1 /* $OpenBSD: aes_test.c,v 1.3 2023/09/28 08:21:43 tb Exp $ */
2 /*
3 * Copyright (c) 2022 Joshua Sing <joshua@hypera.dev>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18 #include <openssl/evp.h>
19 #include <openssl/aes.h>
20
21 #include <stdint.h>
22 #include <string.h>
23
24 struct aes_test {
25 const int mode;
26 const uint8_t key[64];
27 const uint8_t iv[64];
28 const int iv_len;
29 const uint8_t in[64];
30 const int in_len;
31 const uint8_t out[64];
32 const int out_len;
33 const int padding;
34 };
35
36 static const struct aes_test aes_tests[] = {
37 /* ECB - Test vectors from FIPS-197, Appendix C. */
38 {
39 .mode = NID_aes_128_ecb,
40 .key = {
41 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
42 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
43 },
44 .in = {
45 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
46 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
47 },
48 .in_len = 16,
49 .out = {
50 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30,
51 0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a,
52 },
53 .out_len = 16,
54 },
55 {
56 .mode = NID_aes_192_ecb,
57 .key = {
58 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
59 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
60 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
61 },
62 .in = {
63 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
64 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
65 },
66 .in_len = 16,
67 .out = {
68 0xdd, 0xa9, 0x7c, 0xa4, 0x86, 0x4c, 0xdf, 0xe0,
69 0x6e, 0xaf, 0x70, 0xa0, 0xec, 0x0d, 0x71, 0x91,
70 },
71 .out_len = 16,
72 },
73 {
74 .mode = NID_aes_256_ecb,
75 .key = {
76 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
77 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
78 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
79 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
80 },
81 .in = {
82 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
83 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
84 },
85 .in_len = 16,
86 .out = {
87 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf,
88 0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89,
89 },
90 .out_len = 16,
91 },
92
93 /* CBC - Test vectors from RFC 3602 */
94 {
95 .mode = NID_aes_128_cbc,
96 .key = {
97 0x06, 0xa9, 0x21, 0x40, 0x36, 0xb8, 0xa1, 0x5b,
98 0x51, 0x2e, 0x03, 0xd5, 0x34, 0x12, 0x00, 0x06,
99 },
100 .iv = {
101 0x3d, 0xaf, 0xba, 0x42, 0x9d, 0x9e, 0xb4, 0x30,
102 0xb4, 0x22, 0xda, 0x80, 0x2c, 0x9f, 0xac, 0x41,
103 },
104 .iv_len = 16,
105 .in = {
106 0x53, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x20, 0x62,
107 0x6c, 0x6f, 0x63, 0x6b, 0x20, 0x6d, 0x73, 0x67,
108 },
109 .in_len = 16,
110 .out = {
111 0xe3, 0x53, 0x77, 0x9c, 0x10, 0x79, 0xae, 0xb8,
112 0x27, 0x08, 0x94, 0x2d, 0xbe, 0x77, 0x18, 0x1a,
113 },
114 .out_len = 16,
115 },
116 {
117 .mode = NID_aes_128_cbc,
118 .key = {
119 0xc2, 0x86, 0x69, 0x6d, 0x88, 0x7c, 0x9a, 0xa0,
120 0x61, 0x1b, 0xbb, 0x3e, 0x20, 0x25, 0xa4, 0x5a,
121 },
122 .iv = {
123 0x56, 0x2e, 0x17, 0x99, 0x6d, 0x09, 0x3d, 0x28,
124 0xdd, 0xb3, 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58,
125 },
126 .iv_len = 16,
127 .in = {
128 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
129 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
130 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
131 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
132 },
133 .in_len = 32,
134 .out = {
135 0xd2, 0x96, 0xcd, 0x94, 0xc2, 0xcc, 0xcf, 0x8a,
136 0x3a, 0x86, 0x30, 0x28, 0xb5, 0xe1, 0xdc, 0x0a,
137 0x75, 0x86, 0x60, 0x2d, 0x25, 0x3c, 0xff, 0xf9,
138 0x1b, 0x82, 0x66, 0xbe, 0xa6, 0xd6, 0x1a, 0xb1,
139 },
140 .out_len = 32,
