1ebfedea0SLionel Sambuc /* test/igetest.c -*- mode:C; c-file-style: "eay" -*- */
2ebfedea0SLionel Sambuc /* ====================================================================
3ebfedea0SLionel Sambuc * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
4ebfedea0SLionel Sambuc *
5ebfedea0SLionel Sambuc * Redistribution and use in source and binary forms, with or without
6ebfedea0SLionel Sambuc * modification, are permitted provided that the following conditions
7ebfedea0SLionel Sambuc * are met:
8ebfedea0SLionel Sambuc *
9ebfedea0SLionel Sambuc * 1. Redistributions of source code must retain the above copyright
10ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer.
11ebfedea0SLionel Sambuc *
12ebfedea0SLionel Sambuc * 2. Redistributions in binary form must reproduce the above copyright
13ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer in
14ebfedea0SLionel Sambuc * the documentation and/or other materials provided with the
15ebfedea0SLionel Sambuc * distribution.
16ebfedea0SLionel Sambuc *
17ebfedea0SLionel Sambuc * 3. All advertising materials mentioning features or use of this
18ebfedea0SLionel Sambuc * software must display the following acknowledgment:
19ebfedea0SLionel Sambuc * "This product includes software developed by the OpenSSL Project
20ebfedea0SLionel Sambuc * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21ebfedea0SLionel Sambuc *
22ebfedea0SLionel Sambuc * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23ebfedea0SLionel Sambuc * endorse or promote products derived from this software without
24ebfedea0SLionel Sambuc * prior written permission. For written permission, please contact
25ebfedea0SLionel Sambuc * openssl-core@openssl.org.
26ebfedea0SLionel Sambuc *
27ebfedea0SLionel Sambuc * 5. Products derived from this software may not be called "OpenSSL"
28ebfedea0SLionel Sambuc * nor may "OpenSSL" appear in their names without prior written
29ebfedea0SLionel Sambuc * permission of the OpenSSL Project.
30ebfedea0SLionel Sambuc *
31ebfedea0SLionel Sambuc * 6. Redistributions of any form whatsoever must retain the following
32ebfedea0SLionel Sambuc * acknowledgment:
33ebfedea0SLionel Sambuc * "This product includes software developed by the OpenSSL Project
34ebfedea0SLionel Sambuc * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35ebfedea0SLionel Sambuc *
36ebfedea0SLionel Sambuc * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37ebfedea0SLionel Sambuc * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38ebfedea0SLionel Sambuc * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39ebfedea0SLionel Sambuc * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40ebfedea0SLionel Sambuc * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41ebfedea0SLionel Sambuc * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42ebfedea0SLionel Sambuc * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43ebfedea0SLionel Sambuc * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44ebfedea0SLionel Sambuc * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45ebfedea0SLionel Sambuc * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46ebfedea0SLionel Sambuc * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47ebfedea0SLionel Sambuc * OF THE POSSIBILITY OF SUCH DAMAGE.
