1 /********************************************************************** 2 Copyright(c) 2011-2016 Intel Corporation All rights reserved. 3 4 Redistribution and use in source and binary forms, with or without 5 modification, are permitted provided that the following conditions 6 are met: 7 * Redistributions of source code must retain the above copyright 8 notice, this list of conditions and the following disclaimer. 9 * Redistributions in binary form must reproduce the above copyright 10 notice, this list of conditions and the following disclaimer in 11 the documentation and/or other materials provided with the 12 distribution. 13 * Neither the name of Intel Corporation nor the names of its 14 contributors may be used to endorse or promote products derived 15 from this software without specific prior written permission. 16 17 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 **********************************************************************/ 29 30 #include <stdlib.h> 31 #include <stdio.h> 32 #include <stdint.h> 33 #include <string.h> // for memcmp() 34 #include <aes_gcm.h> 35 #include <openssl/sha.h> 36 #include "gcm_vectors.h" 37 #include "ossl_helper.h" 38 #include "types.h" 39 #include "gcm_test_alloc.h" 40 41 // #define GCM_VECTORS_VERBOSE 42 // #define GCM_VECTORS_EXTRA_VERBOSE 43 #ifndef TEST_SEED 44 #define TEST_SEED 0x1234 45 #endif 46 #ifndef RANDOMS 47 #define RANDOMS 200 48 #endif 49 #ifndef TEST_LEN 50 #define TEST_LEN 32 * 1024 51 #endif 52 #ifndef PAGE_LEN 53 #define PAGE_LEN (4 * 1024) 54 #endif 55 56 #if defined(NT_LD) || defined(NT_ST) || defined(NT_LDST) 57 #define ALIGNMENT (64) 58 #define ALIGNMENT_MASK (~63) 59 #define OFFSET_BASE_VALUE 64 60 #ifndef MAX_UNALIGNED 61 #define MAX_UNALIGNED (1) 62 #endif 63 #else 64 #define ALIGNMENT (0) 65 #define ALIGNMENT_MASK (~0) 66 #define OFFSET_BASE_VALUE 1 67 #ifndef MAX_UNALIGNED 68 #define MAX_UNALIGNED (16) 69 #endif 70 #endif 71 72 #if ALIGNMENT == 0 73 #define POSIX_ALIGNMENT (sizeof(void *)) 74 #else 75 #define POSIX_ALIGNMENT ALIGNMENT 76 #endif 77 78 void 79 dump_table(char *title, uint8_t *table, uint8_t count) 80 { 81 int i; 82 char const *space = " "; 83 84 printf("%s%s => {\n", space, title); 85 for (i = 0; i < count; i++) { 86 if (0 == (i & 15)) 87 printf("%s%s", space, space); 88 printf("%2x, ", table[i]); 89 if (15 == (i & 15)) 90 printf("\n"); 91 } 92 printf("%s}\n", space); 93 } 94 95 void 96 dump_gcm_data(struct gcm_key_data *gkey) 97 { 98 #ifdef GCM_VECTORS_EXTRA_VERBOSE 99 printf("gcm_data {\n"); 100 dump_table("expanded_keys", gkey->expanded_keys, (16 * 11)); 101 dump_table("shifted_hkey_1", gkey->shifted_hkey_1, 16); 102 dump_table("shifted_hkey_2", gkey->shifted_hkey_2, 16); 103 dump_table("shifted_hkey_3", gkey->shifted_hkey_3, 16); 104 dump_table("shifted_hkey_4", gkey->shifted_hkey_4, 16); 105 dump_table("shifted_hkey_5", gkey->shifted_hkey_5, 16); 106 dump_table("shifted_hkey_6", gkey->shifted_hkey_6, 16); 107 dump_table("shifted_hkey_7", gkey->shifted_hkey_7, 16); 108 dump_table("shifted_hkey_8", gkey->shifted_hkey_8, 16); 109 dump_table("shifted_hkey_1_k", gkey->shifted_hkey_1_k, 16); 110 dump_table("shifted_hkey_2_k", gkey->shifted_hkey_2_k, 16); 111 dump_table("shifted_hkey_3_k", gkey->shifted_hkey_3_k, 16); 112 dump_table("shifted_hkey_4_k", gkey->shifted_hkey_4_k, 16); 113 dump_table("shifted_hkey_5_k", gkey->shifted_hkey_5_k, 16); 114 dump_table("shifted_hkey_6_k", gkey->shifted_hkey_6_k, 16); 115 dump_table("shifted_hkey_7_k", gkey->shifted_hkey_7_k, 16); 116 dump_table("shifted_hkey_8_k", gkey->shifted_hkey_8_k, 16); 117 printf("}\n"); 118 #endif // GCM_VECTORS_VERBOSE 119 } 120 121 void 122 mk_rand_data(uint8_t *data, uint32_t size) 123 { 124 int i; 125 for (i = 0; i < size; i++) { 126 *data++ = rand(); 127 } 128 } 129 130 int 131 check_data(uint8_t *test, uint8_t *expected, uint64_t len, char *data_name) 132 { 133 int mismatch; 134 int OK = 0; 135 136 mismatch = memcmp(test, expected, len); 137 if (mismatch) { 138 OK = 1; 139 printf(" expected results don't match %s \t\t", data_name); 140 { 141 uint64_t a; 142 for (a = 0; a < len; a++) { 143 if (test[a] != expected[a]) { 144 printf(" '%x' != '%x' at 0x%llx of 0x%llx\n", test[a], 145 expected[a], (unsigned long long) a, 146 (unsigned long long) len); 147 break; 148 } 149 } 150 } 151 } 152 return OK; 153 } 154 155 int 156 check_vector(struct gcm_key_data *gkey, struct gcm_context_data *gctx, gcm_vector *vector) 157 { 158 uint8_t *pt_test = NULL; 159 uint8_t *ct_test = NULL; 160 uint8_t *o_ct_test = NULL; 161 uint8_t *IV_c = NULL; 162 uint8_t *T_test = NULL; 163 uint8_t *o_T_test = NULL; 164 int OK = 0; 165 166 #ifdef GCM_VECTORS_VERBOSE 167 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 168 (int) vector->Klen, (int) vector->IVlen, (int) vector->Plen, (int) vector->Alen, 169 (int) vector->Tlen); 170 #else 171 printf("."); 172 #endif 173 174 // Allocate required memory 175 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &o_ct_test, 176 (void **) &IV_c, (void **) &T_test, (void **) &o_T_test }; 177 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, ALIGNMENT, 0, 0, 0 }; 178 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->Plen, 179 vector->IVlen, vector->Tlen, vector->Tlen }; 180 181 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 182 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 183 return 1; 184 } 185 186 // Prepare IV 187 memcpy(IV_c, vector->IV, vector->IVlen); 188 189 // This is only required once for a given key 190 aes_gcm_pre_128(vector->K, gkey); 191 192 //// 193 // ISA-l Encrypt 194 //// 195 aes_gcm_enc_128(gkey, gctx, vector->C, vector->P, vector->Plen, IV_c, vector->A, 196 vector->Alen, vector->T, vector->Tlen); 197 openssl_aes_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, o_T_test, 198 vector->Tlen, vector->P, vector->Plen, o_ct_test); 199 OK |= check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 200 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 201 202 memcpy(ct_test, vector->C, vector->Plen); 203 memcpy(pt_test, vector->P, vector->Plen); 204 memset(vector->P, 0, vector->Plen); 205 memcpy(T_test, vector->T, vector->Tlen); 206 memset(vector->T, 0, vector->Tlen); 207 208 //// 209 // ISA-l Decrypt 210 //// 211 aes_gcm_dec_128(gkey, gctx, vector->P, vector->C, vector->Plen, IV_c, vector->A, 212 vector->Alen, vector->T, vector->Tlen); 213 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 214 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 215 memset(vector->P, 0, vector->Plen); 216 aes_gcm_dec_128(gkey, gctx, vector->P, o_ct_test, vector->Plen, IV_c, vector->A, 217 vector->Alen, vector->T, vector->Tlen); 218 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 219 220 const int result = 221 openssl_aes_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 222 vector->T, vector->Tlen, vector->C, vector->Plen, pt_test); 223 224 if (-1 == result) 225 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 226 227 OK |= (-1 == result); 228 229 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 230 return OK; 231 } 232 233 int 234 check_strm_vector(struct gcm_key_data *gkey, struct gcm_context_data *gctx, gcm_vector *vector, 235 int test_len) 236 { 237 uint8_t *pt_test = NULL; 238 uint8_t *ct_test = NULL; 239 uint8_t *o_ct_test = NULL; 240 uint8_t *IV_c = NULL; 241 uint8_t *T_test = NULL; 242 uint8_t *o_T_test = NULL; 243 uint8_t *stream = NULL; 244 int result; 245 int OK = 0; 246 uint32_t last_break; 247 int i; 248 uint8_t *rand_data = NULL; 249 uint64_t length; 250 251 #ifdef GCM_VECTORS_VERBOSE 252 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 253 (int) vector->Klen, (int) vector->IVlen, (int) vector->Plen, (int) vector->Alen, 254 (int) vector->Tlen); 255 #else 256 printf("."); 257 #endif 258 // Allocate required memory 259 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &o_ct_test, 260 (void **) &IV_c, (void **) &T_test, (void **) &o_T_test, 261 (void **) &rand_data }; 262 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, ALIGNMENT, 0, 0, 0, 0 }; 263 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->Plen, vector->IVlen, 264 vector->Tlen, vector->Tlen, 100 }; 265 266 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 267 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 268 return 1; 269 } 270 271 // Prepare IV 272 memcpy(IV_c, vector->IV, vector->IVlen); 273 274 // This is only required once for a given key 275 aes_gcm_pre_128(vector->K, gkey); 276 277 //// 278 // ISA-l Encrypt 279 //// 280 aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 281 282 last_break = 0; 283 i = (rand() % test_len / 8) & ALIGNMENT_MASK; 284 while (i < (vector->Plen)) { 285 if (i - last_break != 0) { 286 const int posix_ret = 287 posix_memalign((void **) &stream, POSIX_ALIGNMENT, i - last_break); 288 289 if (posix_ret != 0 || stream == NULL) { 290 OK = 1; 291 goto error_exit; 292 } 293 memcpy(stream, vector->P + last_break, i - last_break); 294 } 295 aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, stream, i - last_break); 296 if (i - last_break != 0) { 297 aligned_free(stream); 298 stream = NULL; 299 } 300 301 if (rand() % 1024 == 0) { 302 length = rand() % 100; 303 mk_rand_data(rand_data, length); 304 SHA1(rand_data, length, rand_data); 305 } 306 last_break = i; 307 i = (rand() % test_len / 8) & ALIGNMENT_MASK; 308 } 309 aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, vector->P + last_break, 310 vector->Plen - last_break); 311 if (gctx->in_length != vector->Plen) 312 printf("%llu, %llu\n", (unsigned long long) gctx->in_length, 313 (unsigned long long) vector->Plen); 314 aes_gcm_enc_128_finalize(gkey, gctx, vector->T, vector->Tlen); 315 openssl_aes_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, o_T_test, 316 vector->Tlen, vector->P, vector->Plen, o_ct_test); 317 OK |= check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 318 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 319 320 memcpy(ct_test, vector->C, vector->Plen); 321 memcpy(pt_test, vector->P, vector->Plen); 322 memset(vector->P, 0, vector->Plen); 323 memcpy(T_test, vector->T, vector->Tlen); 324 memset(vector->T, 0, vector->Tlen); 325 326 //// 327 // ISA-l Decrypt 328 //// 329 330 last_break = 0; 331 i = 0; 332 aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 333 while (i < (vector->Plen)) { 334 if (rand() % (test_len / 64) == 0) { 335 if (i - last_break != 0) { 336 const int posix_ret = posix_memalign( 337 (void **) &stream, POSIX_ALIGNMENT, i - last_break); 338 339 if (posix_ret != 0 || stream == NULL) { 340 OK = 1; 341 goto error_exit; 342 } 343 memcpy(stream, vector->C + last_break, i - last_break); 344 } 345 aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, stream, 346 i - last_break); 347 if (i - last_break != 0) { 348 aligned_free(stream); 349 stream = NULL; 350 } 351 352 if (rand() % 1024 == 0) { 353 length = rand() % 100; 354 355 mk_rand_data(rand_data, length); 356 SHA1(rand_data, length, rand_data); 357 } 358 359 last_break = i; 360 } 361 if (rand() % 1024 != 0) 362 i++; 363 } 364 aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, vector->C + last_break, 365 vector->Plen - last_break); 366 aes_gcm_dec_128_finalize(gkey, gctx, vector->T, vector->Tlen); 367 368 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 369 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 370 memset(vector->P, 0, vector->Plen); 371 aes_gcm_dec_128(gkey, gctx, vector->P, o_ct_test, vector->Plen, IV_c, vector->A, 372 vector->Alen, vector->T, vector->Tlen); 373 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 374 result = openssl_aes_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 375 vector->T, vector->Tlen, vector->C, vector->Plen, pt_test); 376 if (-1 == result) 377 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 378 OK |= (-1 == result); 379 error_exit: 380 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 381 return OK; 382 } 383 384 int 385 check_strm_vector2(struct gcm_key_data *gkey, struct gcm_context_data *gctx, gcm_vector *vector, 386 int length, int start, int breaks) 387 { 388 uint8_t *pt_test = NULL; 389 uint8_t *ct_test = NULL; 390 uint8_t *o_ct_test = NULL; 391 uint8_t *IV_c = NULL; 392 uint8_t *T_test = NULL; 393 uint8_t *o_T_test = NULL; 394 uint8_t *stream = NULL; 395 int result; 396 int OK = 0; 397 uint32_t last_break = 0; 398 int i = length; 399 400 #ifdef GCM_VECTORS_VERBOSE 401 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 402 (int) vector->Klen, (int) vector->IVlen, (int) vector->Plen, (int) vector->Alen, 403 (int) vector->Tlen); 404 #else 405 printf("."); 406 #endif 407 // Allocate required memory 408 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &o_ct_test, 409 (void **) &IV_c, (void **) &T_test, (void **) &o_T_test }; 410 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, ALIGNMENT, 0, 0, 0 }; 411 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->Plen, 412 vector->IVlen, vector->Tlen, vector->Tlen }; 413 414 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 415 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 416 return 1; 417 } 418 419 // Prepare IV 420 memcpy(IV_c, vector->IV, vector->IVlen); 421 422 // This is only required once for a given key 423 aes_gcm_pre_128(vector->K, gkey); 424 425 //// 426 // ISA-l Encrypt 427 //// 428 aes_gcm_enc_128(gkey, gctx, vector->C, vector->P, vector->Plen, IV_c, vector->A, 429 vector->Alen, vector->T, vector->Tlen); 430 aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 431 while (i < (vector->Plen)) { 432 if (i - last_break != 0) { 433 const int posix_ret = 434 posix_memalign((void **) &stream, POSIX_ALIGNMENT, i - last_break); 435 436 if (posix_ret != 0 || stream == NULL) { 437 OK = 1; 438 goto error_exit; 439 } 440 memcpy(stream, vector->P + last_break, i - last_break); 441 } 442 aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, stream, i - last_break); 443 if (i - last_break != 0) { 444 aligned_free(stream); 445 stream = NULL; 446 } 447 last_break = i; 448 i = i + (length - start) / breaks; 449 } 450 aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, vector->P + last_break, 451 vector->Plen - last_break); 452 aes_gcm_enc_128_finalize(gkey, gctx, vector->T, vector->Tlen); 453 openssl_aes_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, o_T_test, 454 vector->Tlen, vector->P, vector->Plen, o_ct_test); 455 456 OK |= check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 457 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 458 459 memcpy(ct_test, vector->C, vector->Plen); 460 memcpy(pt_test, vector->P, vector->Plen); 461 memset(vector->P, 0, vector->Plen); 462 memcpy(T_test, vector->T, vector->Tlen); 463 memset(vector->T, 0, vector->Tlen); 464 465 //// 466 // ISA-l Decrypt 467 //// 468 469 last_break = 0; 470 i = length; 471 aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 472 while (i < (vector->Plen)) { 473 if (i - last_break != 0) { 474 const int posix_ret = 475 posix_memalign((void **) &stream, POSIX_ALIGNMENT, i - last_break); 476 477 if (posix_ret != 0 || stream == NULL) { 478 OK = 1; 479 goto error_exit; 480 } 481 memcpy(stream, vector->C + last_break, i - last_break); 482 } 483 aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, stream, i - last_break); 484 if (i - last_break != 0) { 485 aligned_free(stream); 486 stream = NULL; 487 } 488 last_break = i; 489 i = i + (length - start) / breaks; 490 } 491 492 aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, vector->C + last_break, 493 vector->Plen - last_break); 494 aes_gcm_dec_128_finalize(gkey, gctx, vector->T, vector->Tlen); 495 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 496 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 497 memset(vector->P, 0, vector->Plen); 498 aes_gcm_dec_128(gkey, gctx, vector->P, o_ct_test, vector->Plen, IV_c, vector->A, 499 vector->Alen, vector->T, vector->Tlen); 500 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 