modes_internal_test.c 29 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899
  1. /*
  2. * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* Internal tests for the modes module */
  10. /*
  11. * This file uses the low level AES functions (which are deprecated for
  12. * non-internal use) in order to test the modes code
  13. */
  14. #include "internal/deprecated.h"
  15. #include <stdio.h>
  16. #include <string.h>
  17. #include <openssl/aes.h>
  18. #include <openssl/modes.h>
  19. #include "testutil.h"
  20. #include "crypto/modes.h"
  21. #include "internal/nelem.h"
  22. typedef struct {
  23. size_t size;
  24. const unsigned char *data;
  25. } SIZED_DATA;
  26. /**********************************************************************
  27. *
  28. * Test of cts128
  29. *
  30. ***/
  31. /* cts128 test vectors from RFC 3962 */
  32. static const unsigned char cts128_test_key[16] = "chicken teriyaki";
  33. static const unsigned char cts128_test_input[64] =
  34. "I would like the" " General Gau's C"
  35. "hicken, please, " "and wonton soup.";
  36. static const unsigned char cts128_test_iv[] =
  37. { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
  38. static const unsigned char vector_17[17] = {
  39. 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
  40. 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
  41. 0x97
  42. };
  43. static const unsigned char vector_31[31] = {
  44. 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
  45. 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
  46. 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
  47. 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
  48. };
  49. static const unsigned char vector_32[32] = {
  50. 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
  51. 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
  52. 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
  53. 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
  54. };
  55. static const unsigned char vector_47[47] = {
  56. 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
  57. 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
  58. 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
  59. 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
  60. 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
  61. 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
  62. };
  63. static const unsigned char vector_48[48] = {
  64. 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
  65. 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
  66. 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
  67. 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
  68. 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
  69. 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
  70. };
  71. static const unsigned char vector_64[64] = {
  72. 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
  73. 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
  74. 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
  75. 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
  76. 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
  77. 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
  78. 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
  79. 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
  80. };
  81. #define CTS128_TEST_VECTOR(len) \
  82. { \
  83. sizeof(vector_##len), vector_##len \
  84. }
  85. static const SIZED_DATA aes_cts128_vectors[] = {
  86. CTS128_TEST_VECTOR(17),
  87. CTS128_TEST_VECTOR(31),
  88. CTS128_TEST_VECTOR(32),
  89. CTS128_TEST_VECTOR(47),
  90. CTS128_TEST_VECTOR(48),
  91. CTS128_TEST_VECTOR(64),
  92. };
  93. static AES_KEY *cts128_encrypt_key_schedule(void)
  94. {
  95. static int init_key = 1;
  96. static AES_KEY ks;
  97. if (init_key) {
  98. AES_set_encrypt_key(cts128_test_key, 128, &ks);
  99. init_key = 0;
  100. }
  101. return &ks;
  102. }
  103. static AES_KEY *cts128_decrypt_key_schedule(void)
  104. {
  105. static int init_key = 1;
  106. static AES_KEY ks;
  107. if (init_key) {
  108. AES_set_decrypt_key(cts128_test_key, 128, &ks);
  109. init_key = 0;
  110. }
  111. return &ks;
  112. }
  113. typedef struct {
  114. const char *case_name;
  115. size_t (*last_blocks_correction)(const unsigned char *in,
  116. unsigned char *out, size_t len);
  117. size_t (*encrypt_block)(const unsigned char *in,
  118. unsigned char *out, size_t len,
  119. const void *key, unsigned char ivec[16],
  120. block128_f block);
  121. size_t (*encrypt_stream)(const unsigned char *in, unsigned char *out,
  122. size_t len, const void *key,
  123. unsigned char ivec[16], cbc128_f cbc);
  124. size_t (*decrypt_block)(const unsigned char *in,
  125. unsigned char *out, size_t len,
  126. const void *key, unsigned char ivec[16],
  127. block128_f block);
  128. size_t (*decrypt_stream)(const unsigned char *in, unsigned char *out,
  129. size_t len, const void *key,
  130. unsigned char ivec[16], cbc128_f cbc);
  131. } CTS128_FIXTURE;
  132. static size_t last_blocks_correction(const unsigned char *in,
  133. unsigned char *out, size_t len)
  134. {
  135. size_t tail;
  136. memcpy(out, in, len);
  137. if ((tail = len % 16) == 0)
  138. tail = 16;
  139. tail += 16;
  140. return tail;
  141. }
  142. static size_t last_blocks_correction_nist(const unsigned char *in,
  143. unsigned char *out, size_t len)
  144. {
  145. size_t tail;
  146. if ((tail = len % 16) == 0)
  147. tail = 16;
  148. len -= 16 + tail;
  149. memcpy(out, in, len);
  150. /* flip two last blocks */
