1 /********************************************************************** 2 Copyright(c) 2011-2016 Intel Corporation All rights reserved. 3 4 Redistribution and use in source and binary forms, with or without 5 modification, are permitted provided that the following conditions 6 are met: 7 * Redistributions of source code must retain the above copyright 8 notice, this list of conditions and the following disclaimer. 9 * Redistributions in binary form must reproduce the above copyright 10 notice, this list of conditions and the following disclaimer in 11 the documentation and/or other materials provided with the 12 distribution. 13 * Neither the name of Intel Corporation nor the names of its 14 contributors may be used to endorse or promote products derived 15 from this software without specific prior written permission. 16 17 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 **********************************************************************/ 29 30 #include <stdlib.h> 31 #include <stdio.h> 32 #include <stdint.h> 33 #include <string.h> // for memcmp() 34 #include <aes_gcm.h> 35 #include <openssl/sha.h> 36 #include "gcm_vectors.h" 37 #include "ossl_helper.h" 38 #include "types.h" 39 #include "gcm_test_alloc.h" 40 41 // #define GCM_VECTORS_VERBOSE 42 // #define GCM_VECTORS_EXTRA_VERBOSE 43 #ifndef TEST_SEED 44 #define TEST_SEED 0x1234 45 #endif 46 #ifndef RANDOMS 47 #define RANDOMS 200 48 #endif 49 #ifndef TEST_LEN 50 #define TEST_LEN 32 * 1024 51 #endif 52 #ifndef PAGE_LEN 53 #define PAGE_LEN (4 * 1024) 54 #endif 55 56 #if defined(NT_LD) || defined(NT_ST) || defined(NT_LDST) 57 #define ALIGNMENT (64) 58 #define ALIGNMENT_MASK (~63) 59 #define OFFSET_BASE_VALUE 64 60 #ifndef MAX_UNALIGNED 61 #define MAX_UNALIGNED (1) 62 #endif 63 #else 64 #define ALIGNMENT (0) 65 #define ALIGNMENT_MASK (~0) 66 #define OFFSET_BASE_VALUE 1 67 #ifndef MAX_UNALIGNED 68 #define MAX_UNALIGNED (16) 69 #endif 70 #endif 71 72 #if ALIGNMENT == 0 73 #define POSIX_ALIGNMENT (sizeof(void *)) 74 #else 75 #define POSIX_ALIGNMENT ALIGNMENT 76 #endif 77 78 void 79 dump_table(char *title, uint8_t *table, uint8_t count) 80 { 81 int i; 82 char const *space = " "; 83 84 printf("%s%s => {\n", space, title); 85 for (i = 0; i < count; i++) { 86 if (0 == (i & 15)) 87 printf("%s%s", space, space); 88 printf("%2x, ", table[i]); 89 if (15 == (i & 15)) 90 printf("\n"); 91 } 92 printf("%s}\n", space); 93 } 94 95 void 96 dump_gcm_data(struct gcm_key_data *gkey) 97 { 98 #ifdef GCM_VECTORS_EXTRA_VERBOSE 99 printf("gcm_data {\n"); 100 dump_table("expanded_keys", gkey->expanded_keys, (16 * 11)); 101 dump_table("shifted_hkey_1", gkey->shifted_hkey_1, 16); 102 dump_table("shifted_hkey_2", gkey->shifted_hkey_2, 16); 103 dump_table("shifted_hkey_3", gkey->shifted_hkey_3, 16); 104 dump_table("shifted_hkey_4", gkey->shifted_hkey_4, 16); 105 dump_table("shifted_hkey_5", gkey->shifted_hkey_5, 16); 106 dump_table("shifted_hkey_6", gkey->shifted_hkey_6, 16); 107 dump_table("shifted_hkey_7", gkey->shifted_hkey_7, 16); 108 dump_table("shifted_hkey_8", gkey->shifted_hkey_8, 16); 109 dump_table("shifted_hkey_1_k", gkey->shifted_hkey_1_k, 16); 110 dump_table("shifted_hkey_2_k", gkey->shifted_hkey_2_k, 16); 111 dump_table("shifted_hkey_3_k", gkey->shifted_hkey_3_k, 16); 112 dump_table("shifted_hkey_4_k", gkey->shifted_hkey_4_k, 16); 113 dump_table("shifted_hkey_5_k", gkey->shifted_hkey_5_k, 16); 114 dump_table("shifted_hkey_6_k", gkey->shifted_hkey_6_k, 16); 115 dump_table("shifted_hkey_7_k", gkey->shifted_hkey_7_k, 16); 116 dump_table("shifted_hkey_8_k", gkey->shifted_hkey_8_k, 16); 117 printf("}\n"); 118 #endif // GCM_VECTORS_VERBOSE 119 } 120 121 void 122 mk_rand_data(uint8_t *data, uint32_t