501 result = openssl_aes_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 502 vector->T, vector->Tlen, vector->C, vector->Plen, pt_test); 503 if (-1 == result) 504 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 505 OK |= (-1 == result); 506 error_exit: 507 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 508 return OK; 509 } 510 511 int 512 check_strm_vector_efence(struct gcm_key_data *gkey, struct gcm_context_data *gctx, 513 gcm_vector *vector) 514 { 515 uint8_t *pt_test = NULL; 516 uint8_t *ct_test = NULL; 517 uint8_t *o_ct_test = NULL; 518 uint8_t *IV_c = NULL; 519 uint8_t *T_test = NULL; 520 uint8_t *o_T_test = NULL; 521 uint8_t *stream = NULL; 522 int result; 523 int OK = 0; 524 uint32_t last_break = 0; 525 int i = 1; 526 uint8_t *rand_data = NULL; 527 uint64_t length; 528 529 #ifdef GCM_VECTORS_VERBOSE 530 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 531 (int) vector->Klen, (int) vector->IVlen, (int) vector->Plen, (int) vector->Alen, 532 (int) vector->Tlen); 533 #else 534 printf("."); 535 #endif 536 // Allocate required memory 537 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &o_ct_test, 538 (void **) &IV_c, (void **) &T_test, (void **) &o_T_test, 539 (void **) &rand_data }; 540 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, ALIGNMENT, 0, 0, 0, 0 }; 541 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->Plen, vector->IVlen, 542 vector->Tlen, vector->Tlen, 100 }; 543 544 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 545 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 546 return 1; 547 } 548 549 // Prepare IV 550 memcpy(IV_c, vector->IV, vector->IVlen); 551 552 // This is only required once for a given key 553 aes_gcm_pre_128(vector->K, gkey); 554 555 //// 556 // ISA-l Encrypt 557 //// 558 aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 559 while (i < vector->Plen) { 560 if (rand() % 2000 == 0 || i - last_break > PAGE_LEN / 2) { 561 const int posix_ret = 562 posix_memalign((void **) &stream, POSIX_ALIGNMENT, PAGE_LEN); 563 564 if (posix_ret != 0 || stream == NULL) { 565 OK = 1; 566 goto error_exit; 567 } 568 i = i & ALIGNMENT_MASK; 569 memcpy(stream + PAGE_LEN - (i - last_break), vector->P + last_break, 570 i - last_break); 571 aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, 572 stream + PAGE_LEN - (i - last_break), 573 i - last_break); 574 aligned_free(stream); 575 stream = NULL; 576 if (rand() % 1024 == 0) { 577 length = rand() % 100; 578 mk_rand_data(rand_data, length); 579 SHA1(rand_data, length, rand_data); 580 } 581 last_break = i; 582 } 583 if (rand() % 1024 != 0) 584 i++; 585 } 586 aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, vector->P + last_break, 587 vector->Plen - last_break); 588 aes_gcm_enc_128_finalize(gkey, gctx, vector->T, vector->Tlen); 589 openssl_aes_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, o_T_test, 590 vector->Tlen, vector->P, vector->Plen, o_ct_test); 591 OK |= check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 592 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 593 594 memcpy(ct_test, vector->C, vector->Plen); 595 memcpy(pt_test, vector->P, vector->Plen); 596 memset(vector->P, 0, vector->Plen); 597 memcpy(T_test, vector->T, vector->Tlen); 598 memset(vector->T, 0, vector->Tlen); 599 600 //// 601 // ISA-l Decrypt 602 //// 603 604 last_break = 0; 605 i = 0; 606 aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 607 while (i < vector->Plen) { 608 if (rand() % 2000 == 0 || i - last_break > PAGE_LEN / 2) { 609 const int posix_ret = 610 posix_memalign((void **) &stream, POSIX_ALIGNMENT, PAGE_LEN); 611 612 if (posix_ret != 0 || stream == NULL) { 613 OK = 1; 614 goto error_exit; 615 } 616 i = i & ALIGNMENT_MASK; 617 memcpy(stream + PAGE_LEN - (i - last_break), vector->C + last_break, 618 i - last_break); 619 aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, 620 stream + PAGE_LEN - (i - last_break), 621 i - last_break); 622 aligned_free(stream); 623 stream = NULL; 624 if (rand() % 1024 == 0) { 625 length = rand() % 100; 626 627 mk_rand_data(rand_data, length); 628 SHA1(rand_data, length, rand_data); 629 } 630 631 last_break = i; 632 } 633 if (rand() % 1024 != 0) 634 i++; 635 } 636 aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, vector->C + last_break, 637 vector->Plen - last_break); 638 aes_gcm_dec_128_finalize(gkey, gctx, vector->T, vector->Tlen); 639 640 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 641 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 642 memset(vector->P, 0, vector->Plen); 643 aes_gcm_dec_128(gkey, gctx, vector->P, o_ct_test, vector->Plen, IV_c, vector->A, 644 vector->Alen, vector->T, vector->Tlen); 645 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 646 result = openssl_aes_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 647 vector->T, vector->Tlen, vector->C, vector->Plen, pt_test); 648 if (-1 == result) 649 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 650 OK |= (-1 == result); 651 error_exit: 652 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 653 return OK; 654 } 655 656 int 657 check_256_vector(struct gcm_key_data *gkey, struct gcm_context_data *gctx, gcm_vector *vector) 658 { 659 uint8_t *pt_test = NULL; 660 uint8_t *ct_test = NULL; 661 uint8_t *o_ct_test = NULL; 662 uint8_t *IV_c = NULL; 663 uint8_t *T_test = NULL; 664 uint8_t *o_T_test = NULL; 665 int result; 666 int OK = 0; 667 668 #ifdef GCM_VECTORS_VERBOSE 669 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 670 (int) vector->Klen, (int) vector->IVlen, (int) vector->Plen, (int) vector->Alen, 671 (int) vector->Tlen); 672 #else 673 printf("."); 674 #endif 675 // Allocate required memory 676 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &o_ct_test, 677 (void **) &IV_c, (void **) &T_test, (void **) &o_T_test }; 678 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, ALIGNMENT, 0, 0, 0 }; 679 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->Plen, 680 vector->IVlen, vector->Tlen, vector->Tlen }; 681 682 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 683 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 684 return 1; 685 } 686 687 // Prepare IV 688 memcpy(IV_c, vector->IV, vector->IVlen); 689 690 // This is only required once for a given key 691 aes_gcm_pre_256(vector->K, gkey); 692 693 //// 694 // ISA-l Encrypt 695 //// 696 aes_gcm_enc_256(gkey, gctx, vector->C, vector->P, vector->Plen, IV_c, vector->A, 697 vector->Alen, vector->T, vector->Tlen); 698 openssl_aes_256_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 699 o_T_test, vector->Tlen, vector->P, vector->Plen, o_ct_test); 700 OK |= check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 701 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 702 703 memcpy(ct_test, vector->C, vector->Plen); 704 memcpy(pt_test, vector->P, vector->Plen); 705 memset(vector->P, 0, vector->Plen); 706 memcpy(T_test, vector->T, vector->Tlen); 707 memset(vector->T, 0, vector->Tlen); 708 709 //// 710 // ISA-l Decrypt 711 //// 712 aes_gcm_dec_256(gkey, gctx, vector->P, vector->C, vector->Plen, IV_c, vector->A, 713 vector->Alen, vector->T, vector->Tlen); 714 OK |= check_data(vector->T, T_test, vector->Tlen, "ISA-L decrypt vs encrypt tag (T)"); 715 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 716 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted ISA-L plain text (P)"); 717 memset(vector->P, 0, vector->Plen); 718 aes_gcm_dec_256(gkey, gctx, vector->P, o_ct_test, vector->Plen, IV_c, vector->A, 719 vector->Alen, vector->T, vector->Tlen); 720 OK |= check_data(pt_test, vector->P, vector->Plen, 721 "ISA-L decrypted OpenSSL plain text (P)"); 722 result = openssl_aes_256_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, 723 vector->Alen, vector->T, vector->Tlen, vector->C, 724 vector->Plen, pt_test); 725 if (-1 == result) 726 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 727 OK |= (-1 == result); 728 729 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 