48ebfedea0SLionel Sambuc * ====================================================================
49ebfedea0SLionel Sambuc *
50ebfedea0SLionel Sambuc */
51ebfedea0SLionel Sambuc
52ebfedea0SLionel Sambuc #include <openssl/aes.h>
53ebfedea0SLionel Sambuc #include <openssl/rand.h>
54ebfedea0SLionel Sambuc #include <stdio.h>
55ebfedea0SLionel Sambuc #include <string.h>
56ebfedea0SLionel Sambuc #include <assert.h>
57ebfedea0SLionel Sambuc
58ebfedea0SLionel Sambuc #define TEST_SIZE 128
59ebfedea0SLionel Sambuc #define BIG_TEST_SIZE 10240
60ebfedea0SLionel Sambuc
hexdump(FILE * f,const char * title,const unsigned char * s,int l)61ebfedea0SLionel Sambuc static void hexdump(FILE *f, const char *title, const unsigned char *s, int l)
62ebfedea0SLionel Sambuc {
63ebfedea0SLionel Sambuc int n = 0;
64ebfedea0SLionel Sambuc
65ebfedea0SLionel Sambuc fprintf(f, "%s", title);
66*0a6a1f1dSLionel Sambuc for (; n < l; ++n) {
67ebfedea0SLionel Sambuc if ((n % 16) == 0)
68ebfedea0SLionel Sambuc fprintf(f, "\n%04x", n);
69ebfedea0SLionel Sambuc fprintf(f, " %02x", s[n]);
70ebfedea0SLionel Sambuc }
71ebfedea0SLionel Sambuc fprintf(f, "\n");
72ebfedea0SLionel Sambuc }
73ebfedea0SLionel Sambuc
74ebfedea0SLionel Sambuc #define MAX_VECTOR_SIZE 64
75ebfedea0SLionel Sambuc
76*0a6a1f1dSLionel Sambuc struct ige_test {
77ebfedea0SLionel Sambuc const unsigned char key[16];
78ebfedea0SLionel Sambuc const unsigned char iv[32];
79ebfedea0SLionel Sambuc const unsigned char in[MAX_VECTOR_SIZE];
80ebfedea0SLionel Sambuc const unsigned char out[MAX_VECTOR_SIZE];
81ebfedea0SLionel Sambuc const size_t length;
82ebfedea0SLionel Sambuc const int encrypt;
83ebfedea0SLionel Sambuc };
84ebfedea0SLionel Sambuc
85ebfedea0SLionel Sambuc static struct ige_test const ige_test_vectors[] = {
86ebfedea0SLionel Sambuc {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
87ebfedea0SLionel Sambuc 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key */
88ebfedea0SLionel Sambuc {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
89ebfedea0SLionel Sambuc 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
90ebfedea0SLionel Sambuc 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
91ebfedea0SLionel Sambuc 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* iv */
92ebfedea0SLionel Sambuc {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
93ebfedea0SLionel Sambuc 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
94ebfedea0SLionel Sambuc 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
95ebfedea0SLionel Sambuc 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */
96ebfedea0SLionel Sambuc {0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52,
97ebfedea0SLionel Sambuc 0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45,
98ebfedea0SLionel Sambuc 0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3,
99ebfedea0SLionel Sambuc 0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb}, /* out */
100ebfedea0SLionel Sambuc 32, AES_ENCRYPT}, /* test vector 0 */
101ebfedea0SLionel Sambuc
102ebfedea0SLionel Sambuc {{0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
103ebfedea0SLionel Sambuc 0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65}, /* key */
104ebfedea0SLionel Sambuc {0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f,
105ebfedea0SLionel Sambuc 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45,
106ebfedea0SLionel Sambuc 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f,
107ebfedea0SLionel Sambuc 0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53}, /* iv */
108ebfedea0SLionel Sambuc {0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73,
109ebfedea0SLionel Sambuc 0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65,