141 },
142 {
143 .mode = NID_aes_128_cbc,
144 .key = {
145 0x6c, 0x3e, 0xa0, 0x47, 0x76, 0x30, 0xce, 0x21,
146 0xa2, 0xce, 0x33, 0x4a, 0xa7, 0x46, 0xc2, 0xcd,
147 },
148 .iv = {
149 0xc7, 0x82, 0xdc, 0x4c, 0x09, 0x8c, 0x66, 0xcb,
150 0xd9, 0xcd, 0x27, 0xd8, 0x25, 0x68, 0x2c, 0x81,
151 },
152 .iv_len = 16,
153 .in = {
154 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
155 0x61, 0x20, 0x34, 0x38, 0x2d, 0x62, 0x79, 0x74,
156 0x65, 0x20, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67,
157 0x65, 0x20, 0x28, 0x65, 0x78, 0x61, 0x63, 0x74,
158 0x6c, 0x79, 0x20, 0x33, 0x20, 0x41, 0x45, 0x53,
159 0x20, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x73, 0x29,
160 },
161 .in_len = 48,
162 .out = {
163 0xd0, 0xa0, 0x2b, 0x38, 0x36, 0x45, 0x17, 0x53,
164 0xd4, 0x93, 0x66, 0x5d, 0x33, 0xf0, 0xe8, 0x86,
165 0x2d, 0xea, 0x54, 0xcd, 0xb2, 0x93, 0xab, 0xc7,
166 0x50, 0x69, 0x39, 0x27, 0x67, 0x72, 0xf8, 0xd5,
167 0x02, 0x1c, 0x19, 0x21, 0x6b, 0xad, 0x52, 0x5c,
168 0x85, 0x79, 0x69, 0x5d, 0x83, 0xba, 0x26, 0x84,
169 },
170 .out_len = 48,
171 },
172 {
173 .mode = NID_aes_128_cbc,
174 .key = {
175 0x56, 0xe4, 0x7a, 0x38, 0xc5, 0x59, 0x89, 0x74,
176 0xbc, 0x46, 0x90, 0x3d, 0xba, 0x29, 0x03, 0x49,
177 },
178 .iv = {
179 0x8c, 0xe8, 0x2e, 0xef, 0xbe, 0xa0, 0xda, 0x3c,
180 0x44, 0x69, 0x9e, 0xd7, 0xdb, 0x51, 0xb7, 0xd9,
181 },
182 .iv_len = 16,
183 .in = {
184 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
185 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
186 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
187 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
188 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
189 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
190 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
191 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
192 },
193 .in_len = 64,
194 .out = {
195 0xc3, 0x0e, 0x32, 0xff, 0xed, 0xc0, 0x77, 0x4e,
196 0x6a, 0xff, 0x6a, 0xf0, 0x86, 0x9f, 0x71, 0xaa,
197 0x0f, 0x3a, 0xf0, 0x7a, 0x9a, 0x31, 0xa9, 0xc6,
198 0x84, 0xdb, 0x20, 0x7e, 0xb0, 0xef, 0x8e, 0x4e,
199 0x35, 0x90, 0x7a, 0xa6, 0x32, 0xc3, 0xff, 0xdf,
200 0x86, 0x8b, 0xb7, 0xb2, 0x9d, 0x3d, 0x46, 0xad,
201 0x83, 0xce, 0x9f, 0x9a, 0x10, 0x2e, 0xe9, 0x9d,
202 0x49, 0xa5, 0x3e, 0x87, 0xf4, 0xc3, 0xda, 0x55,
203 },
204 .out_len = 64,
205 },
206
207 /* CBC - Test vectors from NIST SP 800-38A */
208 {
209 .mode = NID_aes_128_cbc,
210 .key = {
211 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
212 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
213 },
214 .iv = {
215 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
216 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
217 },
218 .iv_len = 16,
219 .in = {
220 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
221 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
222 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
223 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
224 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
225 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
226 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
227 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
228 },
229 .in_len = 64,
230 .out = {
231 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
232 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
233 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee,
234 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2,
235 0x73, 0xbe, 0xd6, 0xb8, 0xe3, 0xc1, 0x74, 0x3b,
236 0x71, 0x16, 0xe6, 0x9e, 0x22, 0x22, 0x95, 0x16,
237 0x3f, 0xf1, 0xca, 0xa1, 0x68, 0x1f, 0xac, 0x09,
238 0x12, 0x0e, 0xca, 0x30, 0x75, 0x86, 0xe1, 0xa7,
239 },
240 .out_len = 64,
241 },