730 return OK; 731 } 732 733 int 734 check_256_strm_vector(struct gcm_key_data *gkey, struct gcm_context_data *gctx, gcm_vector *vector, 735 int test_len) 736 { 737 uint8_t *pt_test = NULL; 738 uint8_t *ct_test = NULL; 739 uint8_t *o_ct_test = NULL; 740 uint8_t *IV_c = NULL; 741 uint8_t *T_test = NULL; 742 uint8_t *o_T_test = NULL; 743 uint8_t *stream = NULL; 744 int result; 745 int OK = 0; 746 uint32_t last_break; 747 int i; 748 uint8_t *rand_data = NULL; 749 uint64_t length; 750 751 #ifdef GCM_VECTORS_VERBOSE 752 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 753 (int) vector->Klen, (int) vector->IVlen, (int) vector->Plen, (int) vector->Alen, 754 (int) vector->Tlen); 755 #else 756 printf("."); 757 #endif 758 // Allocate required memory 759 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &o_ct_test, 760 (void **) &IV_c, (void **) &T_test, (void **) &o_T_test, 761 (void **) &rand_data }; 762 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, ALIGNMENT, 0, 0, 0, 0 }; 763 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->Plen, vector->IVlen, 764 vector->Tlen, vector->Tlen, 100 }; 765 766 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 767 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 768 return 1; 769 } 770 771 // Prepare IV 772 memcpy(IV_c, vector->IV, vector->IVlen); 773 774 // This is only required once for a given key 775 aes_gcm_pre_256(vector->K, gkey); 776 777 //// 778 // ISA-l Encrypt 779 //// 780 aes_gcm_init_256(gkey, gctx, IV_c, vector->A, vector->Alen); 781 782 last_break = 0; 783 i = (rand() % test_len / 8) & ALIGNMENT_MASK; 784 while (i < (vector->Plen)) { 785 if (i - last_break != 0) { 786 const int posix_ret = 787 posix_memalign((void **) &stream, POSIX_ALIGNMENT, i - last_break); 788 789 if (posix_ret != 0 || stream == NULL) { 790 OK = 1; 791 goto error_exit; 792 } 793 memcpy(stream, vector->P + last_break, i - last_break); 794 } 795 796 aes_gcm_enc_256_update(gkey, gctx, vector->C + last_break, stream, i - last_break); 797 if (i - last_break != 0) { 798 aligned_free(stream); 799 stream = NULL; 800 } 801 802 if (rand() % 1024 == 0) { 803 length = rand() % 100; 804 mk_rand_data(rand_data, length); 805 SHA1(rand_data, length, rand_data); 806 } 807 last_break = i; 808 i += (rand() % test_len / 8) & ALIGNMENT_MASK; 809 } 810 aes_gcm_enc_256_update(gkey, gctx, vector->C + last_break, vector->P + last_break, 811 vector->Plen - last_break); 812 if (gctx->in_length != vector->Plen) 813 printf("%llu, %llu\n", (unsigned long long) gctx->in_length, 814 (unsigned long long) vector->Plen); 815 aes_gcm_enc_256_finalize(gkey, gctx, vector->T, vector->Tlen); 816 817 openssl_aes_256_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 818 o_T_test, vector->Tlen, vector->P, vector->Plen, o_ct_test); 819 OK |= check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 820 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 821 822 memcpy(ct_test, vector->C, vector->Plen); 823 memcpy(pt_test, vector->P, vector->Plen); 824 memset(vector->P, 0, vector->Plen); 825 memcpy(T_test, vector->T, vector->Tlen); 826 memset(vector->T, 0, vector->Tlen); 827 828 //// 829 // ISA-l Decrypt 830 //// 831 832 last_break = 0; 833 i += (rand() % test_len / 8) & ALIGNMENT_MASK; 834 aes_gcm_init_256(gkey, gctx, IV_c, vector->A, vector->Alen); 835 while (i < (vector->Plen)) { 836 if (i - last_break != 0) { 837 const int posix_ret = 838 posix_memalign((void **) &stream, POSIX_ALIGNMENT, i - last_break); 839 840 if (posix_ret != 0 || stream == NULL) { 841 OK = 1; 842 goto error_exit; 843 } 844 memcpy(stream, vector->C + last_break, i - last_break); 845 } 846 847 aes_gcm_dec_256_update(gkey, gctx, vector->P + last_break, stream, i - last_break); 848 if (i - last_break != 0) { 849 aligned_free(stream); 850 stream = NULL; 851 } 852 853 if (rand() % 1024 == 0) { 854 length = rand() % 100; 855 856 mk_rand_data(rand_data, length); 857 SHA1(rand_data, length, rand_data); 858 } 859 860 last_break = i; 861 i += (rand() % test_len / 8) & ALIGNMENT_MASK; 862 } 863 aes_gcm_dec_256_update(gkey, gctx, vector->P + last_break, vector->C + last_break, 864 vector->Plen - last_break); 865 aes_gcm_dec_256_finalize(gkey, gctx, vector->T, vector->Tlen); 866 867 OK |= check_data(vector->T, T_test, vector->Tlen, "ISA-L decrypt vs encrypt tag (T)"); 868 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 869 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted ISA-L plain text (P)"); 870 memset(vector->P, 0, vector->Plen); 871 aes_gcm_dec_256(gkey, gctx, vector->P, o_ct_test, vector->Plen, IV_c, vector->A, 872 vector->Alen, vector->T, vector->Tlen); 873 OK |= check_data(pt_test, vector->P, vector->Plen, 874 "ISA-L decrypted OpenSSL plain text (P)"); 875 result = openssl_aes_256_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, 876 vector->Alen, vector->T, vector->Tlen, vector->C, 877 vector->Plen, pt_test); 878 if (-1 == result) 879 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 880 OK |= (-1 == result); 881 error_exit: 882 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 883 return OK; 884 } 885 886 int 887 test_gcm_strm_efence(void) 888 { 889 int tag_len = 8; 890 int t = 0; 891 struct gcm_key_data *gkey = NULL; 892 struct gcm_context_data *gctx = NULL; 893 894 gkey = malloc(sizeof(struct gcm_key_data)); 895 gctx = malloc(sizeof(struct gcm_context_data)); 896 if (NULL == gkey || NULL == gctx) { 897 free(gkey); 898 free(gctx); 899 return 1; 900 } 901 902 printf("AES GCM random efence test vectors with random stream:"); 903 for (t = 0; RANDOMS > t; t++) { 904 int posix_ret = 0; 905 gcm_vector test; 906 int Plen = (rand() % TEST_LEN); 907 // lengths must be a multiple of 4 bytes 908 int aad_len = (rand() % TEST_LEN); 909 int offset = (rand() % MAX_UNALIGNED); 910 if (offset == 0 && aad_len == 0) 911 offset = OFFSET_BASE_VALUE; 912 913 if (0 == (t % 25)) 914 printf("\n"); 915 if (0 == (t % 10)) 916 fflush(0); 917 test.P = NULL; 918 test.C = NULL; 919 test.A = NULL; 920 test.T = NULL; 921 test.Plen = Plen; 922 if (test.Plen + offset != 0) { 923 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 924 test.Plen + offset); 925 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 926 test.Plen + offset); 927 } else { // This else clause is here because openssl 1.0.1k does not handle NULL 928 // pointers 929 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 16); 930 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 16); 931 } 932 test.K = malloc(GCM_128_KEY_LEN + offset); 933 test.Klen = GCM_128_KEY_LEN; 934 test.IV = malloc(GCM_IV_DATA_LEN + offset); 935 test.IVlen = GCM_IV_DATA_LEN; 936 test.A = malloc(aad_len + offset); 937 test.Alen = aad_len; 938 test.T = malloc(MAX_TAG_LEN + offset); 939 test.Tlen = MAX_TAG_LEN; 940 941 if ((NULL == test.P && test.Plen != 0) || (NULL == test.C && test.Plen != 0) || 942 (NULL == test.K) || (NULL == test.IV) || (NULL == test.A) || (NULL == test.T) || 943 (posix_ret != 0)) { 944 printf("malloc of testsize:0x%x failed\n", Plen); 945 free(test.A); 946 aligned_free(test.C); 947 free(test.IV); 948 free(test.K); 949 aligned_free(test.P); 950 free(test.T); 951 free(gkey); 952 free(gctx); 953 return 1; 954 } 955 956 gcm_vector test_free = test; 957 958 test.P += offset; 959 test.C += offset; 960 test.K += offset; 961 test.IV += offset; 962 test.A += offset; 963 test.T += offset; 964 965 mk_rand_data(test.P, test.Plen); 966 mk_rand_data(test.K, test.Klen); 967 mk_rand_data(test.IV, test.IVlen); 968 mk_rand_data(test.A, test.Alen); 969 970 // single Key length of 128bits/16bytes supported 971 // single IV length of 96bits/12bytes supported 972 // Tag lengths of 8, 12 or 16 973 for (tag_len = 8; tag_len <= MAX_TAG_LEN;) { 974 test.Tlen = tag_len; 975 if (0 != check_strm_vector_efence(gkey, gctx, &test)) { 976 free(test_free.A); 977 aligned_free(test_free.C); 978 free(test_free.IV); 979 free(test_free.K); 980 aligned_free(test_free.P); 981 free(test_free.T); 982 