  151. memcpy(out + len, in + len + 16, tail);
  152. memcpy(out + len + tail, in + len, 16);
  153. len += 16 + tail;
  154. tail = 16;
  155. return tail;
  156. }
  157. static int execute_cts128(const CTS128_FIXTURE *fixture, int num)
  158. {
  159. const unsigned char *test_iv = cts128_test_iv;
  160. size_t test_iv_len = sizeof(cts128_test_iv);
  161. const unsigned char *orig_vector = aes_cts128_vectors[num].data;
  162. size_t len = aes_cts128_vectors[num].size;
  163. const unsigned char *test_input = cts128_test_input;
  164. const AES_KEY *encrypt_key_schedule = cts128_encrypt_key_schedule();
  165. const AES_KEY *decrypt_key_schedule = cts128_decrypt_key_schedule();
  166. unsigned char iv[16];
  167. /* The largest test inputs are = 64 bytes. */
  168. unsigned char cleartext[64], ciphertext[64], vector[64];
  169. size_t tail, size;
  170. TEST_info("%s_vector_%lu", fixture->case_name, (unsigned long)len);
  171. tail = fixture->last_blocks_correction(orig_vector, vector, len);
  172. /* test block-based encryption */
  173. memcpy(iv, test_iv, test_iv_len);
  174. if (!TEST_size_t_eq(fixture->encrypt_block(test_input, ciphertext, len,
  175. encrypt_key_schedule, iv,
  176. (block128_f)AES_encrypt), len)
  177. || !TEST_mem_eq(ciphertext, len, vector, len)
  178. || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
  179. return 0;
  180. /* test block-based decryption */
  181. memcpy(iv, test_iv, test_iv_len);
  182. size = fixture->decrypt_block(ciphertext, cleartext, len,
  183. decrypt_key_schedule, iv,
  184. (block128_f)AES_decrypt);
  185. if (!TEST_true(len == size || len + 16 == size)
  186. || !TEST_mem_eq(cleartext, len, test_input, len)
  187. || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
  188. return 0;
  189. /* test streamed encryption */
  190. memcpy(iv, test_iv, test_iv_len);
  191. if (!TEST_size_t_eq(fixture->encrypt_stream(test_input, ciphertext, len,
  192. encrypt_key_schedule, iv,
  193. (cbc128_f) AES_cbc_encrypt),
  194. len)
  195. || !TEST_mem_eq(ciphertext, len, vector, len)
  196. || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
  197. return 0;
  198. /* test streamed decryption */
  199. memcpy(iv, test_iv, test_iv_len);
  200. if (!TEST_size_t_eq(fixture->decrypt_stream(ciphertext, cleartext, len,
  201. decrypt_key_schedule, iv,
  202. (cbc128_f)AES_cbc_encrypt),
  203. len)
  204. || !TEST_mem_eq(cleartext, len, test_input, len)
  205. || !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
  206. return 0;
  207. return 1;
  208. }
  209. static int test_aes_cts128(int idx)
  210. {
  211. static const CTS128_FIXTURE fixture_cts128 = {
  212. "aes_cts128", last_blocks_correction,
  213. CRYPTO_cts128_encrypt_block, CRYPTO_cts128_encrypt,
  214. CRYPTO_cts128_decrypt_block, CRYPTO_cts128_decrypt
  215. };
  216. return execute_cts128(&fixture_cts128, idx);
  217. }
  218. static int test_aes_cts128_nist(int idx)
  219. {
  220. static const CTS128_FIXTURE fixture_cts128_nist = {
  221. "aes_cts128_nist", last_blocks_correction_nist,
  222. CRYPTO_nistcts128_encrypt_block, CRYPTO_nistcts128_encrypt,
  223. CRYPTO_nistcts128_decrypt_block, CRYPTO_nistcts128_decrypt
  224. };
  225. return execute_cts128(&fixture_cts128_nist, idx);
  226. }
  227. /*
  228. *
  229. * Test of gcm128
  230. *
  231. */
  232. /* Test Case 1 */
  233. static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 };
  234. static const u8 T1[] = {
  235. 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
  236. 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a
  237. };
  238. /* Test Case 2 */
  239. # define K2 K1
  240. # define A2 A1
  241. # define IV2 IV1
  242. static const u8 P2[16];
  243. static const u8 C2[] = {
  244. 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
  245. 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78
  246. };
  247. static const u8 T2[] = {
  248. 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
  249. 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf
  250. };
  251. /* Test Case 3 */
  252. # define A3 A2
  253. static const u8 K3[] = {
  254. 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
  255. 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
  256. };
  257. static const u8 P3[] = {
  258. 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
  259. 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
  260. 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
  261. 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
  262. 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
  263. 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
  264. 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
  265. 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
  266. };
  267. static const u8 IV3[] = {
  268. 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
  269. 0xde, 0xca, 0xf8, 0x88
  270. };
  271. static const u8 C3[] = {
  272. 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
  273. 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
  274. 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
  275. 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
  276. 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
  277. 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
  278. 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
  279. 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85
  280. };
  281. static const u8 T3[] = {
  282. 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
  283. 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4