110ebfedea0SLionel Sambuc 0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74,
111ebfedea0SLionel Sambuc 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a}, /* in */
112ebfedea0SLionel Sambuc {0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13,
113ebfedea0SLionel Sambuc 0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a,
114ebfedea0SLionel Sambuc 0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34,
115ebfedea0SLionel Sambuc 0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b}, /* out */
116ebfedea0SLionel Sambuc 32, AES_DECRYPT}, /* test vector 1 */
117ebfedea0SLionel Sambuc };
118ebfedea0SLionel Sambuc
119*0a6a1f1dSLionel Sambuc struct bi_ige_test {
120ebfedea0SLionel Sambuc const unsigned char key1[32];
121ebfedea0SLionel Sambuc const unsigned char key2[32];
122ebfedea0SLionel Sambuc const unsigned char iv[64];
123ebfedea0SLionel Sambuc const unsigned char in[MAX_VECTOR_SIZE];
124ebfedea0SLionel Sambuc const unsigned char out[MAX_VECTOR_SIZE];
125ebfedea0SLionel Sambuc const size_t keysize;
126ebfedea0SLionel Sambuc const size_t length;
127ebfedea0SLionel Sambuc const int encrypt;
128ebfedea0SLionel Sambuc };
129ebfedea0SLionel Sambuc
130ebfedea0SLionel Sambuc static struct bi_ige_test const bi_ige_test_vectors[] = {
131ebfedea0SLionel Sambuc {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
132ebfedea0SLionel Sambuc 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key1 */
133ebfedea0SLionel Sambuc {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
134ebfedea0SLionel Sambuc 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* key2 */
135ebfedea0SLionel Sambuc {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
136ebfedea0SLionel Sambuc 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
137ebfedea0SLionel Sambuc 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
138ebfedea0SLionel Sambuc 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
139ebfedea0SLionel Sambuc 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
140ebfedea0SLionel Sambuc 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
141ebfedea0SLionel Sambuc 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
142ebfedea0SLionel Sambuc 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f}, /* iv */
143ebfedea0SLionel Sambuc {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
144ebfedea0SLionel Sambuc 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
145ebfedea0SLionel Sambuc 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
146ebfedea0SLionel Sambuc 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */
147ebfedea0SLionel Sambuc {0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56,
148ebfedea0SLionel Sambuc 0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc,
149ebfedea0SLionel Sambuc 0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16,
150ebfedea0SLionel Sambuc 0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12}, /* out */
151ebfedea0SLionel Sambuc 16, 32, AES_ENCRYPT}, /* test vector 0 */
152ebfedea0SLionel Sambuc {{0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c,
153ebfedea0SLionel Sambuc 0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a,
154ebfedea0SLionel Sambuc 0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75,
155ebfedea0SLionel Sambuc 0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37}, /* key1 */
156ebfedea0SLionel Sambuc {0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13,
157ebfedea0SLionel Sambuc 0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74,
158ebfedea0SLionel Sambuc 0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21,
159ebfedea0SLionel Sambuc 0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4}, /* key2 */