size) 123 { 124 int i; 125 for (i = 0; i < size; i++) { 126 *data++ = rand(); 127 } 128 } 129 130 int 131 check_data(uint8_t *test, uint8_t *expected, uint64_t len, char *data_name) 132 { 133 int mismatch; 134 int OK = 0; 135 136 mismatch = memcmp(test, expected, len); 137 if (mismatch) { 138 OK = 1; 139 printf(" expected results don't match %s \t\t", data_name); 140 { 141 uint64_t a; 142 for (a = 0; a < len; a++) { 143 if (test[a] != expected[a]) { 144 printf(" '%x' != '%x' at %lx of %lx\n", test[a], 145 expected[a], a, len); 146 break; 147 } 148 } 149 } 150 } 151 return OK; 152 } 153 154 int 155 check_vector(struct gcm_key_data *gkey, struct gcm_context_data *gctx, gcm_vector *vector) 156 { 157 uint8_t *pt_test = NULL; 158 uint8_t *ct_test = NULL; 159 uint8_t *o_ct_test = NULL; 160 uint8_t *IV_c = NULL; 161 uint8_t *T_test = NULL; 162 uint8_t *o_T_test = NULL; 163 int OK = 0; 164 165 #ifdef GCM_VECTORS_VERBOSE 166 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 167 (int) vector->Klen, (int) vector->IVlen, (int) vector->Plen, (int) vector->Alen, 168 (int) vector->Tlen); 169 #else 170 printf("."); 171 #endif 172 173 // Allocate required memory 174 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &o_ct_test, 175 (void **) &IV_c, (void **) &T_test, (void **) &o_T_test }; 176 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, ALIGNMENT, 0, 0, 0 }; 177 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->Plen, 178 vector->IVlen, vector->Tlen, vector->Tlen }; 179 180 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 181 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 182 return 1; 183 } 184 185 // Prepare IV 186 memcpy(IV_c, vector->IV, vector->IVlen); 187 188 // This is only required once for a given key 189 aes_gcm_pre_128(vector->K, gkey); 190 191 //// 192 // ISA-l Encrypt 193 //// 194 aes_gcm_enc_128(gkey, gctx, vector->C, vector->P, vector->Plen, IV_c, vector->A, 195 vector->Alen, vector->T, vector->Tlen); 196 openssl_aes_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, o_T_test, 197 vector->Tlen, vector->P, vector->Plen, o_ct_test); 198 OK |= check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 199 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 200 201 memcpy(ct_test, vector->C, vector->Plen); 202 memcpy(pt_test, vector->P, vector->Plen); 203 memset(vector->P, 0, vector->Plen); 204 memcpy(T_test, vector->T, vector->Tlen); 205 memset(vector->T, 0, vector->Tlen); 206 207 //// 208 // ISA-l Decrypt 209 //// 210 aes_gcm_dec_128(gkey, gctx, vector->P, vector->C, vector->Plen, IV_c, vector->A, 211 vector->Alen, vector->T, vector->Tlen); 212 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 213 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 214 memset(vector->P, 0, vector->Plen); 215 aes_gcm_dec_128(gkey, gctx, vector->P, o_ct_test, vector->Plen, IV_c, vector->A, 216 vector->Alen, vector->T, vector->Tlen); 217 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 218 219 const int result = 220 openssl_aes_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 221 vector->T, vector->Tlen, vector->C, vector->Plen, pt_test); 222 223 if (-1 == result) 224 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 225 226 OK |= (-1 == result); 227 228 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 229 return OK; 230 } 231 232 int 233 check_strm_vector(struct gcm_key_data *gkey, struct gcm_context_data *gctx, gcm_vector *vector, 234 int test_len) 235 { 236 uint8_t *pt_test = NULL; 237 uint8_t *ct_test = NULL; 238 uint8_t *o_ct_test = NULL; 239 uint8_t *IV_c = NULL; 240 uint8_t *T_test = NULL; 241 uint8_t *o_T_test = NULL; 242 uint8_t *stream = NULL; 243 int result; 244 int OK = 0; 