242 {
243 .mode = NID_aes_192_cbc,
244 .key = {
245 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
246 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
247 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b,
248 },
249 .iv = {
250 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
251 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
252 },
253 .iv_len = 16,
254 .in = {
255 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
256 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
257 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
258 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
259 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
260 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
261 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
262 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
263 },
264 .in_len = 64,
265 .out = {
266 0x4f, 0x02, 0x1d, 0xb2, 0x43, 0xbc, 0x63, 0x3d,
267 0x71, 0x78, 0x18, 0x3a, 0x9f, 0xa0, 0x71, 0xe8,
268 0xb4, 0xd9, 0xad, 0xa9, 0xad, 0x7d, 0xed, 0xf4,
269 0xe5, 0xe7, 0x38, 0x76, 0x3f, 0x69, 0x14, 0x5a,
270 0x57, 0x1b, 0x24, 0x20, 0x12, 0xfb, 0x7a, 0xe0,
271 0x7f, 0xa9, 0xba, 0xac, 0x3d, 0xf1, 0x02, 0xe0,
272 0x08, 0xb0, 0xe2, 0x79, 0x88, 0x59, 0x88, 0x81,
273 0xd9, 0x20, 0xa9, 0xe6, 0x4f, 0x56, 0x15, 0xcd,
274 },
275 .out_len = 64,
276 },
277 {
278 .mode = NID_aes_256_cbc,
279 .key = {
280 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
281 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
282 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
283 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
284 },
285 .iv = {
286 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
287 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
288 },
289 .iv_len = 16,
290 .in = {
291 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
292 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
293 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
294 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
295 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
296 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
297 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
298 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
299 },
300 .in_len = 64,
301 .out = {
302 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba,
303 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6,
304 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d,
305 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d,
306 0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf,
307 0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61,
308 0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc,
309 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b,
310 },
311 .out_len = 64,
312 },
313
314 /* CFB128 - Test vectors from NIST SP 800-38A */
315 {
316 .mode = NID_aes_128_cfb128,
317 .key = {
318 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
319 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
320 },
321 .iv = {
322 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
323 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
324 },
325 .iv_len = 16,
326 .in = {
327 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
328 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
329 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
330 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
331 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
332 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
333 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
334 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
335 },
