lib/crypto/aes_gcm_128_test.c

   1 /*
   2    AES-GCM-128 tests
   3
   4    Copyright (C) Stefan Metzmacher 2014
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published by
   8    the Free Software Foundation; either version 3 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18 */
  19 #include "replace.h"
  20 #include "../lib/util/samba_util.h"
  21 #include "../lib/crypto/crypto.h"
  22 #include "../lib/crypto/aes_test.h"
  23
  24 #ifndef AES_GCM_128_ONLY_TESTVECTORS
  25 struct torture_context;
  26 bool torture_local_crypto_aes_gcm_128(struct torture_context *tctx);
  27
  28 /*
  29  This uses the test values from ...
  30 */
  31 bool torture_local_crypto_aes_gcm_128(struct torture_context *tctx)
  32 {
  33         bool ret = true;
  34         uint32_t i;
  35         struct aes_mode_testvector testarray[] = {
  36 #endif /* AES_GCM_128_ONLY_TESTVECTORS */
  37 #define AES_GCM_128_TESTVECTOR(_k, _n, _a, _p, _c, _t) \
  38         AES_MODE_TESTVECTOR(aes_gcm_128, _k, _n, _a, _p, _c, _t)
  39
  40         AES_GCM_128_TESTVECTOR(
  41                 /* K */
  42                 "8BF9FBC2B8149484FF11AB1F3A544FF6",
  43                 /* N */
  44                 "010000000000000077F7A8FF",
  45                 /* A */
  46                 "010000000000000077F7A80000000000"
  47                 "A8000000000001004100002C00980000",
  48                 /* P */
  49                 "FE534D4240000100000000000B00811F"
  50                 "00000000000000000600000000000000"
  51                 "00000000010000004100002C00980000"
  52                 "00000000000000000000000000000000"
  53                 "3900000094010600FFFFFFFFFFFFFFFF"
  54                 "FFFFFFFFFFFFFFFF7800000030000000"
  55                 "000000007800000000000000FFFF0000"
  56                 "0100000000000000"
  57                 "03005C003100370032002E0033003100"
  58                 "2E0039002E003100380033005C006E00"
  59                 "650074006C006F0067006F006E000000",
  60                 /* C */
  61                 "863C07C1FBFA82D741A080C97DF52CFF"
  62                 "432A63A37E5ACFA3865AE4E6E422D502"
  63                 "FA7C6FBB9A7418F28C43F00A3869F687"
  64                 "257CA665E25E62A0F458C42AA9E95DC4"
  65                 "6CB351A0A497FABB7DCE58FEE5B20B08"
  66                 "522E0E701B112FB93B36E7A0FB084D35"
  67                 "62C0F3FDF0421079DD96BBCCA40949B3"
  68                 "A7FC1AA635A72384"
  69                 "2037DE3CA6385465D1884B29D7140790"
  70                 "88AD3E770E2528D527B302536B7E5B1B"
  71                 "430E048230AFE785DB89F4D87FC1F816",
  72                 /* T */
  73                 "BC9B5871EBFA89ADE21439ACDCD65D22"
  74         ),
  75         AES_GCM_128_TESTVECTOR(
  76                 /* K */
  77                 "00000000000000000000000000000000",
  78                 /* N */
  79                 "000000000000000000000000",
  80                 /* A */
  81                 "",
  82                 /* P */
  83                 "",
  84                 /* C */
  85                 "",
  86                 /* T */
  87                 "58e2fccefa7e3061367f1d57a4e7455a"
  88         ),
  89         AES_GCM_128_TESTVECTOR(
  90                 /* K */
  91                 "00000000000000000000000000000000",
  92                 /* N */
  93                 "000000000000000000000000",
  94                 /* A */
  95                 "",
  96                 /* P */
  97                 "00000000000000000000000000000000",
  98                 /* C */
  99                 "0388dace60b6a392f328c2b971b2fe78",
 100                 /* T */
 101                 "ab6e47d42cec13bdf53a67b21257bddf"
 102         ),
 103         AES_GCM_128_TESTVECTOR(
 104                 /* K */
 105                 "feffe9928665731c6d6a8f9467308308",
 106                 /* N */
 107                 "cafebabefacedbaddecaf888",
 108                 /* A */
 109                 "",
 110                 /* P */
 111                 "d9313225f88406e5a55909c5aff5269a"
 112                 "86a7a9531534f7da2e4c303d8a318a72"