  284. };
  285. /* Test Case 4 */
  286. # define K4 K3
  287. # define IV4 IV3
  288. static const u8 P4[] = {
  289. 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
  290. 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
  291. 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
  292. 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
  293. 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
  294. 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
  295. 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
  296. 0xba, 0x63, 0x7b, 0x39
  297. };
  298. static const u8 A4[] = {
  299. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
  300. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
  301. 0xab, 0xad, 0xda, 0xd2
  302. };
  303. static const u8 C4[] = {
  304. 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
  305. 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
  306. 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
  307. 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
  308. 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
  309. 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
  310. 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
  311. 0x3d, 0x58, 0xe0, 0x91
  312. };
  313. static const u8 T4[] = {
  314. 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
  315. 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47
  316. };
  317. /* Test Case 5 */
  318. # define K5 K4
  319. # define P5 P4
  320. # define A5 A4
  321. static const u8 IV5[] = {
  322. 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
  323. };
  324. static const u8 C5[] = {
  325. 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
  326. 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
  327. 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
  328. 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
  329. 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
  330. 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
  331. 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
  332. 0xc2, 0x3f, 0x45, 0x98
  333. };
  334. static const u8 T5[] = {
  335. 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
  336. 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb
  337. };
  338. /* Test Case 6 */
  339. # define K6 K5
  340. # define P6 P5
  341. # define A6 A5
  342. static const u8 IV6[] = {
  343. 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
  344. 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
  345. 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
  346. 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
  347. 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
  348. 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
  349. 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
  350. 0xa6, 0x37, 0xb3, 0x9b
  351. };
  352. static const u8 C6[] = {
  353. 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
  354. 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
  355. 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
  356. 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
  357. 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
  358. 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
  359. 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
  360. 0x4c, 0x34, 0xae, 0xe5
  361. };
  362. static const u8 T6[] = {
  363. 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
  364. 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50
  365. };
  366. /* Test Case 7 */
  367. static const u8 K7[24], P7[] = { 0 }, A7[] = { 0 }, IV7[12], C7[] = { 0 };
  368. static const u8 T7[] = {
  369. 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
  370. 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35
  371. };
  372. /* Test Case 8 */
  373. # define K8 K7
  374. # define IV8 IV7
  375. # define A8 A7
  376. static const u8 P8[16];
  377. static const u8 C8[] = {
  378. 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
  379. 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00
  380. };
  381. static const u8 T8[] = {
  382. 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
  383. 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb
  384. };
  385. /* Test Case 9 */
  386. # define A9 A8
  387. static const u8 K9[] = {
  388. 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
  389. 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
  390. 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
  391. };
  392. static const u8 P9[] = {
  393. 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
  394. 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
  395. 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
  396. 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
  397. 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
  398. 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
  399. 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
  400. 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
  401. };
  402. static const u8 IV9[] = {
  403. 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
  404. 0xde, 0xca, 0xf8, 0x88
  405. };
  406. static const u8 C9[] = {
  407. 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
  408. 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
  409. 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
  410. 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
  411. 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
  412. 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