336 .in_len = 64,
337 .out = {
338 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20,
339 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a,
340 0xc8, 0xa6, 0x45, 0x37, 0xa0, 0xb3, 0xa9, 0x3f,
341 0xcd, 0xe3, 0xcd, 0xad, 0x9f, 0x1c, 0xe5, 0x8b,
342 0x26, 0x75, 0x1f, 0x67, 0xa3, 0xcb, 0xb1, 0x40,
343 0xb1, 0x80, 0x8c, 0xf1, 0x87, 0xa4, 0xf4, 0xdf,
344 0xc0, 0x4b, 0x05, 0x35, 0x7c, 0x5d, 0x1c, 0x0e,
345 0xea, 0xc4, 0xc6, 0x6f, 0x9f, 0xf7, 0xf2, 0xe6,
346 },
347 .out_len = 64,
348 },
349 {
350 .mode = NID_aes_192_cfb128,
351 .key = {
352 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
353 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
354 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b,
355 },
356 .iv = {
357 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
358 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
359 },
360 .iv_len = 16,
361 .in = {
362 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
363 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
364 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
365 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
366 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
367 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
368 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
369 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
370 },
371 .in_len = 64,
372 .out = {
373 0xcd, 0xc8, 0x0d, 0x6f, 0xdd, 0xf1, 0x8c, 0xab,
374 0x34, 0xc2, 0x59, 0x09, 0xc9, 0x9a, 0x41, 0x74,
375 0x67, 0xce, 0x7f, 0x7f, 0x81, 0x17, 0x36, 0x21,
376 0x96, 0x1a, 0x2b, 0x70, 0x17, 0x1d, 0x3d, 0x7a,
377 0x2e, 0x1e, 0x8a, 0x1d, 0xd5, 0x9b, 0x88, 0xb1,
378 0xc8, 0xe6, 0x0f, 0xed, 0x1e, 0xfa, 0xc4, 0xc9,
379 0xc0, 0x5f, 0x9f, 0x9c, 0xa9, 0x83, 0x4f, 0xa0,
380 0x42, 0xae, 0x8f, 0xba, 0x58, 0x4b, 0x09, 0xff,
381 },
382 .out_len = 64,
383 },
384 {
385 .mode = NID_aes_256_cfb128,
386 .key = {
387 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
388 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
389 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
390 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
391 },
392 .iv = {
393 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
394 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
395 },
396 .iv_len = 16,
397 .in = {
398 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
399 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
400 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
401 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
402 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
403 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
404 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
405 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
406 },
407 .in_len = 64,
408 .out = {
409 0xdc, 0x7e, 0x84, 0xbf, 0xda, 0x79, 0x16, 0x4b,
410 0x7e, 0xcd, 0x84, 0x86, 0x98, 0x5d, 0x38, 0x60,
411 0x39, 0xff, 0xed, 0x14, 0x3b, 0x28, 0xb1, 0xc8,
412 0x32, 0x11, 0x3c, 0x63, 0x31, 0xe5, 0x40, 0x7b,
413 0xdf, 0x10, 0x13, 0x24, 0x15, 0xe5, 0x4b, 0x92,
414 0xa1, 0x3e, 0xd0, 0xa8, 0x26, 0x7a, 0xe2, 0xf9,
415 0x75, 0xa3, 0x85, 0x74, 0x1a, 0xb9, 0xce, 0xf8,
416 0x20, 0x31, 0x62, 0x3d, 0x55, 0xb1, 0xe4, 0x71,
417 },
418 .out_len = 64,
419 },
420
421 /* OFB128 - Test vectors from NIST SP 800-38A */
422 {
423 .mode = NID_aes_128_ofb128,
424 .key = {
425 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
426 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
427 },
428 .iv = {
429 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
430 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
431 },
432 .iv_len = 16,
433 .in = {
434 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