 113                 "1c3c0c95956809532fcf0e2449a6b525"
 114                 "b16aedf5aa0de657ba637b391aafd255",
 115                 /* C */
 116                 "42831ec2217774244b7221b784d0d49c"
 117                 "e3aa212f2c02a4e035c17e2329aca12e"
 118                 "21d514b25466931c7d8f6a5aac84aa05"
 119                 "1ba30b396a0aac973d58e091473f5985",
 120                 /* T */
 121                 "4d5c2af327cd64a62cf35abd2ba6fab4"
 122         ),
 123         AES_GCM_128_TESTVECTOR(
 124                 /* K */
 125                 "feffe9928665731c6d6a8f9467308308",
 126                 /* N */
 127                 "cafebabefacedbaddecaf888",
 128                 /* A */
 129                 "feedfacedeadbeeffeedfacedeadbeef"
 130                 "abaddad2",
 131                 /* P */
 132                 "d9313225f88406e5a55909c5aff5269a"
 133                 "86a7a9531534f7da2e4c303d8a318a72"
 134                 "1c3c0c95956809532fcf0e2449a6b525"
 135                 "b16aedf5aa0de657ba637b39",
 136                 /* C */
 137                 "42831ec2217774244b7221b784d0d49c"
 138                 "e3aa212f2c02a4e035c17e2329aca12e"
 139                 "21d514b25466931c7d8f6a5aac84aa05"
 140                 "1ba30b396a0aac973d58e091",
 141                 /* T */
 142                 "5bc94fbc3221a5db94fae95ae7121a47"
 143         ),
 144 #ifndef AES_GCM_128_ONLY_TESTVECTORS
 145         };
 146
 147         for (i=0; i < ARRAY_SIZE(testarray); i++) {
 148                 struct aes_gcm_128_context ctx;
 149                 uint8_t T[AES_BLOCK_SIZE];
 150                 DATA_BLOB _T = data_blob_const(T, sizeof(T));
 151                 DATA_BLOB C;
 152                 int e;
 153
 154                 C = data_blob_dup_talloc(tctx, testarray[i].P);
 155
 156                 aes_gcm_128_init(&ctx, testarray[i].K.data, testarray[i].N.data);
 157                 aes_gcm_128_updateA(&ctx,
 158                                     testarray[i].A.data,
 159                                     testarray[i].A.length);
 160                 aes_gcm_128_crypt(&ctx, C.data, C.length);
 161                 aes_gcm_128_updateC(&ctx, C.data, C.length);
 162                 aes_gcm_128_digest(&ctx, T);
 163
 164                 e = memcmp(testarray[i].T.data, T, sizeof(T));
 165                 if (e != 0) {
 166                         aes_mode_testvector_debug(&testarray[i], NULL, &C, &_T);
 167                         ret = false;
 168                         goto fail;
 169                 }
 170
 171                 e = memcmp(testarray[i].C.data, C.data, C.length);
 172                 if (e != 0) {
 173                         aes_mode_testvector_debug(&testarray[i], NULL, &C, &_T);
 174                         ret = false;
 175                         goto fail;
 176                 }
 177         }
 178
 179         for (i=0; i < ARRAY_SIZE(testarray); i++) {
 180                 struct aes_gcm_128_context ctx;
 181                 uint8_t T[AES_BLOCK_SIZE];
 182                 DATA_BLOB _T = data_blob_const(T, sizeof(T));
 183                 DATA_BLOB C;
 184                 int e;
 185                 size_t j;
 186
 187                 C = data_blob_dup_talloc(tctx, testarray[i].P);
 188
 189                 aes_gcm_128_init(&ctx, testarray[i].K.data, testarray[i].N.data);
 190                 for (j=0; j < testarray[i].A.length; j++) {
 191                         aes_gcm_128_updateA(&ctx, NULL, 0);
 192                         aes_gcm_128_updateA(&ctx, &testarray[i].A.data[j], 1);
 193                         aes_gcm_128_updateA(&ctx, NULL, 0);
 194                 }
 195                 for (j=0; j < C.length; j++) {
 196                         aes_gcm_128_crypt(&ctx, NULL, 0);
 197                         aes_gcm_128_updateC(&ctx, NULL, 0);
 198                         aes_gcm_128_crypt(&ctx, &C.data[j], 1);
 199                         aes_gcm_128_updateC(&ctx, &C.data[j], 1);
 200                         aes_gcm_128_crypt(&ctx, NULL, 0);