160ebfedea0SLionel Sambuc {0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9,
161ebfedea0SLionel Sambuc 0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70,
162ebfedea0SLionel Sambuc 0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42,
163ebfedea0SLionel Sambuc 0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67,
164ebfedea0SLionel Sambuc 0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a,
165ebfedea0SLionel Sambuc 0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20,
166ebfedea0SLionel Sambuc 0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd,
167ebfedea0SLionel Sambuc 0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3}, /* iv */
168ebfedea0SLionel Sambuc {0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c,
169ebfedea0SLionel Sambuc 0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0,
170ebfedea0SLionel Sambuc 0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f,
171ebfedea0SLionel Sambuc 0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b,
172ebfedea0SLionel Sambuc 0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52,
173ebfedea0SLionel Sambuc 0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a,
174ebfedea0SLionel Sambuc 0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c,
175ebfedea0SLionel Sambuc 0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */
176ebfedea0SLionel Sambuc {0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23,
177ebfedea0SLionel Sambuc 0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79,
178ebfedea0SLionel Sambuc 0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf,
179ebfedea0SLionel Sambuc 0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92,
180ebfedea0SLionel Sambuc 0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51,
181ebfedea0SLionel Sambuc 0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67,
182ebfedea0SLionel Sambuc 0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76,
183ebfedea0SLionel Sambuc 0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */
184ebfedea0SLionel Sambuc 32, 64, AES_ENCRYPT}, /* test vector 1 */
185ebfedea0SLionel Sambuc
186ebfedea0SLionel Sambuc };
187ebfedea0SLionel Sambuc
run_test_vectors(void)188ebfedea0SLionel Sambuc static int run_test_vectors(void)
189ebfedea0SLionel Sambuc {
190ebfedea0SLionel Sambuc unsigned int n;
191ebfedea0SLionel Sambuc int errs = 0;
192ebfedea0SLionel Sambuc
193*0a6a1f1dSLionel Sambuc for (n = 0; n < sizeof(ige_test_vectors) / sizeof(ige_test_vectors[0]);
194*0a6a1f1dSLionel Sambuc ++n) {
195ebfedea0SLionel Sambuc const struct ige_test *const v = &ige_test_vectors[n];
196ebfedea0SLionel Sambuc AES_KEY key;
197ebfedea0SLionel Sambuc unsigned char buf[MAX_VECTOR_SIZE];
198ebfedea0SLionel Sambuc unsigned char iv[AES_BLOCK_SIZE * 2];
199ebfedea0SLionel Sambuc
200ebfedea0SLionel Sambuc assert(v->length <= MAX_VECTOR_SIZE);
201ebfedea0SLionel Sambuc
202ebfedea0SLionel Sambuc if (v->encrypt == AES_ENCRYPT)
203ebfedea0SLionel Sambuc AES_set_encrypt_key(v->key, 8 * sizeof v->key, &key);
204ebfedea0SLionel Sambuc else
205ebfedea0SLionel Sambuc AES_set_decrypt_key(v->key, 8 * sizeof v->key, &key);
206ebfedea0SLionel Sambuc memcpy(iv, v->iv, sizeof iv);
207ebfedea0SLionel Sambuc AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt);
208ebfedea0SLionel Sambuc
209*0a6a1f1dSLionel Sambuc if (memcmp(v->out, buf, v->length)) {
210ebfedea0SLionel Sambuc printf("IGE test vector %d failed\n", n);
211ebfedea0SLionel Sambuc hexdump(stdout, "key", v->key, sizeof v->key);
212ebfedea0SLionel Sambuc hexdump(stdout, "iv", v->iv, sizeof v->iv);
213ebfedea0SLionel Sambuc hexdump(stdout, "in", v->in, v->length);
214ebfedea0SLionel Sambuc hexdump(stdout, "expected", v->out, v->length);