free(gkey); 983 free(gctx); 984 return 1; 985 } 986 tag_len += 4; // supported lengths are 8, 12 or 16 987 } 988 free(test_free.A); 989 aligned_free(test_free.C); 990 free(test_free.IV); 991 free(test_free.K); 992 aligned_free(test_free.P); 993 free(test_free.T); 994 } 995 printf("\n"); 996 free(gkey); 997 free(gctx); 998 return 0; 999 } 1000 1001 int 1002 test_gcm_strm_combinations(int test_len) 1003 { 1004 int tag_len = 8; 1005 int t = 0; 1006 uint8_t *gkeytemp = NULL; 1007 struct gcm_key_data *gkey = NULL; 1008 struct gcm_context_data *gctx = NULL; 1009 1010 gkeytemp = malloc(sizeof(struct gcm_key_data) + 16); 1011 gctx = malloc(sizeof(struct gcm_context_data)); 1012 gkey = (struct gcm_key_data *) (gkeytemp + rand() % 16); 1013 if (NULL == gkeytemp || NULL == gctx) { 1014 free(gkeytemp); 1015 free(gctx); 1016 return 1; 1017 } 1018 1019 printf("AES GCM random test vectors with random stream of average size %d:", test_len / 64); 1020 for (t = 0; RANDOMS > t; t++) { 1021 int posix_ret = 0; 1022 gcm_vector test; 1023 int Plen = 0; // (rand() % test_len); 1024 // lengths must be a multiple of 4 bytes 1025 int aad_len = (rand() % test_len); 1026 int offset = (rand() % MAX_UNALIGNED); 1027 if (offset == 0 && aad_len == 0) 1028 offset = OFFSET_BASE_VALUE; 1029 1030 if (0 == (t % 25)) 1031 printf("\n"); 1032 if (0 == (t % 10)) 1033 fflush(0); 1034 test.P = NULL; 1035 test.C = NULL; 1036 test.A = NULL; 1037 test.T = NULL; 1038 test.Plen = Plen; 1039 if (test.Plen + offset != 0) { 1040 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 1041 test.Plen + offset); 1042 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 1043 test.Plen + offset); 1044 } else { // This else clause is here because openssl 1.0.1k does not handle NULL 1045 // pointers 1046 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 16); 1047 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 16); 1048 } 1049 test.K = malloc(GCM_128_KEY_LEN + offset); 1050 test.Klen = GCM_128_KEY_LEN; 1051 test.IV = malloc(GCM_IV_DATA_LEN + offset); 1052 test.IVlen = GCM_IV_DATA_LEN; 1053 test.A = malloc(aad_len + offset); 1054 test.Alen = aad_len; 1055 test.T = malloc(MAX_TAG_LEN + offset); 1056 test.Tlen = MAX_TAG_LEN; 1057 1058 if ((NULL == test.P && test.Plen != 0) || (NULL == test.C && test.Plen != 0) || 1059 (NULL == test.K) || (NULL == test.IV) || (NULL == test.A) || (NULL == test.T) || 1060 (posix_ret != 0)) { 1061 printf("malloc of testsize:0x%x failed\n", Plen); 1062 free(test.A); 1063 aligned_free(test.C); 1064 free(test.IV); 1065 free(test.K); 1066 aligned_free(test.P); 1067 free(test.T); 1068 free(gkeytemp); 1069 free(gctx); 1070 return 1; 1071 } 1072 1073 gcm_vector test_free = test; 1074 1075 test.P += offset; 1076 test.C += offset; 1077 test.K += offset; 1078 test.IV += offset; 1079 test.A += offset; 1080 test.T += offset; 1081 1082 mk_rand_data(test.P, test.Plen); 1083 mk_rand_data(test.K, test.Klen); 1084 mk_rand_data(test.IV, test.IVlen); 1085 mk_rand_data(test.A, test.Alen); 1086 1087 // single Key length of 128bits/16bytes supported 1088 // single IV length of 96bits/12bytes supported 1089 // Tag lengths of 8, 12 or 16 1090 for (tag_len = 8; tag_len <= MAX_TAG_LEN;) { 1091 test.Tlen = tag_len; 1092 if (0 != check_strm_vector(gkey, gctx, &test, test_len)) { 1093 free(test_free.A); 1094 aligned_free(test_free.C); 1095 free(test_free.IV); 1096 free(test_free.K); 1097 aligned_free(test_free.P); 1098 free(test_free.T); 1099 free(gkeytemp); 1100 free(gctx); 1101 return 1; 1102 } 1103 tag_len += 4; // supported lengths are 8, 12 or 16 1104 } 1105 free(test_free.A); 1106 aligned_free(test_free.C); 1107 free(test_free.IV); 1108 free(test_free.K); 1109 aligned_free(test_free.P); 1110 free(test_free.T); 1111 } 1112 printf("\n"); 1113 free(gkeytemp); 1114 free(gctx); 1115 return 0; 1116 } 1117 1118 int 1119 test_gcm_combinations(void) 1120 { 1121 int tag_len = 8; 1122 int t = 0; 1123 struct gcm_key_data *gkey = NULL; 1124 struct gcm_context_data *gctx = NULL; 1125 1126 gkey = malloc(sizeof(struct gcm_key_data)); 1127 gctx = malloc(sizeof(struct gcm_context_data)); 1128 if (NULL == gkey || NULL == gctx) { 1129 free(gctx); 1130 free(gkey); 1131 return 1; 1132 } 1133 1134 printf("AES GCM random test vectors:"); 1135 for (t = 0; RANDOMS > t; t++) { 1136 int posix_ret = 0; 1137 gcm_vector test; 1138 int Plen = (rand() % TEST_LEN); 1139 // lengths must be a multiple of 4 bytes 1140 int aad_len = (rand() % TEST_LEN); 1141 int offset = (rand() % MAX_UNALIGNED); 1142 if (offset == 0 && aad_len == 0) 1143 offset = OFFSET_BASE_VALUE; 1144 1145 if (0 == (t % 25)) 1146 printf("\n"); 1147 if (0 == (t % 10)) 1148 fflush(0); 1149 test.P = NULL; 1150 test.C = NULL; 1151 test.A = NULL; 1152 test.T = NULL; 1153 test.Plen = Plen; 1154 if (test.Plen + offset != 0) { 1155 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 1156 test.Plen + offset); 1157 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 1158 test.Plen + offset); 1159 } else { // This else clause is here because openssl 1.0.1k does not handle NULL 1160 // pointers 1161 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 16); 1162 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 16); 1163 } 1164 test.K = malloc(GCM_128_KEY_LEN + offset); 1165 test.Klen = GCM_128_KEY_LEN; 1166 test.IV = malloc(GCM_IV_DATA_LEN + offset); 1167 test.IVlen = GCM_IV_DATA_LEN; 1168 test.A = malloc(aad_len + offset); 1169 test.Alen = aad_len; 1170 test.T = malloc(MAX_TAG_LEN + offset); 1171 test.Tlen = MAX_TAG_LEN; 1172 1173 if ((NULL == test.P && test.Plen != 0) || (NULL == test.C && test.Plen != 0) || 1174 (NULL == test.K) || (NULL == test.IV) || (NULL == test.A) || (NULL == test.T) || 1175 (posix_ret != 0)) { 1176 printf("malloc of testsize:0x%x failed\n", Plen); 1177 free(test.A); 1178 aligned_free(test.C); 1179 free(test.IV); 1180 free(test.K); 1181 aligned_free(test.P); 1182 free(test.T); 1183 free(gkey); 1184 free(gctx); 1185 return 1; 1186 } 1187 1188 gcm_vector test_free = test; 1189 1190 test.P += offset; 1191 test.C += offset; 1192 test.K += offset; 1193 test.IV += offset; 1194 test.A += offset; 1195 test.T += offset; 1196 1197 mk_rand_data(test.P, test.Plen); 1198 mk_rand_data(test.K, test.Klen); 1199 mk_rand_data(test.IV, test.IVlen); 1200 mk_rand_data(test.A, test.Alen); 1201 1202 // single Key length of 128bits/16bytes supported 1203 // single IV length of 96bits/12bytes supported 1204 // Tag lengths of 8, 12 or 16 1205 for (tag_len = 8; tag_len <= MAX_TAG_LEN;) { 1206 test.Tlen = tag_len; 1207 if (0 != check_vector(gkey, gctx, &test)) { 1208 free(test_free.A); 1209 aligned_free(test_free.C); 1210 free(test_free.IV); 1211 free(test_free.K); 1212 aligned_free(test_free.P); 1213 free(test_free.T); 1214 free(gkey); 1215 free(gctx); 1216 return 1; 1217 } 1218 tag_len += 4; // supported lengths are 8, 12 or 16 1219 } 1220 1221 free(test_free.A); 1222 aligned_free(test_free.C); 1223 free(test_free.IV); 1224 free(test_free.K); 1225 aligned_free(test_free.P); 1226 free(test_free.T); 1227 } 1228 printf("\n"); 1229 free(gkey); 1230 free(gctx); 1231 return 0; 1232 } 1233 1234 int 1235 test_gcm256_combinations(void) 1236 { 1237 int tag_len = 8; 1238 int t = 0; 1239 struct gcm_key_data *gkey = NULL; 1240 struct gcm_context_data *gctx = NULL; 1241 1242 gkey = malloc(sizeof(struct gcm_key_data)); 1243 gctx = malloc(sizeof(struct gcm_context_data)); 1244 if (NULL == gkey || NULL == gctx) { 1245 free(gkey); 1246 free(gctx); 1247 return 1; 1248 } 1249 1250 printf("AES-GCM-256 random test vectors:"); 1251 for (t = 0; RANDOMS > t; t++) { 1252 int posix_ret = 0; 1253 gcm_vector test; 1254 int Plen = (rand() % TEST_LEN); 1255 // lengths must be a multiple of 4 bytes 1256 int aad_len = (rand() % TEST_LEN); 1257 int offset = (rand() % MAX_UNALIGNED); 1258 if (offset == 0 && aad_len == 0) 1259 offset = OFFSET_BASE_VALUE; 1260 1261 if (0 == (t % 25)) 1262 printf("\n"); 1263 if (0 == (t % 10)) 1264 fflush(0); 1265 test.P = NULL; 