  413. 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
  414. 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56
  415. };
  416. static const u8 T9[] = {
  417. 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
  418. 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14
  419. };
  420. /* Test Case 10 */
  421. # define K10 K9
  422. # define IV10 IV9
  423. static const u8 P10[] = {
  424. 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
  425. 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
  426. 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
  427. 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
  428. 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
  429. 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
  430. 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
  431. 0xba, 0x63, 0x7b, 0x39
  432. };
  433. static const u8 A10[] = {
  434. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
  435. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
  436. 0xab, 0xad, 0xda, 0xd2
  437. };
  438. static const u8 C10[] = {
  439. 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
  440. 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
  441. 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
  442. 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
  443. 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
  444. 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
  445. 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
  446. 0xcc, 0xda, 0x27, 0x10
  447. };
  448. static const u8 T10[] = {
  449. 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
  450. 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c
  451. };
  452. /* Test Case 11 */
  453. # define K11 K10
  454. # define P11 P10
  455. # define A11 A10
  456. static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
  457. static const u8 C11[] = {
  458. 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
  459. 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
  460. 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
  461. 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
  462. 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
  463. 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
  464. 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
  465. 0xa0, 0xf0, 0x62, 0xf7
  466. };
  467. static const u8 T11[] = {
  468. 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
  469. 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8
  470. };
  471. /* Test Case 12 */
  472. # define K12 K11
  473. # define P12 P11
  474. # define A12 A11
  475. static const u8 IV12[] = {
  476. 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
  477. 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
  478. 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
  479. 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
  480. 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
  481. 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
  482. 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
  483. 0xa6, 0x37, 0xb3, 0x9b
  484. };
  485. static const u8 C12[] = {
  486. 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
  487. 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
  488. 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
  489. 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
  490. 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
  491. 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
  492. 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
  493. 0xe9, 0xb7, 0x37, 0x3b
  494. };
  495. static const u8 T12[] = {
  496. 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
  497. 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
  498. };
  499. /* Test Case 13 */
  500. static const u8 K13[32], P13[] = { 0 }, A13[] = { 0 }, IV13[12], C13[] = { 0 };
  501. static const u8 T13[] = {
  502. 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
  503. 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b
  504. };
  505. /* Test Case 14 */
  506. # define K14 K13
  507. # define A14 A13
  508. static const u8 P14[16], IV14[12];
  509. static const u8 C14[] = {
  510. 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
  511. 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18
  512. };
  513. static const u8 T14[] = {
  514. 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
  515. 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19
  516. };
  517. /* Test Case 15 */
  518. # define A15 A14
  519. static const u8 K15[] = {
  520. 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
  521. 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
  522. 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
  523. 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
  524. };
  525. static const u8 P15[] = {
  526. 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
  527. 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
  528. 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
  529. 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
  530. 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
  531. 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
  532. 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
  533. 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
  534. };
  535. static const u8 IV15[] = {
  536. 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
  537. 0xde, 0xca, 0xf8, 0x88
  538. };
  539. static const u8 C15[] = {