 201                         aes_gcm_128_updateC(&ctx, NULL, 0);
 202                 }
 203                 aes_gcm_128_digest(&ctx, T);
 204
 205                 e = memcmp(testarray[i].T.data, T, sizeof(T));
 206                 if (e != 0) {
 207                         aes_mode_testvector_debug(&testarray[i], NULL, &C, &_T);
 208                         ret = false;
 209                         goto fail;
 210                 }
 211
 212                 e = memcmp(testarray[i].C.data, C.data, C.length);
 213                 if (e != 0) {
 214                         aes_mode_testvector_debug(&testarray[i], NULL, &C, &_T);
 215                         ret = false;
 216                         goto fail;
 217                 }
 218         }
 219
 220         for (i=0; i < ARRAY_SIZE(testarray); i++) {
 221                 struct aes_gcm_128_context ctx;
 222                 uint8_t T[AES_BLOCK_SIZE];
 223                 DATA_BLOB _T = data_blob_const(T, sizeof(T));
 224                 DATA_BLOB P;
 225                 int e;
 226                 size_t j;
 227
 228                 P = data_blob_dup_talloc(tctx, testarray[i].C);
 229
 230                 aes_gcm_128_init(&ctx, testarray[i].K.data, testarray[i].N.data);
 231                 for (j=0; j < testarray[i].A.length; j++) {
 232                         aes_gcm_128_updateA(&ctx, NULL, 0);
 233                         aes_gcm_128_updateA(&ctx, &testarray[i].A.data[j], 1);
 234                         aes_gcm_128_updateA(&ctx, NULL, 0);
 235                 }
 236                 for (j=0; j < P.length; j++) {
 237                         aes_gcm_128_updateC(&ctx, NULL, 0);
 238                         aes_gcm_128_crypt(&ctx, NULL, 0);
 239                         aes_gcm_128_updateC(&ctx, &P.data[j], 1);
 240                         aes_gcm_128_crypt(&ctx, &P.data[j], 1);
 241                         aes_gcm_128_updateC(&ctx, NULL, 0);
 242                         aes_gcm_128_crypt(&ctx, NULL, 0);
 243                 }
 244                 aes_gcm_128_digest(&ctx, T);
 245
 246                 e = memcmp(testarray[i].T.data, T, sizeof(T));
 247                 if (e != 0) {
 248                         aes_mode_testvector_debug(&testarray[i], &P, NULL, &_T);
 249                         ret = false;
 250                         goto fail;
 251                 }
 252
 253                 e = memcmp(testarray[i].P.data, P.data, P.length);
 254                 if (e != 0) {
 255                         aes_mode_testvector_debug(&testarray[i], &P, NULL, &_T);
 256                         ret = false;
 257                         goto fail;
 258                 }
 259         }
 260
 261         for (i=0; i < ARRAY_SIZE(testarray); i++) {
 262                 struct aes_gcm_128_context ctx;
 263                 uint8_t T[AES_BLOCK_SIZE];
 264                 DATA_BLOB _T = data_blob_const(T, sizeof(T));
 265                 DATA_BLOB P;
 266                 int e;
 267
 268                 P = data_blob_dup_talloc(tctx, testarray[i].C);
 269
 270                 aes_gcm_128_init(&ctx, testarray[i].K.data, testarray[i].N.data);
 271                 aes_gcm_128_updateA(&ctx, testarray[i].A.data, testarray[i].A.length);
 272                 aes_gcm_128_updateC(&ctx, P.data, P.length);
 273                 aes_gcm_128_crypt(&ctx, P.data, P.length);
 274                 aes_gcm_128_digest(&ctx, T);
 275
 276                 e = memcmp(testarray[i].T.data, T, sizeof(T));
 277                 if (e != 0) {
 278                         aes_mode_testvector_debug(&testarray[i], &P, NULL, &_T);
 279                         ret = false;
 280                         goto fail;
 281                 }
 282
 283                 e = memcmp(testarray[i].P.data, P.data, P.length);
 284                 if (e != 0) {
 285                         aes_mode_testvector_debug(&testarray[i], &P, NULL, &_T);
 286                         ret = false;
 287                         goto fail;
 288                 }
 289         }
 290
 291  fail:
 292         return ret;
 293 }
 294 #endif /* AES_GCM_128_ONLY_TESTVECTORS */