435 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
436 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
437 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
438 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
439 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
440 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
441 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
442 },
443 .in_len = 64,
444 .out = {
445 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20,
446 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a,
447 0x77, 0x89, 0x50, 0x8d, 0x16, 0x91, 0x8f, 0x03,
448 0xf5, 0x3c, 0x52, 0xda, 0xc5, 0x4e, 0xd8, 0x25,
449 0x97, 0x40, 0x05, 0x1e, 0x9c, 0x5f, 0xec, 0xf6,
450 0x43, 0x44, 0xf7, 0xa8, 0x22, 0x60, 0xed, 0xcc,
451 0x30, 0x4c, 0x65, 0x28, 0xf6, 0x59, 0xc7, 0x78,
452 0x66, 0xa5, 0x10, 0xd9, 0xc1, 0xd6, 0xae, 0x5e,
453 },
454 .out_len = 64,
455 },
456 {
457 .mode = NID_aes_192_ofb128,
458 .key = {
459 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
460 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
461 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b,
462 },
463 .iv = {
464 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
465 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
466 },
467 .iv_len = 16,
468 .in = {
469 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
470 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
471 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
472 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
473 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
474 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
475 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
476 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
477 },
478 .in_len = 64,
479 .out = {
480 0xcd, 0xc8, 0x0d, 0x6f, 0xdd, 0xf1, 0x8c, 0xab,
481 0x34, 0xc2, 0x59, 0x09, 0xc9, 0x9a, 0x41, 0x74,
482 0xfc, 0xc2, 0x8b, 0x8d, 0x4c, 0x63, 0x83, 0x7c,
483 0x09, 0xe8, 0x17, 0x00, 0xc1, 0x10, 0x04, 0x01,
484 0x8d, 0x9a, 0x9a, 0xea, 0xc0, 0xf6, 0x59, 0x6f,
485 0x55, 0x9c, 0x6d, 0x4d, 0xaf, 0x59, 0xa5, 0xf2,
486 0x6d, 0x9f, 0x20, 0x08, 0x57, 0xca, 0x6c, 0x3e,
487 0x9c, 0xac, 0x52, 0x4b, 0xd9, 0xac, 0xc9, 0x2a,
488 },
489 .out_len = 64,
490 },
491 {
492 .mode = NID_aes_256_ofb128,
493 .key = {
494 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
495 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
496 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
497 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
498 },
499 .iv = {
500 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
501 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
502 },
503 .iv_len = 16,
504 .in = {
505 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
506 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
507 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
508 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
509 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
510 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
511 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
512 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
513 },
514 .in_len = 64,
515 .out = {
516 0xdc, 0x7e, 0x84, 0xbf, 0xda, 0x79, 0x16, 0x4b,
517 0x7e, 0xcd, 0x84, 0x86, 0x98, 0x5d, 0x38, 0x60,
518 0x4f, 0xeb, 0xdc, 0x67, 0x40, 0xd2, 0x0b, 0x3a,
519 0xc8, 0x8f, 0x6a, 0xd8, 0x2a, 0x4f, 0xb0, 0x8d,
520 0x71, 0xab, 0x47, 0xa0, 0x86, 0xe8, 0x6e, 0xed,
521 0xf3, 0x9d, 0x1c, 0x5b, 0xba, 0x97, 0xc4, 0x08,
522 0x01, 0x26, 0x14, 0x1d, 0x67, 0xf3, 0x7b, 0xe8,
523 0x53, 0x8f, 0x5a, 0x8b, 0xe7, 0x40, 0xe4, 0x84,
524 },
525 .out_len = 64,
526 },
527 };
528