1266 test.C = NULL; 1267 test.A = NULL; 1268 test.T = NULL; 1269 test.Plen = Plen; 1270 if (test.Plen + offset != 0) { 1271 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 1272 test.Plen + offset); 1273 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 1274 test.Plen + offset); 1275 } else { // This else clause is here because openssl 1.0.1k does not handle NULL 1276 // pointers 1277 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 16); 1278 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 16); 1279 } 1280 test.K = malloc(GCM_256_KEY_LEN + offset); 1281 test.Klen = GCM_256_KEY_LEN; 1282 test.IV = malloc(GCM_IV_DATA_LEN + offset); 1283 test.IVlen = GCM_IV_DATA_LEN; 1284 test.A = malloc(aad_len + offset); 1285 test.Alen = aad_len; 1286 test.T = malloc(MAX_TAG_LEN + offset); 1287 test.Tlen = MAX_TAG_LEN; 1288 1289 if ((NULL == test.P && test.Plen != 0) || (NULL == test.C && test.Plen != 0) || 1290 (NULL == test.K) || (NULL == test.IV) || (NULL == test.A) || (NULL == test.T) || 1291 (posix_ret != 0)) { 1292 printf("malloc of testsize:0x%x failed, P=%p, C=%p, K=%p, IV=%p, A=%p, " 1293 "T=%p, posix_ret=%d\n", 1294 Plen, test.P, test.C, test.K, test.IV, test.A, test.T, posix_ret); 1295 free(test.A); 1296 aligned_free(test.C); 1297 free(test.IV); 1298 free(test.K); 1299 aligned_free(test.P); 1300 free(test.T); 1301 free(gkey); 1302 free(gctx); 1303 return 1; 1304 } 1305 1306 gcm_vector test_free = test; 1307 1308 test.P += offset; 1309 test.C += offset; 1310 test.K += offset; 1311 test.IV += offset; 1312 test.A += offset; 1313 test.T += offset; 1314 1315 mk_rand_data(test.P, test.Plen); 1316 mk_rand_data(test.K, test.Klen); 1317 mk_rand_data(test.IV, test.IVlen); 1318 mk_rand_data(test.A, test.Alen); 1319 1320 // single Key length of 128bits/16bytes supported 1321 // single IV length of 96bits/12bytes supported 1322 // Tag lengths of 8, 12 or 16 1323 for (tag_len = 8; tag_len <= MAX_TAG_LEN;) { 1324 test.Tlen = tag_len; 1325 if (0 != check_256_vector(gkey, gctx, &test)) { 1326 free(test_free.A); 1327 aligned_free(test_free.C); 1328 free(test_free.IV); 1329 free(test_free.K); 1330 aligned_free(test_free.P); 1331 free(test_free.T); 1332 free(gkey); 1333 free(gctx); 1334 return 1; 1335 } 1336 tag_len += 4; // supported lengths are 8, 12 or 16 1337 } 1338 free(test_free.A); 1339 aligned_free(test_free.C); 1340 free(test_free.IV); 1341 free(test_free.K); 1342 aligned_free(test_free.P); 1343 free(test_free.T); 1344 } 1345 printf("\n"); 1346 free(gkey); 1347 free(gctx); 1348 return 0; 1349 } 1350 1351 int 1352 test_gcm256_strm_combinations(int test_len) 1353 { 1354 int tag_len = 8; 1355 int t = 0; 1356 uint8_t *gkeytemp = NULL; 1357 struct gcm_key_data *gkey = NULL; 1358 struct gcm_context_data *gctx = NULL; 1359 1360 gkeytemp = malloc(sizeof(struct gcm_key_data) + 16); 1361 gctx = malloc(sizeof(struct gcm_context_data)); 1362 gkey = (struct gcm_key_data *) (gkeytemp + rand() % 16); 1363 if (NULL == gkeytemp || NULL == gctx) { 1364 free(gkeytemp); 1365 free(gctx); 1366 return 1; 1367 } 1368 1369 printf("AES-GCM-256 random test vectors with random stream of average size %d:", 1370 test_len / 64); 1371 for (t = 0; RANDOMS > t; t++) { 1372 int posix_ret = 0; 1373 gcm_vector test; 1374 int Plen = (rand() % test_len); 1375 // lengths must be a multiple of 4 bytes 1376 int aad_len = (rand() % test_len); 1377 int offset = (rand() % MAX_UNALIGNED); 1378 if (offset == 0 && aad_len == 0) 1379 offset = OFFSET_BASE_VALUE; 1380 1381 if (0 == (t % 25)) 1382 printf("\n"); 1383 if (0 == (t % 10)) 1384 fflush(0); 1385 test.P = NULL; 1386 test.C = NULL; 1387 test.A = NULL; 1388 test.T = NULL; 1389 test.Plen = Plen; 1390 if (test.Plen + offset != 0) { 1391 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 1392 test.Plen + offset); 1393 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 1394 test.Plen + offset); 1395 } else { // This else clause is here because openssl 1.0.1k does not handle NULL 1396 // pointers 1397 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 16); 1398 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 16); 1399 } 1400 test.K = malloc(GCM_256_KEY_LEN + offset); 1401 test.Klen = GCM_256_KEY_LEN; 1402 test.IV = malloc(GCM_IV_DATA_LEN + offset); 1403 test.IVlen = GCM_IV_DATA_LEN; 1404 test.A = malloc(aad_len + offset); 1405 test.Alen = aad_len; 1406 test.T = malloc(MAX_TAG_LEN + offset); 1407 test.Tlen = MAX_TAG_LEN; 1408 1409 if ((NULL == test.P && test.Plen != 0) || (NULL == test.C && test.Plen != 0) || 1410 (NULL == test.K) || (NULL == test.IV) || (NULL == test.A) || (NULL == test.T) || 1411 (posix_ret != 0)) { 1412 printf("malloc of testsize:0x%x failed\n", Plen); 1413 free(test.A); 1414 aligned_free(test.C); 1415 free(test.IV); 1416 free(test.K); 1417 aligned_free(test.P); 1418 free(test.T); 1419 free(gkeytemp); 1420 free(gctx); 1421 return 1; 1422 } 1423 1424 gcm_vector test_free = test; 1425 1426 test.P += offset; 1427 test.C += offset; 1428 test.K += offset; 1429 test.IV += offset; 1430 test.A += offset; 1431 test.T += offset; 1432 1433 mk_rand_data(test.P, test.Plen); 1434 mk_rand_data(test.K, test.Klen); 1435 mk_rand_data(test.IV, test.IVlen); 1436 mk_rand_data(test.A, test.Alen); 1437 1438 // single Key length of 128bits/16bytes supported 1439 // single IV length of 96bits/12bytes supported 1440 // Tag lengths of 8, 12 or 16 1441 for (tag_len = 8; tag_len <= MAX_TAG_LEN;) { 1442 test.Tlen = tag_len; 1443 if (0 != check_256_strm_vector(gkey, gctx, &test, test_len)) { 1444 free(test_free.A); 1445 aligned_free(test_free.C); 1446 free(test_free.IV); 1447 free(test_free.K); 1448 aligned_free(test_free.P); 1449 free(test_free.T); 1450 free(gkeytemp); 1451 free(gctx); 1452 return 1; 1453 } 1454 tag_len += 4; // supported lengths are 8, 12 or 16 1455 } 1456 free(test_free.A); 1457 aligned_free(test_free.C); 1458 free(test_free.IV); 1459 free(test_free.K); 1460 aligned_free(test_free.P); 1461 free(test_free.T); 1462 } 1463 printf("\n"); 1464 free(gkeytemp); 1465 free(gctx); 1466 return 0; 1467 } 1468 1469 // 1470 // place all data to end at a page boundary to check for read past the end 1471 // 1472 int 1473 test_gcm_efence(void) 1474 { 1475 int posix_ret = 0; 1476 gcm_vector test; 1477 int offset = 0; 1478 gcm_key_size key_len; 1479 struct gcm_key_data *gkey = NULL; 1480 struct gcm_context_data *gctx = NULL; 1481 uint8_t *P = NULL, *C = NULL, *K = NULL, *IV = NULL, *A = NULL, *T = NULL; 1482 1483 gkey = malloc(sizeof(struct gcm_key_data)); 1484 gctx = malloc(sizeof(struct gcm_context_data)); 1485 posix_ret |= posix_memalign((void **) &P, POSIX_ALIGNMENT, PAGE_LEN); 1486 posix_ret |= posix_memalign((void **) &C, POSIX_ALIGNMENT, PAGE_LEN); 1487 K = malloc(PAGE_LEN); 1488 IV = malloc(PAGE_LEN); 1489 A = malloc(PAGE_LEN); 1490 T = malloc(PAGE_LEN); 1491 if ((NULL == P) || (NULL == C) || (NULL == K) || (NULL == IV) || (NULL == A) || 1492 (NULL == T) || (NULL == gkey) || (NULL == gctx) || (posix_ret != 0)) { 1493 printf("malloc of testsize:0x%x failed\n", PAGE_LEN); 1494 free(gkey); 1495 free(gctx); 1496 aligned_free(P); 1497 aligned_free(C); 1498 free(K); 1499 free(IV); 1500 free(A); 1501 free(T); 1502 return -1; 1503 } 1504 1505 test.Plen = PAGE_LEN / 2; 1506 // place buffers to end at page boundary 1507 test.IVlen = GCM_IV_DATA_LEN; 1508 test.Alen = test.Plen; 1509 test.Tlen = MAX_TAG_LEN; 1510 1511 printf("AES GCM efence test vectors:"); 1512 for (key_len = GCM_128_KEY_LEN; GCM_256_KEY_LEN >= key_len; 1513 key_len += (GCM_256_KEY_LEN - GCM_128_KEY_LEN)) { 1514 test.Klen = key_len; 1515 for (offset = 0; MAX_UNALIGNED > offset; offset++) { 1516 if (0 == (offset % 80)) 1517 printf("\n"); 1518 // move the start and size of the data block towards the end of the page 1519 test.Plen = (PAGE_LEN / 2) - offset; 1520 test.Alen = (PAGE_LEN / 4) - 1521 (offset * 4); // lengths must be a multiple of 4 bytes 1522 // Place data at end of page 1523 test.P = P + PAGE_LEN - test.Plen; 1524 test.C = C + PAGE_LEN - test.Plen; 1525 test.K = K + PAGE_LEN - test.Klen; 1526 test.IV = IV + PAGE_LEN - test.IVlen; 1527 test.A = A + PAGE_LEN - test.Alen; 1528 test.T = T + PAGE_LEN - test.Tlen; 1529 1530 mk_rand_data(test.P, test.Plen); 1531 mk_rand_data(test.K, test.Klen); 1532 mk_rand_data(test.IV, test.IVlen); 1533 mk_rand_data(test.A, test.Alen); 1534 if (GCM_128_KEY_LEN == key_len) { 1535 if (0 != check_vector(gkey, gctx, &test)) { 1536 free(gkey); 1537 free(gctx); 1538 aligned_free(P); 1539 aligned_free(C); 1540 free(K); 1541 free(IV); 1542 free(A); 1543 free(T); 1544 return 1; 1545 } 1546 } else { 1547 if (0 != check_256_vector(gkey, gctx, &test)) { 1548 free(gkey); 1549 free(gctx); 1550 aligned_free(P); 1551 aligned_free(C); 1552 free(K); 1553 free(IV); 1554 free(A); 1555 free(T); 1556 return 1; 1557 } 1558 } 1559 } 1560 } 1561 free(gkey); 1562 free(gctx); 1563 aligned_free(P); 1564 aligned_free(C); 1565 free(K); 1566 free(IV); 1567 free(A); 1568 free(T); 1569 1570 printf("\n"); 1571 return 0; 1572 } 1573 1574 int 1575 test_gcm128_std_vectors(gcm_vector const *vector) 1576 { 1577 struct gcm_key_data gkey; 1578 struct gcm_context_data gctx; 1579 int OK = 0; 1580 // Temporary array for the calculated vectors 1581 uint8_t *ct_test = NULL; 1582 uint8_t *pt_test = NULL; 1583 uint8_t *IV_c = NULL; 1584 uint8_t *T_test = NULL; 1585 uint8_t *T2_test = NULL; 1586 int result; 1587 1588 #ifdef GCM_VECTORS_VERBOSE 1589 printf("AES-GCM-128:\n"); 1590 #endif 1591 1592 // Allocate required memory 1593 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &IV_c, 1594 (void **) &T_test, (void **) &T2_test }; 1595 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, 0, 0, 0 }; 1596 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->IVlen, vector->Tlen, 1597 vector->Tlen }; 1598 1599 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 1600 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 1601 return 1; 1602 } 1603 1604 // Prepare IV 1605 memcpy(IV_c, vector->IV, vector->IVlen); 1606 1607 // This is only required once for a given key 1608 aes_gcm_pre_128(vector->K, &gkey); 1609 #ifdef GCM_VECTORS_VERBOSE 1610 dump_gcm_data(&gkey); 1611 #endif 1612 1613 //// 1614 // ISA-l Encrypt 1615 //// 1616 aes_gcm_enc_128(&gkey, &gctx, ct_test, vector->P, vector->Plen, IV_c, vector->A, 1617 vector->Alen, T_test, vector->Tlen); 1618 OK |= check_data(ct_test, vector->C, vector->Plen, "ISA-L encrypted cypher text (C)"); 1619 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L tag (T)"); 1620 1621 openssl_aes_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, pt_test, 1622 vector->Tlen, vector->P, vector->Plen, ct_test); 1623 OK |= check_data(pt_test, T_test, vector->Tlen, "OpenSSL vs ISA-L tag (T)"); 1624 // test of in-place encrypt 1625 memcpy(pt_test, vector->P, vector->Plen); 1626 aes_gcm_enc_128(&gkey, &gctx, pt_test, pt_test, vector->Plen, IV_c, vector->A, vector->Alen, 1627 T_test, vector->Tlen); 1628 OK |= check_data(pt_test, vector->C, vector->Plen, "ISA-L encrypted cypher text(in-place)"); 1629 memset(ct_test, 0, vector->Plen); 1630 memset(T_test, 0, vector->Tlen); 1631 1632 //// 1633 // ISA-l Decrypt 1634 //// 1635 aes_gcm_dec_128(&gkey, &gctx, pt_test, vector->C, vector->Plen, IV_c, vector->A, 1636 vector->Alen, T_test, vector->Tlen); 1637 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 1638 // GCM decryption outputs a 16 byte tag value that must be verified against the expected tag 1639 // value 1640 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L decrypted tag (T)"); 1641 1642 // test in in-place decrypt 1643 memcpy(ct_test, vector->C, vector->Plen); 1644 aes_gcm_dec_128(&gkey, &gctx, ct_test, ct_test, vector->Plen, IV_c, vector->A, vector->Alen, 1645 T_test, vector->Tlen); 1646 OK |= check_data(ct_test, vector->P, vector->Plen, "ISA-L plain text (P) - in-place"); 1647 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L decrypted tag (T) - in-place"); 1648 // ISA-L enc -> ISA-L dec 1649 aes_gcm_enc_128(&gkey, &gctx, ct_test, vector->P, vector->Plen, IV_c, vector->A, 1650 vector->Alen, T_test, vector->Tlen); 1651 memset(pt_test, 0, vector->Plen); 1652 aes_gcm_dec_128(&gkey, &gctx, pt_test, ct_test, vector->Plen, IV_c, vector->A, vector->Alen, 1653 T2_test, vector->Tlen); 1654 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L self decrypted plain text (P)"); 1655 OK |= check_data(T_test, T2_test, vector->Tlen, "ISA-L self decrypted tag (T)"); 1656 // OpenSSl enc -> ISA-L dec 1657 openssl_aes_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, T_test, 1658 vector->Tlen, vector->P, vector->Plen, ct_test); 1659 OK |= check_data(ct_test, vector->C, vector->Plen, "OpenSSL encrypted cypher text (C)"); 1660 memset(pt_test, 0, vector->Plen); 1661 aes_gcm_dec_128(&gkey, &gctx, pt_test, ct_test, vector->Plen, IV_c, vector->A, vector->Alen, 1662 T2_test, vector->Tlen); 1663 OK |= check_data(pt_test, vector->P, vector->Plen, 1664 "OpenSSL->ISA-L decrypted plain text (P)"); 1665 OK |= check_data(T_test, T2_test, vector->Tlen, "OpenSSL->ISA-L decrypted tag (T)"); 1666 // ISA-L enc -> OpenSSl dec 1667 aes_gcm_enc_128(&gkey, &gctx, ct_test, vector->P, vector->Plen, IV_c, vector->A, 1668 vector->Alen, T_test, vector->Tlen); 1669 memset(pt_test, 0, vector->Plen); 1670 result = openssl_aes_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 1671 T_test, vector->Tlen, ct_test, vector->Plen, pt_test); 1672 if (-1 == result) 1673 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 1674 OK |= (-1 == result); 1675 OK |= check_data(pt_test, vector->P, vector->Plen, "OSSL decrypted plain text (C)"); 1676 1677 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 1678 return OK; 1679 } 1680 1681 int 1682 test_gcm256_std_vectors(gcm_vector const *vector) 1683 { 1684 struct gcm_key_data gkey; 1685 struct gcm_context_data gctx; 1686 int OK = 0; 1687 // Temporary array for the calculated vectors 1688 uint8_t *ct_test = NULL; 1689 uint8_t *pt_test = NULL; 1690 uint8_t *IV_c = NULL; 1691 uint8_t *T_test = NULL; 1692 uint8_t *T2_test = NULL; 1693 int result; 1694 1695 #ifdef GCM_VECTORS_VERBOSE 1696 printf("AES-GCM-256:\n"); 1697 #endif 1698 1699 // Allocate required memory 1700 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &IV_c, 1701 (void **) &T_test, (void **) &T2_test }; 1702 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, 0, 0, 0 }; 1703 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->IVlen, vector->Tlen, 1704 vector->Tlen }; 1705 1706 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 1707 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 1708 return 1; 1709 } 1710 1711 // Prepare IV 1712 memcpy(IV_c, vector->IV, vector->IVlen); 1713 1714 // This is only required once for a given key 1715 aes_gcm_pre_256(vector->K, &gkey); 1716 #ifdef GCM_VECTORS_VERBOSE 1717 dump_gcm_data(&gkey); 1718 #endif 1719 1720 //// 1721 // ISA-l Encrypt 1722 //// 1723 memset(ct_test, 0, vector->Plen); 1724 aes_gcm_enc_256(&gkey, &gctx, ct_test, vector->P, vector->Plen, IV_c, vector->A, 1725 vector->Alen, T_test, vector->Tlen); 1726 OK |= check_data(ct_test, vector->C, vector->Plen, "ISA-L encrypted cypher text (C)"); 1727 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L tag (T)"); 1728 1729 openssl_aes_256_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 1730 pt_test, vector->Tlen, vector->P, vector->Plen, ct_test); 1731 OK |= check_data(ct_test, vector->C, vector->Tlen, "OpenSSL vs KA - cypher text (C)"); 1732 OK |= check_data(pt_test, vector->T, vector->Tlen, "OpenSSL vs KA - tag (T)"); 1733 OK |= check_data(pt_test, T_test, vector->Tlen, "OpenSSL vs ISA-L - tag (T)"); 1734 // test of in-place encrypt 1735 memcpy(pt_test, vector->P, vector->Plen); 1736 aes_gcm_enc_256(&gkey, &gctx, pt_test, pt_test, vector->Plen, IV_c, vector->A, vector->Alen, 1737 T_test, vector->Tlen); 1738 OK |= check_data(pt_test, vector->C, vector->Plen, "ISA-L encrypted cypher text(in-place)"); 1739 memset(ct_test, 0, vector->Plen); 