11[] = {
552 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
553 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
554 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
555 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
556 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
557 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
558 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
559 0xa0, 0xf0, 0x62, 0xf7
562 static const u8 T11[] = {
563 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
564 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8
571 static const u8 IV12[] = {
572 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
573 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
574 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
575 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
576 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
577 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
578 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
579 0xa6, 0x37, 0xb3, 0x9b
582 static const u8 C12[] = {
583 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
584 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
585 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
586 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
587 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
588 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
589 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
590 0xe9, 0xb7, 0x37, 0x3b
593 static const u8 T12[] = {
594 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
595 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
599 static const u8 K13[32], P13[] = { 0 }, A13[] = { 0 }, IV13[12], C13[] = { 0 };
600 static const u8 T13[] = {
601 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
602 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b
608 static const u8 P14[16], IV14[12];
609 static const u8 C14[] = {
610 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
611 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18
614 static const u8 T14[] = {
615 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
616 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19
621 static const u8 K15[] = {
622 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
623 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
624 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
625 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
628 static const u8 P15[] = {
629 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
630 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
631 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
632 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
633 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
634 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
635 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
636 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
639 static const u8 IV15[] = {
640 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
641 0xde, 0xca, 0xf8, 0x88
644 static const u8 C15[] = {
645 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
646 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
647 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
648 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
649 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
650 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
651 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
652 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
655 static const u8 T15[] = {
656 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
657 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c
663 static const u8 P16[] = {
664 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
665 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
666 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
667 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
668 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
669 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
670 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
671 0xba, 0x63, 0x7b, 0x39
674 static const u8 A16[] = {
675 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
676 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
677 0xab, 0xad, 0xda, 0xd2
680 static const u8 C16[] = {
681 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
682 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
683 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
684 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
685 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
686 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
687 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
688 0xbc, 0xc9, 0xf6, 0x62
691 static const u8 T16[] = {
692 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
693 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
700 static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
702 static const u8 C17[] = {
703 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
704 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
705 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
706 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
707 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
708 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
709 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
710 0xf4, 0x7c, 0x9b, 0x1f
713 static const u8 T17[] = {
714 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
715 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2
722 static const u8 IV18[] = {
723 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
724 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
725 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
726 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
727 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
728 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
729 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
730 0xa6, 0x37, 0xb3, 0x9b
733 static const u8 C18[] = {
734 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
735 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
736 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
737 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
738 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
739 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
740 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
741 0x44, 0xae, 0x7e, 0x3f
744 static const u8 T18[] = {
745 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
746 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a
754 static const u8 A19[] = {
755 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
756 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
757 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
758 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
759 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
760 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
761 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