529 #define N_AES_TESTS (sizeof(aes_tests) / sizeof(aes_tests[0]))
530
531 static int
aes_ecb_test(size_t test_number,const char * label,int key_bits,const struct aes_test * at)532 aes_ecb_test(size_t test_number, const char *label, int key_bits,
533 const struct aes_test *at)
534 {
535 AES_KEY key;
536 uint8_t out[64];
537
538 if (at->padding) {
539 /* XXX - Handle padding */
540 return 1;
541 }
542
543 /* Encryption */
544 memset(out, 0, sizeof(out));
545 AES_set_encrypt_key(at->key, key_bits, &key);
546 AES_ecb_encrypt(at->in, out, &key, 1);
547
548 if (memcmp(at->out, out, at->out_len) != 0) {
549 fprintf(stderr, "FAIL (%s:%zu): encryption mismatch\n",
550 label, test_number);
551 return 0;
552 }
553
554 /* Decryption */
555 memset(out, 0, sizeof(out));
556 AES_set_decrypt_key(at->key, key_bits, &key);
557 AES_ecb_encrypt(at->out, out, &key, 0);
558
559 if (memcmp(at->in, out, at->in_len) != 0) {
560 fprintf(stderr, "FAIL (%s:%zu): decryption mismatch\n",
561 label, test_number);
562 return 0;
563 }
564
565 return 1;
566 }
567
568
569 static int
aes_cbc_test(size_t test_number,const char * label,int key_bits,const struct aes_test * at)570 aes_cbc_test(size_t test_number, const char *label, int key_bits,
571 const struct aes_test *at)
572 {
573 AES_KEY key;
574 uint8_t out[64];
575 uint8_t iv[16];
576
577 if (at->padding) {
578 /* XXX - Handle padding */
579 return 1;
580 }
581
582 /* Encryption */
583 memset(out, 0, sizeof(out));
584 memcpy(iv, at->iv, at->iv_len);
585 AES_set_encrypt_key(at->key, key_bits, &key);
586 AES_cbc_encrypt(at->in, out, at->in_len, &key, iv, 1);
587
588 if (memcmp(at->out, out, at->out_len) != 0) {
589 fprintf(stderr, "FAIL (%s:%zu): encryption mismatch\n",
590 label, test_number);
591 return 0;
592 }
593
594 /* Decryption */
595 memset(out, 0, sizeof(out));
596 memcpy(iv, at->iv, at->iv_len);
597 AES_set_decrypt_key(at->key, key_bits, &key);
598 AES_cbc_encrypt(at->out, out, at->out_len, &key, iv, 0);
599
600 if (memcmp(at->in, out, at->in_len) != 0) {
601 fprintf(stderr, "FAIL (%s:%zu): decryption mismatch\n",
602 label, test_number);
603 return 0;
604 }
605
606 return 1;
607 }
608
609 static int
aes_evp_test(size_t test_number,const struct aes_test * at,const char * label,int key_bits,const EVP_CIPHER * cipher)610 aes_evp_test(size_t test_number, const struct aes_test *at, const char *label,
611 int key_bits, const EVP_CIPHER *cipher)
612 {
613 EVP_CIPHER_CTX *ctx;
614 uint8_t out[64];
615 int in_len, out_len, total_len;
616 int i;
617 int success = 0;
618
619 if ((ctx = EVP_CIPHER_CTX_new()) == NULL) {
620 fprintf(stderr, "FAIL (%s:%zu): EVP_CIPHER_CTX_new failed\n",
621 label, test_number);
622 goto failed;
623 }
624
625 /* EVP encryption */
626 total_len = 0;
627 memset(out, 0, sizeof(out));
628 if (!EVP_EncryptInit(ctx, cipher, NULL, NULL)) {
629 fprintf(stderr, "FAIL (%s:%zu): EVP_EncryptInit failed\n",
630 label, test_number);
631 goto failed;
632 }
633
634 if (!EVP_CIPHER_CTX_set_padding(ctx, at->padding)) {
635 fprintf(stderr,
636 "FAIL (%s:%zu): EVP_CIPHER_CTX_set_padding failed\n",
637 label, test_number);
638 goto failed;
639 }
640
641 if (!EVP_EncryptInit(ctx, NULL, at->key, at->iv)) {
642 fprintf(stderr, "FAIL (%s:%zu): EVP_EncryptInit failed\n",
643 label, test_number);
644 goto failed;
645 }
646
647 for (i = 0; i < at->in_len;) {
648 in_len = arc4random_uniform(at->in_len / 2);
649 if (in_len > at->in_len - i)
650 in_len = at->in_len - i;
651
652 if (!EVP_EncryptUpdate(ctx, out + total_len, &out_len,
653 at->in + i, in_len)) {
654 fprintf(stderr,
655 "FAIL (%s:%zu): EVP_EncryptUpdate failed\n",
656 label, test_number);
657 goto failed;
658 }
659
660 i += in_len;
661 total_len += out_len;