245 uint32_t last_break; 246 int i; 247 uint8_t *rand_data = NULL; 248 uint64_t length; 249 250 #ifdef GCM_VECTORS_VERBOSE 251 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 252 (int) vector->Klen, (int) vector->IVlen, (int) vector->Plen, (int) vector->Alen, 253 (int) vector->Tlen); 254 #else 255 printf("."); 256 #endif 257 // Allocate required memory 258 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &o_ct_test, 259 (void **) &IV_c, (void **) &T_test, (void **) &o_T_test, 260 (void **) &rand_data }; 261 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, ALIGNMENT, 0, 0, 0, 0 }; 262 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->Plen, vector->IVlen, 263 vector->Tlen, vector->Tlen, 100 }; 264 265 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 266 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 267 return 1; 268 } 269 270 // Prepare IV 271 memcpy(IV_c, vector->IV, vector->IVlen); 272 273 // This is only required once for a given key 274 aes_gcm_pre_128(vector->K, gkey); 275 276 //// 277 // ISA-l Encrypt 278 //// 279 aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 280 281 last_break = 0; 282 i = (rand() % test_len / 8) & ALIGNMENT_MASK; 283 while (i < (vector->Plen)) { 284 if (i - last_break != 0) { 285 const int posix_ret = 286 posix_memalign((void **) &stream, POSIX_ALIGNMENT, i - last_break); 287 288 if (posix_ret != 0 || stream == NULL) { 289 OK = 1; 290 goto error_exit; 291 } 292 memcpy(stream, vector->P + last_break, i - last_break); 293 } 294 aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, stream, i - last_break); 295 if (i - last_break != 0) { 296 aligned_free(stream); 297 stream = NULL; 298 } 299 300 if (rand() % 1024 == 0) { 301 length = rand() % 100; 302 mk_rand_data(rand_data, length); 303 SHA1(rand_data, length, rand_data); 304 } 305 last_break = i; 306 i = (rand() % test_len / 8) & ALIGNMENT_MASK; 307 } 308 aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, vector->P + last_break, 309 vector->Plen - last_break); 310 if (gctx->in_length != vector->Plen) 311 printf("%lu, %lu\n", gctx->in_length, vector->Plen); 312 aes_gcm_enc_128_finalize(gkey, gctx, vector->T, vector->Tlen); 313 openssl_aes_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, o_T_test, 314 vector->Tlen, vector->P, vector->Plen, o_ct_test); 315 OK |= check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 316 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 317 318 memcpy(ct_test, vector->C, vector->Plen); 319 memcpy(pt_test, vector->P, vector->Plen); 320 memset(vector->P, 0, vector->Plen); 321 memcpy(T_test, vector->T, vector->Tlen); 322 memset(vector->T, 0, vector->Tlen); 323 324 //// 325 // ISA-l Decrypt 326 //// 327 328 last_break = 0; 329 i = 0; 330 aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 331 while (i < (vector->Plen)) { 332 if (rand() % (test_len / 64) == 0) { 333 if (i - last_break != 0) { 334 const int posix_ret = posix_memalign( 335 (void **) &stream, POSIX_ALIGNMENT, i - last_break); 336 337 if (posix_ret != 0 || stream == NULL) { 338 OK = 1; 339 goto error_exit; 340 } 341 memcpy(stream, vector->C + last_break, i - last_break); 342 } 343 aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, stream, 344 i - last_break); 345 if (i - last_break != 0) { 346 aligned_free(stream); 347 stream = NULL; 348 } 349 350 if (rand() % 1024 == 0) { 351 length = rand() % 100; 352 353 mk_rand_data(rand_data, length); 354 SHA1(rand_data, length, rand_data); 355 } 356 357 last_break = i; 358 } 359 if (rand() % 1024 != 0) 360 i++; 361 } 362 aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, vector->C + last_break, 363 vector->Plen - last_break); 364 