215ebfedea0SLionel Sambuc hexdump(stdout, "got", buf, v->length);
216ebfedea0SLionel Sambuc
217ebfedea0SLionel Sambuc ++errs;
218ebfedea0SLionel Sambuc }
219ebfedea0SLionel Sambuc
220ebfedea0SLionel Sambuc /* try with in == out */
221ebfedea0SLionel Sambuc memcpy(iv, v->iv, sizeof iv);
222ebfedea0SLionel Sambuc memcpy(buf, v->in, v->length);
223ebfedea0SLionel Sambuc AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt);
224ebfedea0SLionel Sambuc
225*0a6a1f1dSLionel Sambuc if (memcmp(v->out, buf, v->length)) {
226ebfedea0SLionel Sambuc printf("IGE test vector %d failed (with in == out)\n", n);
227ebfedea0SLionel Sambuc hexdump(stdout, "key", v->key, sizeof v->key);
228ebfedea0SLionel Sambuc hexdump(stdout, "iv", v->iv, sizeof v->iv);
229ebfedea0SLionel Sambuc hexdump(stdout, "in", v->in, v->length);
230ebfedea0SLionel Sambuc hexdump(stdout, "expected", v->out, v->length);
231ebfedea0SLionel Sambuc hexdump(stdout, "got", buf, v->length);
232ebfedea0SLionel Sambuc
233ebfedea0SLionel Sambuc ++errs;
234ebfedea0SLionel Sambuc }
235ebfedea0SLionel Sambuc }
236ebfedea0SLionel Sambuc
237*0a6a1f1dSLionel Sambuc for (n = 0;
238*0a6a1f1dSLionel Sambuc n < sizeof(bi_ige_test_vectors) / sizeof(bi_ige_test_vectors[0]);
239*0a6a1f1dSLionel Sambuc ++n) {
240ebfedea0SLionel Sambuc const struct bi_ige_test *const v = &bi_ige_test_vectors[n];
241ebfedea0SLionel Sambuc AES_KEY key1;
242ebfedea0SLionel Sambuc AES_KEY key2;
243ebfedea0SLionel Sambuc unsigned char buf[MAX_VECTOR_SIZE];
244ebfedea0SLionel Sambuc
245ebfedea0SLionel Sambuc assert(v->length <= MAX_VECTOR_SIZE);
246ebfedea0SLionel Sambuc
247*0a6a1f1dSLionel Sambuc if (v->encrypt == AES_ENCRYPT) {
248ebfedea0SLionel Sambuc AES_set_encrypt_key(v->key1, 8 * v->keysize, &key1);
249ebfedea0SLionel Sambuc AES_set_encrypt_key(v->key2, 8 * v->keysize, &key2);
250*0a6a1f1dSLionel Sambuc } else {
251ebfedea0SLionel Sambuc AES_set_decrypt_key(v->key1, 8 * v->keysize, &key1);
252ebfedea0SLionel Sambuc AES_set_decrypt_key(v->key2, 8 * v->keysize, &key2);
253ebfedea0SLionel Sambuc }
254ebfedea0SLionel Sambuc
255ebfedea0SLionel Sambuc AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv,
256ebfedea0SLionel Sambuc v->encrypt);
257ebfedea0SLionel Sambuc
258*0a6a1f1dSLionel Sambuc if (memcmp(v->out, buf, v->length)) {
259ebfedea0SLionel Sambuc printf("Bidirectional IGE test vector %d failed\n", n);
260ebfedea0SLionel Sambuc hexdump(stdout, "key 1", v->key1, sizeof v->key1);
261ebfedea0SLionel Sambuc hexdump(stdout, "key 2", v->key2, sizeof v->key2);
262ebfedea0SLionel Sambuc hexdump(stdout, "iv", v->iv, sizeof v->iv);
263ebfedea0SLionel Sambuc hexdump(stdout, "in", v->in, v->length);
264ebfedea0SLionel Sambuc hexdump(stdout, "expected", v->out, v->length);
265ebfedea0SLionel Sambuc hexdump(stdout, "got", buf, v->length);
266ebfedea0SLionel Sambuc
267ebfedea0SLionel Sambuc ++errs;
268ebfedea0SLionel Sambuc }
269ebfedea0SLionel Sambuc }
270ebfedea0SLionel Sambuc
271ebfedea0SLionel Sambuc return errs;
272ebfedea0SLionel Sambuc }
273ebfedea0SLionel Sambuc
main(int argc,char ** argv)274ebfedea0SLionel Sambuc int main(int argc, char **argv)
275ebfedea0SLionel Sambuc {
276ebfedea0SLionel Sambuc unsigned char rkey[16];
277ebfedea0SLionel Sambuc unsigned char rkey2[16];
278ebfedea0SLionel Sambuc AES_KEY key;
279ebfedea0SLionel Sambuc AES_KEY key2;
280ebfedea0SLionel Sambuc unsigned char plaintext[BIG_TEST_SIZE];
281ebfedea0SLionel Sambuc unsigned char ciphertext[BIG_TEST_SIZE];
282ebfedea0SLionel Sambuc unsigned char checktext[BIG_TEST_SIZE];
283ebfedea0SLionel Sambuc unsigned char iv[AES_BLOCK_SIZE * 4];
284ebfedea0SLionel Sambuc unsigned char saved_iv[AES_BLOCK_SIZE * 4];