1740 memset(T_test, 0, vector->Tlen); 1741 1742 //// 1743 // ISA-l Decrypt 1744 //// 1745 aes_gcm_dec_256(&gkey, &gctx, pt_test, vector->C, vector->Plen, IV_c, vector->A, 1746 vector->Alen, T_test, vector->Tlen); 1747 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 1748 // GCM decryption outputs a 16 byte tag value that must be verified against the expected tag 1749 // value 1750 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L decrypted tag (T)"); 1751 1752 // test in in-place decrypt 1753 memcpy(ct_test, vector->C, vector->Plen); 1754 aes_gcm_dec_256(&gkey, &gctx, ct_test, ct_test, vector->Plen, IV_c, vector->A, vector->Alen, 1755 T_test, vector->Tlen); 1756 OK |= check_data(ct_test, vector->P, vector->Plen, "ISA-L plain text (P) - in-place"); 1757 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L decrypted tag (T) - in-place"); 1758 // ISA-L enc -> ISA-L dec 1759 aes_gcm_enc_256(&gkey, &gctx, ct_test, vector->P, vector->Plen, IV_c, vector->A, 1760 vector->Alen, T_test, vector->Tlen); 1761 memset(pt_test, 0, vector->Plen); 1762 aes_gcm_dec_256(&gkey, &gctx, pt_test, ct_test, vector->Plen, IV_c, vector->A, vector->Alen, 1763 T2_test, vector->Tlen); 1764 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L self decrypted plain text (P)"); 1765 OK |= check_data(T_test, T2_test, vector->Tlen, "ISA-L self decrypted tag (T)"); 1766 // OpenSSl enc -> ISA-L dec 1767 openssl_aes_256_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 1768 T_test, vector->Tlen, vector->P, vector->Plen, ct_test); 1769 OK |= check_data(ct_test, vector->C, vector->Plen, "OpenSSL encrypted cypher text (C)"); 1770 memset(pt_test, 0, vector->Plen); 1771 aes_gcm_dec_256(&gkey, &gctx, pt_test, ct_test, vector->Plen, IV_c, vector->A, vector->Alen, 1772 T2_test, vector->Tlen); 1773 OK |= check_data(pt_test, vector->P, vector->Plen, 1774 "OpenSSL->ISA-L decrypted plain text (P)"); 1775 OK |= check_data(T_test, T2_test, vector->Tlen, "OpenSSL->ISA-L decrypted tag (T)"); 1776 // ISA-L enc -> OpenSSl dec 1777 aes_gcm_enc_256(&gkey, &gctx, ct_test, vector->P, vector->Plen, IV_c, vector->A, 1778 vector->Alen, T_test, vector->Tlen); 1779 memset(pt_test, 0, vector->Plen); 1780 result = openssl_aes_256_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, 1781 vector->Alen, T_test, vector->Tlen, ct_test, vector->Plen, 1782 pt_test); 1783 if (-1 == result) 1784 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 1785 OK |= (-1 == result); 1786 OK |= check_data(pt_test, vector->P, vector->Plen, "OSSL decrypted plain text (C)"); 1787 1788 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 1789 return OK; 1790 } 1791 1792 int 1793 test_gcm_std_vectors(void) 1794 { 1795 int const vectors_cnt = sizeof(gcm_vectors) / sizeof(gcm_vectors[0]); 1796 int vect; 1797 int OK = 0; 1798 1799 printf("AES-GCM standard test vectors:\n"); 1800 for (vect = 0; vect < vectors_cnt; vect++) { 1801 #ifdef GCM_VECTORS_VERBOSE 1802 printf("Standard vector %d/%d Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 1803 vect, vectors_cnt - 1, (int) gcm_vectors[vect].Klen, 1804 (int) gcm_vectors[vect].IVlen, (int) gcm_vectors[vect].Plen, 1805 (int) gcm_vectors[vect].Alen, (int) gcm_vectors[vect].Tlen); 1806 #else 1807 printf("."); 1808 #endif 1809 1810 if (BITS_128 == gcm_vectors[vect].Klen) { 1811 OK |= test_gcm128_std_vectors(&gcm_vectors[vect]); 1812 } else { 1813 OK |= test_gcm256_std_vectors(&gcm_vectors[vect]); 1814 } 1815 if (0 != OK) 1816 return OK; 1817 } 1818 printf("\n"); 1819 return OK; 1820 } 1821 1822 // The length of the data is set to length. The first stream is from 0 to start. After 1823 // that the data is broken into breaks chunks of equal size (except possibly the last 1824 // one due to divisibility). 1825 int 1826 test_gcm_strm_combinations2(int length, int start, int breaks) 1827 { 1828 int tag_len = 8; 1829 int t = 0; 1830 struct gcm_key_data *gkey = NULL; 1831 struct gcm_context_data *gctx = NULL; 1832 1833 gkey = malloc(sizeof(struct gcm_key_data)); 1834 gctx = malloc(sizeof(struct gcm_context_data)); 1835 if (NULL == gkey || NULL == gctx) { 1836 free(gkey); 1837 free(gctx); 1838 return 1; 1839 } 1840 1841 printf("AES GCM random test vectors of length %d and stream with %d breaks:", length, 1842 breaks + 1); 1843 for (t = 0; RANDOMS > t; t++) { 1844 int posix_ret = 0; 1845 gcm_vector test; 1846 int Plen = length; 1847 // lengths must be a multiple of 4 bytes 1848 int aad_len = (rand() % TEST_LEN); 1849 int offset = (rand() % MAX_UNALIGNED); 1850 if (offset == 0 && aad_len == 0) 1851 offset = OFFSET_BASE_VALUE; 1852 1853 if (0 == (t % 25)) 1854 printf("\n"); 1855 if (0 == (t % 10)) 1856 fflush(0); 1857 test.P = NULL; 1858 test.C = NULL; 1859 test.A = NULL; 1860 test.T = NULL; 1861 test.Plen = Plen; 1862 if (test.Plen + offset != 0) { 1863 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 1864 test.Plen + offset); 1865 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 1866 test.Plen + offset); 1867 } else { // This else clause is here because openssl 1.0.1k does not handle NULL 1868 // pointers 1869 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 16); 1870 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 16); 1871 } 1872 test.K = malloc(GCM_128_KEY_LEN + offset); 1873 test.Klen = GCM_128_KEY_LEN; 1874 test.IV = malloc(GCM_IV_DATA_LEN + offset); 1875 test.IVlen = GCM_IV_DATA_LEN; 1876 test.A = malloc(aad_len + offset); 1877 test.Alen = aad_len; 1878 test.T = malloc(MAX_TAG_LEN + offset); 1879 test.Tlen = MAX_TAG_LEN; 1880 1881 if ((NULL == test.P && test.Plen != 0) || (NULL == test.C && test.Plen != 0) || 1882 (NULL == test.K) || (NULL == test.IV) || (NULL == test.A) || (NULL == test.T) || 1883 (posix_ret != 0)) { 1884 printf("malloc of testsize:0x%x failed\n", Plen); 1885 free(test.A); 1886 aligned_free(test.C); 1887 free(test.IV); 1888 free(test.K); 1889 aligned_free(test.P); 1890 free(test.T); 1891 free(gkey); 1892 free(gctx); 1893 return 1; 1894 } 1895 1896 gcm_vector test_free = test; 1897 1898 test.P += offset; 1899 test.C += offset; 1900 test.K += offset; 1901 test.IV += offset; 1902 test.A += offset; 1903 test.T += offset; 1904 1905 mk_rand_data(test.P, test.Plen); 1906 mk_rand_data(test.K, test.Klen); 1907 mk_rand_data(test.IV, test.IVlen); 1908 mk_rand_data(test.A, test.Alen); 1909 1910 // single Key length of 128bits/16bytes supported 1911 // single IV length of 96bits/12bytes supported 1912 // Tag lengths of 8, 12 or 16 1913 for (tag_len = 8; tag_len <= MAX_TAG_LEN;) { 1914 test.Tlen = tag_len; 1915 if (0 != check_strm_vector2(gkey, gctx, &test, length, start, breaks)) { 1916 free(test_free.A); 1917 aligned_free(test_free.C); 1918 free(test_free.IV); 1919 free(test_free.K); 1920 aligned_free(test_free.P); 1921 free(test_free.T); 1922 free(gkey); 1923 free(gctx); 1924 return 1; 1925 } 1926 tag_len += 4; // supported lengths are 8, 12 or 16 1927 } 1928 free(test_free.A); 1929 aligned_free(test_free.C); 1930 free(test_free.IV); 1931 free(test_free.K); 1932 aligned_free(test_free.P); 1933 free(test_free.T); 1934 } 1935 printf("\n"); 1936 free(gkey); 1937 free(gctx); 1938 return 0; 1939 } 1940 1941 int 1942 main(int argc, char **argv) 1943 { 1944 int errors = 0; 1945 int seed; 1946 1947 if (argc == 1) 1948 seed = TEST_SEED; 1949 else 1950 seed = atoi(argv[1]); 1951 1952 srand(seed); 1953 printf("SEED: %d\n", seed); 1954 1955 errors += test_gcm_std_vectors(); 1956 errors += test_gcm256_combinations(); 1957 errors += test_gcm_combinations(); 1958 errors += test_gcm_efence(); 1959 errors += test_gcm256_strm_combinations(TEST_LEN); 1960 errors += test_gcm_strm_combinations(TEST_LEN); 1961 errors += test_gcm256_strm_combinations(1024); 1962 errors += test_gcm_strm_combinations(1024); 1963 errors += test_gcm_strm_efence(); 1964 errors += test_gcm_strm_combinations2(1024, 0, 1024); 1965 1966 if (0 == errors) 1967 printf("...Pass\n"); 1968 else 1969 printf("...Fail\n"); 1970 1971 return errors; 1972 } 1973