662 }
663
664 if (!EVP_EncryptFinal_ex(ctx, out + total_len, &out_len)) {
665 fprintf(stderr, "FAIL (%s:%zu): EVP_EncryptFinal_ex failed\n",
666 label, test_number);
667 goto failed;
668 }
669 total_len += out_len;
670
671 if (!EVP_CIPHER_CTX_reset(ctx)) {
672 fprintf(stderr,
673 "FAIL (%s:%zu): EVP_CIPHER_CTX_reset failed\n",
674 label, test_number);
675 goto failed;
676 }
677
678 if (total_len != at->out_len) {
679 fprintf(stderr,
680 "FAIL (%s:%zu): EVP encryption length mismatch "
681 "(%d != %d)\n", label, test_number, total_len, at->out_len);
682 goto failed;
683 }
684
685 if (memcmp(at->out, out, at->out_len) != 0) {
686 fprintf(stderr, "FAIL (%s:%zu): EVP encryption mismatch\n",
687 label, test_number);
688 goto failed;
689 }
690
691 /* EVP decryption */
692 total_len = 0;
693 memset(out, 0, sizeof(out));
694 if (!EVP_DecryptInit(ctx, cipher, NULL, NULL)) {
695 fprintf(stderr, "FAIL (%s:%zu): EVP_DecryptInit failed\n",
696 label, test_number);
697 goto failed;
698 }
699
700 if (!EVP_CIPHER_CTX_set_padding(ctx, at->padding)) {
701 fprintf(stderr,
702 "FAIL (%s:%zu): EVP_CIPHER_CTX_set_padding failed\n",
703 label, test_number);
704 goto failed;
705 }
706
707 if (!EVP_DecryptInit(ctx, NULL, at->key, at->iv)) {
708 fprintf(stderr, "FAIL (%s:%zu): EVP_DecryptInit failed\n",
709 label, test_number);
710 goto failed;
711 }
712
713 for (i = 0; i < at->out_len;) {
714 in_len = arc4random_uniform(at->out_len / 2);
715 if (in_len > at->out_len - i)
716 in_len = at->out_len - i;
717
718 if (!EVP_DecryptUpdate(ctx, out + total_len, &out_len,
719 at->out + i, in_len)) {
720 fprintf(stderr,
721 "FAIL (%s:%zu): EVP_DecryptUpdate failed\n",
722 label, test_number);
723 goto failed;
724 }
725
726 i += in_len;
727 total_len += out_len;
728 }
729
730 if (!EVP_DecryptFinal_ex(ctx, out + total_len, &out_len)) {
731 fprintf(stderr, "FAIL (%s:%zu): EVP_DecryptFinal_ex failed\n",
732 label, test_number);
733 goto failed;
734 }
735 total_len += out_len;
736
737 if (!EVP_CIPHER_CTX_reset(ctx)) {
738 fprintf(stderr,
739 "FAIL (%s:%zu): EVP_CIPHER_CTX_reset failed\n",
740 label, test_number);
741 goto failed;
742 }
743
744 if (total_len != at->in_len) {
745 fprintf(stderr,
746 "FAIL (%s:%zu): EVP decryption length mismatch\n",
747 label, test_number);
748 goto failed;
749 }
750
751 if (memcmp(at->in, out, at->in_len) != 0) {
752 fprintf(stderr, "FAIL (%s:%zu): EVP decryption mismatch\n",
753 label, test_number);
754 goto failed;
755 }
756
757 success = 1;
758
759 failed:
760 EVP_CIPHER_CTX_free(ctx);
761 return success;
762 }
763
764
765 static int
aes_key_bits_from_nid(int nid)766 aes_key_bits_from_nid(int nid)
767 {
768 switch (nid) {
769 case NID_aes_128_ecb:
770 case NID_aes_128_cbc:
771 case NID_aes_128_cfb128:
772 case NID_aes_128_ofb128:
773 case NID_aes_128_gcm:
774 case NID_aes_128_ccm:
775 return 128;
776 case NID_aes_192_ecb:
777 case NID_aes_192_cbc:
778 case NID_aes_192_cfb128:
779 case NID_aes_192_ofb128:
780 case NID_aes_192_gcm:
781 case NID_aes_192_ccm:
782 return 192;
783 case NID_aes_256_ecb:
784 case NID_aes_256_cbc:
785 case NID_aes_256_cfb128:
786 case NID_aes_256_ofb128:
787 case NID_aes_256_gcm:
788 case NID_aes_256_ccm:
789 return 256;
790 default:
791 return -1;
792 }
793 }
794
795 static int
aes_cipher_from_nid(int nid,const char ** out_label,const EVP_CIPHER ** out_cipher)796 aes_cipher_from_nid(int nid, const char **out_label,
797 const EVP_CIPHER **out_cipher)
798 {
799 switch (nid) {
800 /* ECB */
801 case NID_aes_128_ecb:
802 *out_label = SN_aes_128_ecb;
803 *out_cipher = EVP_aes_128_ecb();
804 break;
805 case NID_aes_192_ecb:
806 *out_label = SN_aes_192_ecb;
807 *out_cipher = EVP_aes_192_ecb();
808 break;