285ebfedea0SLionel Sambuc int err = 0;
286ebfedea0SLionel Sambuc unsigned int n;
287ebfedea0SLionel Sambuc unsigned matches;
288ebfedea0SLionel Sambuc
289ebfedea0SLionel Sambuc assert(BIG_TEST_SIZE >= TEST_SIZE);
290ebfedea0SLionel Sambuc
291ebfedea0SLionel Sambuc RAND_pseudo_bytes(rkey, sizeof rkey);
292ebfedea0SLionel Sambuc RAND_pseudo_bytes(plaintext, sizeof plaintext);
293ebfedea0SLionel Sambuc RAND_pseudo_bytes(iv, sizeof iv);
294ebfedea0SLionel Sambuc memcpy(saved_iv, iv, sizeof saved_iv);
295ebfedea0SLionel Sambuc
296ebfedea0SLionel Sambuc /* Forward IGE only... */
297ebfedea0SLionel Sambuc
298ebfedea0SLionel Sambuc /* Straight encrypt/decrypt */
299ebfedea0SLionel Sambuc AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
300*0a6a1f1dSLionel Sambuc AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv, AES_ENCRYPT);
301ebfedea0SLionel Sambuc
302ebfedea0SLionel Sambuc AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
303ebfedea0SLionel Sambuc memcpy(iv, saved_iv, sizeof iv);
304*0a6a1f1dSLionel Sambuc AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT);
305ebfedea0SLionel Sambuc
306*0a6a1f1dSLionel Sambuc if (memcmp(checktext, plaintext, TEST_SIZE)) {
307ebfedea0SLionel Sambuc printf("Encrypt+decrypt doesn't match\n");
308ebfedea0SLionel Sambuc hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
309ebfedea0SLionel Sambuc hexdump(stdout, "Checktext", checktext, TEST_SIZE);
310ebfedea0SLionel Sambuc ++err;
311ebfedea0SLionel Sambuc }
312ebfedea0SLionel Sambuc
313ebfedea0SLionel Sambuc /* Now check encrypt chaining works */
314ebfedea0SLionel Sambuc AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
315ebfedea0SLionel Sambuc memcpy(iv, saved_iv, sizeof iv);
316ebfedea0SLionel Sambuc AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv,
317ebfedea0SLionel Sambuc AES_ENCRYPT);
318ebfedea0SLionel Sambuc AES_ige_encrypt(plaintext + TEST_SIZE / 2,
319ebfedea0SLionel Sambuc ciphertext + TEST_SIZE / 2, TEST_SIZE / 2,
320ebfedea0SLionel Sambuc &key, iv, AES_ENCRYPT);
321ebfedea0SLionel Sambuc
322ebfedea0SLionel Sambuc AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
323ebfedea0SLionel Sambuc memcpy(iv, saved_iv, sizeof iv);
324*0a6a1f1dSLionel Sambuc AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT);
325ebfedea0SLionel Sambuc
326*0a6a1f1dSLionel Sambuc if (memcmp(checktext, plaintext, TEST_SIZE)) {
327ebfedea0SLionel Sambuc printf("Chained encrypt+decrypt doesn't match\n");
328ebfedea0SLionel Sambuc hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
329ebfedea0SLionel Sambuc hexdump(stdout, "Checktext", checktext, TEST_SIZE);
330ebfedea0SLionel Sambuc ++err;
331ebfedea0SLionel Sambuc }
332ebfedea0SLionel Sambuc
333ebfedea0SLionel Sambuc /* And check decrypt chaining */
334ebfedea0SLionel Sambuc AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
335ebfedea0SLionel Sambuc memcpy(iv, saved_iv, sizeof iv);
336ebfedea0SLionel Sambuc AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv,
337ebfedea0SLionel Sambuc AES_ENCRYPT);
338ebfedea0SLionel Sambuc AES_ige_encrypt(plaintext + TEST_SIZE / 2,
339ebfedea0SLionel Sambuc ciphertext + TEST_SIZE / 2, TEST_SIZE / 2,
340ebfedea0SLionel Sambuc &key, iv, AES_ENCRYPT);
341ebfedea0SLionel Sambuc
342ebfedea0SLionel Sambuc AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
343ebfedea0SLionel Sambuc memcpy(iv, saved_iv, sizeof iv);
344ebfedea0SLionel Sambuc AES_ige_encrypt(ciphertext, checktext, TEST_SIZE / 2, &key, iv,
345ebfedea0SLionel Sambuc AES_DECRYPT);
346ebfedea0SLionel Sambuc AES_ige_encrypt(ciphertext + TEST_SIZE / 2,
347ebfedea0SLionel Sambuc checktext + TEST_SIZE / 2, TEST_SIZE / 2, &key, iv,
348ebfedea0SLionel Sambuc AES_DECRYPT);