762 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
763 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
764 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
765 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
766 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
767 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
768 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
769 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
770 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
773 static const u8 T19[] = {
774 0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d,
775 0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92
781 /* this results in 0xff in counter LSB */
782 static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff };
784 static const u8 P20[288];
785 static const u8 C20[] = {
786 0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a,
787 0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14,
788 0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce,
789 0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f,
790 0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70,
791 0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18,
792 0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf,
793 0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49,
794 0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab,
795 0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c,
796 0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c,
797 0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29,
798 0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1,
799 0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76,
800 0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2,
801 0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce,
802 0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f,
803 0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86,
804 0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb,
805 0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18,
806 0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65,
807 0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42,
808 0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b,
809 0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06,
810 0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24,
811 0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c,
812 0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4,
813 0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64,
814 0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03,
815 0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6,
816 0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90,
817 0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74,
818 0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67,
819 0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46,
820 0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78,
821 0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c
824 static const u8 T20[] = {
825 0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a,
826 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f
829 #define GCM128_TEST_VECTOR(n) \
831 {sizeof(K##n), K##n}, \
832 {sizeof(IV##n), IV##n}, \
833 {sizeof(A##n), A##n}, \
834 {sizeof(P##n), P##n}, \
835 {sizeof(C##n), C##n}, \
836 {sizeof(T##n), T##n} \
838 static struct gcm128_data {
845 } gcm128_vectors[] = {
846 GCM128_TEST_VECTOR(1),
847 GCM128_TEST_VECTOR(2),
848 GCM128_TEST_VECTOR(3),
849 GCM128_TEST_VECTOR(4),
850 GCM128_TEST_VECTOR(5),
851 GCM128_TEST_VECTOR(6),
852 GCM128_TEST_VECTOR(7),
853 GCM128_TEST_VECTOR(8),
854 GCM128_TEST_VECTOR(9),
855 GCM128_TEST_VECTOR(10),
856 GCM128_TEST_VECTOR(11),
857 GCM128_TEST_VECTOR(12),
858 GCM128_TEST_VECTOR(13),
859 GCM128_TEST_VECTOR(14),
860 GCM128_TEST_VECTOR(15),
861 GCM128_TEST_VECTOR(16),
862 GCM128_TEST_VECTOR(17),
863 GCM128_TEST_VECTOR(18),
864 GCM128_TEST_VECTOR(19),
865 GCM128_TEST_VECTOR(20)
868 static int test_gcm128(int idx)
870 unsigned char out[512];
871 SIZED_DATA K = gcm128_vectors[idx].K;
872 SIZED_DATA IV = gcm128_vectors[idx].IV;
873 SIZED_DATA A = gcm128_vectors[idx].A;
874 SIZED_DATA P = gcm128_vectors[idx].P;
875 SIZED_DATA C = gcm128_vectors[idx].C;
876 SIZED_DATA T = gcm128_vectors[idx].T;
881 /* Size 1 inputs are special-cased to signal NULL. */
889 AES_set_encrypt_key(K.data, K.size * 8, &key);
891 CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt);
892 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
893 memset(out, 0, P.size);
895 CRYPTO_gcm128_aad(&ctx, A.data, A.size);
897 CRYPTO_gcm128_encrypt( &ctx, P.data, out, P.size);
898 if (CRYPTO_gcm128_finish(&ctx, T.data, 16)
899 || (C.data && memcmp(out, C.data, P.size)))
900 err++, fprintf(stderr, "encrypt test#%d failed.\n", idx);
902 CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
903 memset(out, 0, P.size);
905 CRYPTO_gcm128_aad(&ctx, A.data, A.size);
907 CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size);
908 if (CRYPTO_gcm128_finish(&ctx, T.data, 16)
909 || (P.data && memcmp(out, P.data, P.size)))
910 err++, fprintf(stderr, "decrypt test#%d failed.\n", idx);
915 static void benchmark_gcm128(const unsigned char *K, size_t Klen,
916 const unsigned char *IV, size_t IVlen)
918 #ifdef OPENSSL_CPUID_OBJ
921 size_t start, gcm_t, ctr_t, OPENSSL_rdtsc();
927 AES_set_encrypt_key(K, Klen * 8, &key);
928 CRYPTO_gcm128_init(&ctx, &key, (block128_f) AES_encrypt);
929 CRYPTO_gcm128_setiv(&ctx, IV, IVlen);
931 CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf));
932 start = OPENSSL_rdtsc();
933 CRYPTO_gcm128_encrypt(&ctx, buf.c, buf.c, sizeof(buf));
934 gcm_t = OPENSSL_rdtsc() - start;
936 CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf),
937 &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres,
938 (block128_f) AES_encrypt);
939 start = OPENSSL_rdtsc();
940 CRYPTO_ctr128_encrypt(buf.c, buf.c, sizeof(buf),
941 &key, ctx.Yi.c, ctx.EKi.c, &ctx.mres,
942 (block128_f) AES_encrypt);
943 ctr_t = OPENSSL_rdtsc() - start;
945 printf("%.2f-%.2f=%.2f\n",
946 gcm_t / (double)sizeof(buf),
947 ctr_t / (double)sizeof(buf),
948 (gcm_t - ctr_t) / (double)sizeof(buf));
951 void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
952 const u8 *inp, size_t len) = ctx.ghash;
954 GHASH((&ctx), buf.c, sizeof(buf));
955 start = OPENSSL_rdtsc();
956 for (i = 0; i < 100; ++i)
957 GHASH((&ctx), buf.c, sizeof(buf));
958 gcm_t = OPENSSL_rdtsc() - start;
959 printf("%.2f\n", gcm_t / (double)sizeof(buf) / (double)i);
964 "Benchmarking of modes isn't available on this platform\n");
968 int test_main(int argc, char **argv)
974 for (iter_argv = 1; iter_argv < argc; iter_argv++) {
975 if (strcmp(argv[iter_argv], "-b") == 0)
977 else if (strcmp(argv[iter_argv], "-h") == 0)
981 ADD_ALL_TESTS(test_cts128, OSSL_NELEM(cts128_vectors));
982 ADD_ALL_TESTS(test_cts128_nist, OSSL_NELEM(cts128_vectors));
983 ADD_ALL_TESTS(test_gcm128, OSSL_NELEM(gcm128_vectors));
985 result = run_tests(argv[0]);
988 benchmark_gcm128(K1, sizeof(K1), IV1, sizeof(IV1));
993 printf("-h\tThis help\n");
994 printf("-b\tBenchmark gcm128 in addition to the tests\n");