  540. 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
  541. 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
  542. 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
  543. 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
  544. 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
  545. 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
  546. 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
  547. 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
  548. };
  549. static const u8 T15[] = {
  550. 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
  551. 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c
  552. };
  553. /* Test Case 16 */
  554. # define K16 K15
  555. # define IV16 IV15
  556. static const u8 P16[] = {
  557. 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
  558. 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
  559. 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
  560. 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
  561. 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
  562. 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
  563. 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
  564. 0xba, 0x63, 0x7b, 0x39
  565. };
  566. static const u8 A16[] = {
  567. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
  568. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
  569. 0xab, 0xad, 0xda, 0xd2
  570. };
  571. static const u8 C16[] = {
  572. 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
  573. 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
  574. 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
  575. 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
  576. 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
  577. 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
  578. 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
  579. 0xbc, 0xc9, 0xf6, 0x62
  580. };
  581. static const u8 T16[] = {
  582. 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
  583. 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
  584. };
  585. /* Test Case 17 */
  586. # define K17 K16
  587. # define P17 P16
  588. # define A17 A16
  589. static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
  590. static const u8 C17[] = {
  591. 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
  592. 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
  593. 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
  594. 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
  595. 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
  596. 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
  597. 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
  598. 0xf4, 0x7c, 0x9b, 0x1f
  599. };
  600. static const u8 T17[] = {
  601. 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
  602. 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2
  603. };
  604. /* Test Case 18 */
  605. # define K18 K17
  606. # define P18 P17
  607. # define A18 A17
  608. static const u8 IV18[] = {
  609. 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
  610. 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
  611. 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
  612. 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
  613. 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
  614. 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
  615. 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
  616. 0xa6, 0x37, 0xb3, 0x9b
  617. };
  618. static const u8 C18[] = {
  619. 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
  620. 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
  621. 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
  622. 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
  623. 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
  624. 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
  625. 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
  626. 0x44, 0xae, 0x7e, 0x3f
  627. };
  628. static const u8 T18[] = {
  629. 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
  630. 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a
  631. };
  632. /* Test Case 19 */
  633. # define K19 K1
  634. # define P19 P1
  635. # define IV19 IV1
  636. # define C19 C1
  637. static const u8 A19[] = {
  638. 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
  639. 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
  640. 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
  641. 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
  642. 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
  643. 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
  644. 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
  645. 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
  646. 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
  647. 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
  648. 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
  649. 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
  650. 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
  651. 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
  652. 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
  653. 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
  654. };
  655. static const u8 T19[] = {
  656. 0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d,
  657. 0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92
  658. };
  659. /* Test Case 20 */
  660. # define K20 K1
  661. # define A20 A1
  662. /* this results in 0xff in counter LSB */