349ebfedea0SLionel Sambuc
350*0a6a1f1dSLionel Sambuc if (memcmp(checktext, plaintext, TEST_SIZE)) {
351ebfedea0SLionel Sambuc printf("Chained encrypt+chained decrypt doesn't match\n");
352ebfedea0SLionel Sambuc hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
353ebfedea0SLionel Sambuc hexdump(stdout, "Checktext", checktext, TEST_SIZE);
354ebfedea0SLionel Sambuc ++err;
355ebfedea0SLionel Sambuc }
356ebfedea0SLionel Sambuc
357ebfedea0SLionel Sambuc /* make sure garble extends forwards only */
358ebfedea0SLionel Sambuc AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
359ebfedea0SLionel Sambuc memcpy(iv, saved_iv, sizeof iv);
360ebfedea0SLionel Sambuc AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
361ebfedea0SLionel Sambuc AES_ENCRYPT);
362ebfedea0SLionel Sambuc
363ebfedea0SLionel Sambuc /* corrupt halfway through */
364ebfedea0SLionel Sambuc ++ciphertext[sizeof ciphertext / 2];
365ebfedea0SLionel Sambuc AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
366ebfedea0SLionel Sambuc memcpy(iv, saved_iv, sizeof iv);
367ebfedea0SLionel Sambuc AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
368ebfedea0SLionel Sambuc AES_DECRYPT);
369ebfedea0SLionel Sambuc
370ebfedea0SLionel Sambuc matches = 0;
371ebfedea0SLionel Sambuc for (n = 0; n < sizeof checktext; ++n)
372ebfedea0SLionel Sambuc if (checktext[n] == plaintext[n])
373ebfedea0SLionel Sambuc ++matches;
374ebfedea0SLionel Sambuc
375*0a6a1f1dSLionel Sambuc if (matches > sizeof checktext / 2 + sizeof checktext / 100) {
376ebfedea0SLionel Sambuc printf("More than 51%% matches after garbling\n");
377ebfedea0SLionel Sambuc ++err;
378ebfedea0SLionel Sambuc }
379ebfedea0SLionel Sambuc
380*0a6a1f1dSLionel Sambuc if (matches < sizeof checktext / 2) {
381ebfedea0SLionel Sambuc printf("Garble extends backwards!\n");
382ebfedea0SLionel Sambuc ++err;
383ebfedea0SLionel Sambuc }
384ebfedea0SLionel Sambuc
385ebfedea0SLionel Sambuc /* Bi-directional IGE */
386ebfedea0SLionel Sambuc
387*0a6a1f1dSLionel Sambuc /*
388*0a6a1f1dSLionel Sambuc * Note that we don't have to recover the IV, because chaining isn't
389*0a6a1f1dSLionel Sambuc */
390ebfedea0SLionel Sambuc /* possible with biIGE, so the IV is not updated. */
391ebfedea0SLionel Sambuc
392ebfedea0SLionel Sambuc RAND_pseudo_bytes(rkey2, sizeof rkey2);
393ebfedea0SLionel Sambuc
394ebfedea0SLionel Sambuc /* Straight encrypt/decrypt */
395ebfedea0SLionel Sambuc AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
396ebfedea0SLionel Sambuc AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
397ebfedea0SLionel Sambuc AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv,
398ebfedea0SLionel Sambuc AES_ENCRYPT);
399ebfedea0SLionel Sambuc
400ebfedea0SLionel Sambuc AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
401ebfedea0SLionel Sambuc AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
402ebfedea0SLionel Sambuc AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv,
403ebfedea0SLionel Sambuc AES_DECRYPT);
404ebfedea0SLionel Sambuc
405*0a6a1f1dSLionel Sambuc if (memcmp(checktext, plaintext, TEST_SIZE)) {
406ebfedea0SLionel Sambuc printf("Encrypt+decrypt doesn't match\n");
407ebfedea0SLionel Sambuc hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
408ebfedea0SLionel Sambuc hexdump(stdout, "Checktext", checktext, TEST_SIZE);
409ebfedea0SLionel Sambuc ++err;
410ebfedea0SLionel Sambuc }
411ebfedea0SLionel Sambuc
412ebfedea0SLionel Sambuc /* make sure garble extends both ways */
413ebfedea0SLionel Sambuc AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
414ebfedea0SLionel Sambuc AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
415ebfedea0SLionel Sambuc AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