809 case NID_aes_256_ecb:
810 *out_label = SN_aes_256_ecb;
811 *out_cipher = EVP_aes_256_ecb();
812 break;
813
814 /* CBC */
815 case NID_aes_128_cbc:
816 *out_label = SN_aes_128_cbc;
817 *out_cipher = EVP_aes_128_cbc();
818 break;
819 case NID_aes_192_cbc:
820 *out_label = SN_aes_192_cbc;
821 *out_cipher = EVP_aes_192_cbc();
822 break;
823 case NID_aes_256_cbc:
824 *out_label = SN_aes_256_cbc;
825 *out_cipher = EVP_aes_256_cbc();
826 break;
827
828 /* CFB128 */
829 case NID_aes_128_cfb128:
830 *out_label = SN_aes_128_cfb128;
831 *out_cipher = EVP_aes_128_cfb128();
832 break;
833 case NID_aes_192_cfb128:
834 *out_label = SN_aes_192_cfb128;
835 *out_cipher = EVP_aes_192_cfb128();
836 break;
837 case NID_aes_256_cfb128:
838 *out_label = SN_aes_256_cfb128;
839 *out_cipher = EVP_aes_256_cfb128();
840 break;
841
842 /* OFB128 */
843 case NID_aes_128_ofb128:
844 *out_label = SN_aes_128_ofb128;
845 *out_cipher = EVP_aes_128_ofb();
846 break;
847 case NID_aes_192_ofb128:
848 *out_label = SN_aes_192_ofb128;
849 *out_cipher = EVP_aes_192_ofb();
850 break;
851 case NID_aes_256_ofb128:
852 *out_label = SN_aes_256_ofb128;
853 *out_cipher = EVP_aes_256_ofb();
854 break;
855
856 /* GCM */
857 case NID_aes_128_gcm:
858 *out_label = SN_aes_128_gcm;
859 *out_cipher = EVP_aes_128_gcm();
860 break;
861 case NID_aes_192_gcm:
862 *out_label = SN_aes_192_gcm;
863 *out_cipher = EVP_aes_192_gcm();
864 break;
865 case NID_aes_256_gcm:
866 *out_label = SN_aes_256_gcm;
867 *out_cipher = EVP_aes_256_gcm();
868 break;
869
870 /* CCM */
871 case NID_aes_128_ccm:
872 *out_label = SN_aes_128_ccm;
873 *out_cipher = EVP_aes_128_ccm();
874 break;
875 case NID_aes_192_ccm:
876 *out_label = SN_aes_192_ccm;
877 *out_cipher = EVP_aes_192_ccm();
878 break;
879 case NID_aes_256_ccm:
880 *out_label = SN_aes_256_ccm;
881 *out_cipher = EVP_aes_256_ccm();
882 break;
883
884 /* Unknown */
885 default:
886 return 0;
887 }
888
889 return 1;
890 }
891
892 static int
aes_test(void)893 aes_test(void)
894 {
895 const struct aes_test *at;
896 const char *label;
897 const EVP_CIPHER *cipher;
898 int key_bits;
899 size_t i;
900 int failed = 1;
901
902 for (i = 0; i < N_AES_TESTS; i++) {
903 at = &aes_tests[i];
904 key_bits = aes_key_bits_from_nid(at->mode);
905 if (!aes_cipher_from_nid(at->mode, &label, &cipher))
906 goto failed;
907
908 switch (at->mode) {
909 /* ECB */
910 case NID_aes_128_ecb:
911 case NID_aes_192_ecb:
912 case NID_aes_256_ecb:
913 if (!aes_ecb_test(i, label, key_bits, at))
914 goto failed;
915 break;
916
917 /* CBC */
918 case NID_aes_128_cbc:
919 case NID_aes_192_cbc:
920 case NID_aes_256_cbc:
921 if (!aes_cbc_test(i, label, key_bits, at))
922 goto failed;
923 break;
924
925 /* CFB128 */
926 case NID_aes_128_cfb128:
927 case NID_aes_192_cfb128:
928 case NID_aes_256_cfb128:
929 /* XXX - CFB128 non-EVP tests */
930 break;
931
932 /* OFB128 */
933 case NID_aes_128_ofb128:
934 case NID_aes_192_ofb128:
935 case NID_aes_256_ofb128:
936 /* XXX - OFB128 non-EVP tests */
937 break;
938
939 /* GCM */
940 case NID_aes_128_gcm:
941 case NID_aes_192_gcm:
942 case NID_aes_256_gcm:
943 /* GCM is EVP-only */
944 break;
945
946 /* CCM */
947 case NID_aes_128_ccm:
948 case NID_aes_192_ccm:
949 case NID_aes_256_ccm:
950 /* XXX - CCM non-EVP tests */
951 break;
952
953 /* Unknown */
954 default:
955 fprintf(stderr, "FAIL: unknown mode (%d)\n",
956 at->mode);
957 goto failed;
958 }
959
960 if (!aes_evp_test(i, at, label, key_bits, cipher))
961 goto failed;
962 }
963
964 failed = 0;
965
966 failed:
967 return failed;
968 }
969
970 int
main(int argc,char ** argv)971 main(int argc, char **argv)
972 {
973 int failed = 0;
974
975 failed |= aes_test();
976
977 return failed;
978 }
979
980