  663. static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff };
  664. static const u8 P20[288];
  665. static const u8 C20[] = {
  666. 0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a,
  667. 0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14,
  668. 0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce,
  669. 0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f,
  670. 0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70,
  671. 0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18,
  672. 0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf,
  673. 0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49,
  674. 0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab,
  675. 0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c,
  676. 0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c,
  677. 0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29,
  678. 0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1,
  679. 0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76,
  680. 0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2,
  681. 0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce,
  682. 0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f,
  683. 0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86,
  684. 0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb,
  685. 0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18,
  686. 0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65,
  687. 0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42,
  688. 0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b,
  689. 0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06,
  690. 0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24,
  691. 0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c,
  692. 0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4,
  693. 0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64,
  694. 0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03,
  695. 0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6,
  696. 0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90,
  697. 0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74,
  698. 0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67,
  699. 0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46,
  700. 0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78,
  701. 0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c
  702. };
  703. static const u8 T20[] = {
  704. 0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a,
  705. 0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f
  706. };
  707. #define GCM128_TEST_VECTOR(n) \
  708. { \
  709. {sizeof(K##n), K##n}, \
  710. {sizeof(IV##n), IV##n}, \
  711. {sizeof(A##n), A##n}, \
  712. {sizeof(P##n), P##n}, \
  713. {sizeof(C##n), C##n}, \
  714. {sizeof(T##n), T##n} \
  715. }
  716. static struct gcm128_data {
  717. const SIZED_DATA K;
  718. const SIZED_DATA IV;
  719. const SIZED_DATA A;
  720. const SIZED_DATA P;
  721. const SIZED_DATA C;
  722. const SIZED_DATA T;
  723. } gcm128_vectors[] = {
  724. GCM128_TEST_VECTOR(1),
  725. GCM128_TEST_VECTOR(2),
  726. GCM128_TEST_VECTOR(3),
  727. GCM128_TEST_VECTOR(4),
  728. GCM128_TEST_VECTOR(5),
  729. GCM128_TEST_VECTOR(6),
  730. GCM128_TEST_VECTOR(7),
  731. GCM128_TEST_VECTOR(8),
  732. GCM128_TEST_VECTOR(9),
  733. GCM128_TEST_VECTOR(10),
  734. GCM128_TEST_VECTOR(11),
  735. GCM128_TEST_VECTOR(12),
  736. GCM128_TEST_VECTOR(13),
  737. GCM128_TEST_VECTOR(14),
  738. GCM128_TEST_VECTOR(15),
  739. GCM128_TEST_VECTOR(16),
  740. GCM128_TEST_VECTOR(17),
  741. GCM128_TEST_VECTOR(18),
  742. GCM128_TEST_VECTOR(19),
  743. GCM128_TEST_VECTOR(20)
  744. };
  745. static int test_gcm128(int idx)
  746. {
  747. unsigned char out[512];
  748. SIZED_DATA K = gcm128_vectors[idx].K;
  749. SIZED_DATA IV = gcm128_vectors[idx].IV;
  750. SIZED_DATA A = gcm128_vectors[idx].A;
  751. SIZED_DATA P = gcm128_vectors[idx].P;
  752. SIZED_DATA C = gcm128_vectors[idx].C;
  753. SIZED_DATA T = gcm128_vectors[idx].T;
  754. GCM128_CONTEXT ctx;
  755. AES_KEY key;
  756. /* Size 1 inputs are special-cased to signal NULL. */
  757. if (A.size == 1)
  758. A.data = NULL;
  759. if (P.size == 1)
  760. P.data = NULL;
  761. if (C.size == 1)
  762. C.data = NULL;
  763. AES_set_encrypt_key(K.data, K.size * 8, &key);
  764. CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt);
  765. CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
  766. memset(out, 0, P.size);
  767. if (A.data != NULL)
  768. CRYPTO_gcm128_aad(&ctx, A.data, A.size);
  769. if (P.data != NULL)
  770. if (!TEST_int_ge(CRYPTO_gcm128_encrypt(&ctx, P.data, out, P.size), 0))
  771. return 0;
  772. if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
  773. || (C.data != NULL
  774. && !TEST_mem_eq(out, P.size, C.data, P.size)))
  775. return 0;
  776. CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
  777. memset(out, 0, P.size);
  778. if (A.data != NULL)
  779. CRYPTO_gcm128_aad(&ctx, A.data, A.size);
  780. if (C.data != NULL)
  781. CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size);
  782. if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
  783. || (P.data != NULL
  784. && !TEST_mem_eq(out, P.size, P.data, P.size)))
  785. return 0;
  786. return 1;
  787. }
  788. int setup_tests(void)
  789. {
  790. ADD_ALL_TESTS(test_aes_cts128, OSSL_NELEM(aes_cts128_vectors));
  791. ADD_ALL_TESTS(test_aes_cts128_nist, OSSL_NELEM(aes_cts128_vectors));
  792. ADD_ALL_TESTS(test_gcm128, OSSL_NELEM(gcm128_vectors));
  793. return 1;
  794. }