416ebfedea0SLionel Sambuc AES_ENCRYPT);
417ebfedea0SLionel Sambuc
418ebfedea0SLionel Sambuc /* corrupt halfway through */
419ebfedea0SLionel Sambuc ++ciphertext[sizeof ciphertext / 2];
420ebfedea0SLionel Sambuc AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
421ebfedea0SLionel Sambuc AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
422ebfedea0SLionel Sambuc AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
423ebfedea0SLionel Sambuc AES_DECRYPT);
424ebfedea0SLionel Sambuc
425ebfedea0SLionel Sambuc matches = 0;
426ebfedea0SLionel Sambuc for (n = 0; n < sizeof checktext; ++n)
427ebfedea0SLionel Sambuc if (checktext[n] == plaintext[n])
428ebfedea0SLionel Sambuc ++matches;
429ebfedea0SLionel Sambuc
430*0a6a1f1dSLionel Sambuc if (matches > sizeof checktext / 100) {
431ebfedea0SLionel Sambuc printf("More than 1%% matches after bidirectional garbling\n");
432ebfedea0SLionel Sambuc ++err;
433ebfedea0SLionel Sambuc }
434ebfedea0SLionel Sambuc
435ebfedea0SLionel Sambuc /* make sure garble extends both ways (2) */
436ebfedea0SLionel Sambuc AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
437ebfedea0SLionel Sambuc AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
438ebfedea0SLionel Sambuc AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
439ebfedea0SLionel Sambuc AES_ENCRYPT);
440ebfedea0SLionel Sambuc
441ebfedea0SLionel Sambuc /* corrupt right at the end */
442ebfedea0SLionel Sambuc ++ciphertext[sizeof ciphertext - 1];
443ebfedea0SLionel Sambuc AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
444ebfedea0SLionel Sambuc AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
445ebfedea0SLionel Sambuc AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
446ebfedea0SLionel Sambuc AES_DECRYPT);
447ebfedea0SLionel Sambuc
448ebfedea0SLionel Sambuc matches = 0;
449ebfedea0SLionel Sambuc for (n = 0; n < sizeof checktext; ++n)
450ebfedea0SLionel Sambuc if (checktext[n] == plaintext[n])
451ebfedea0SLionel Sambuc ++matches;
452ebfedea0SLionel Sambuc
453*0a6a1f1dSLionel Sambuc if (matches > sizeof checktext / 100) {
454ebfedea0SLionel Sambuc printf("More than 1%% matches after bidirectional garbling (2)\n");
455ebfedea0SLionel Sambuc ++err;
456ebfedea0SLionel Sambuc }
457ebfedea0SLionel Sambuc
458ebfedea0SLionel Sambuc /* make sure garble extends both ways (3) */
459ebfedea0SLionel Sambuc AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
460ebfedea0SLionel Sambuc AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
461ebfedea0SLionel Sambuc AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
462ebfedea0SLionel Sambuc AES_ENCRYPT);
463ebfedea0SLionel Sambuc
464ebfedea0SLionel Sambuc /* corrupt right at the start */
465ebfedea0SLionel Sambuc ++ciphertext[0];
466ebfedea0SLionel Sambuc AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
467ebfedea0SLionel Sambuc AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
468ebfedea0SLionel Sambuc AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
469ebfedea0SLionel Sambuc AES_DECRYPT);
470ebfedea0SLionel Sambuc
471ebfedea0SLionel Sambuc matches = 0;
472ebfedea0SLionel Sambuc for (n = 0; n < sizeof checktext; ++n)
473ebfedea0SLionel Sambuc if (checktext[n] == plaintext[n])
474ebfedea0SLionel Sambuc ++matches;
475ebfedea0SLionel Sambuc
476*0a6a1f1dSLionel Sambuc if (matches > sizeof checktext / 100) {
477ebfedea0SLionel Sambuc printf("More than 1%% matches after bidirectional garbling (3)\n");
478ebfedea0SLionel Sambuc ++err;
479ebfedea0SLionel Sambuc }
480ebfedea0SLionel Sambuc
481ebfedea0SLionel Sambuc err += run_test_vectors();
482ebfedea0SLionel Sambuc
483ebfedea0SLionel Sambuc return err;
484ebfedea0SLionel Sambuc }
485