aes_gcm_dec_128_finalize(gkey, gctx, vector->T, vector->Tlen); 365 366 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 367 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 368 memset(vector->P, 0, vector->Plen); 369 aes_gcm_dec_128(gkey, gctx, vector->P, o_ct_test, vector->Plen, IV_c, vector->A, 370 vector->Alen, vector->T, vector->Tlen); 371 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 372 result = openssl_aes_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 373 vector->T, vector->Tlen, vector->C, vector->Plen, pt_test); 374 if (-1 == result) 375 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 376 OK |= (-1 == result); 377 error_exit: 378 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 379 return OK; 380 } 381 382 int 383 check_strm_vector2(struct gcm_key_data *gkey, struct gcm_context_data *gctx, gcm_vector *vector, 384 int length, int start, int breaks) 385 { 386 uint8_t *pt_test = NULL; 387 uint8_t *ct_test = NULL; 388 uint8_t *o_ct_test = NULL; 389 uint8_t *IV_c = NULL; 390 uint8_t *T_test = NULL; 391 uint8_t *o_T_test = NULL; 392 uint8_t *stream = NULL; 393 int result; 394 int OK = 0; 395 uint32_t last_break = 0; 396 int i = length; 397 398 #ifdef GCM_VECTORS_VERBOSE 399 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 400 (int) vector->Klen, (int) vector->IVlen, (int) vector->Plen, (int) vector->Alen, 401 (int) vector->Tlen); 402 #else 403 printf("."); 404 #endif 405 // Allocate required memory 406 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &o_ct_test, 407 (void **) &IV_c, (void **) &T_test, (void **) &o_T_test }; 408 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, ALIGNMENT, 0, 0, 0 }; 409 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->Plen, 410 vector->IVlen, vector->Tlen, vector->Tlen }; 411 412 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 413 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 414 return 1; 415 } 416 417 // Prepare IV 418 memcpy(IV_c, vector->IV, vector->IVlen); 419 420 // This is only required once for a given key 421 aes_gcm_pre_128(vector->K, gkey); 422 423 //// 424 // ISA-l Encrypt 425 //// 426 aes_gcm_enc_128(gkey, gctx, vector->C, vector->P, vector->Plen, IV_c, vector->A, 427 vector->Alen, vector->T, vector->Tlen); 428 aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 429 while (i < (vector->Plen)) { 430 if (i - last_break != 0) { 431 const int posix_ret = 432 posix_memalign((void **) &stream, POSIX_ALIGNMENT, i - last_break); 433 434 if (posix_ret != 0 || stream == NULL) { 435 OK = 1; 436 goto error_exit; 437 } 438 memcpy(stream, vector->P + last_break, i - last_break); 439 } 440 aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, stream, i - last_break); 441 if (i - last_break != 0) { 442 aligned_free(stream); 443 stream = NULL; 444 } 445 last_break = i; 446 i = i + (length - start) / breaks; 447 } 448 aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, vector->P + last_break, 449 vector->Plen - last_break); 450 aes_gcm_enc_128_finalize(gkey, gctx, vector->T, vector->Tlen); 451 openssl_aes_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, o_T_test, 452 vector->Tlen, vector->P, vector->Plen, o_ct_test); 453 454 OK |= check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 455 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 456 457 memcpy(ct_test, vector->C, vector->Plen); 458 memcpy(pt_test, vector->P, vector->Plen); 459 memset(vector->P, 0, vector->Plen); 460 memcpy(T_test, vector->T, vector->Tlen); 461 memset(vector->T, 0, vector->Tlen); 462 463 //// 464 // ISA-l Decrypt 465 //// 466 467 last_break = 0; 468 i = length; 469 aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 470 while (i < (vector->Plen)) { 471 if (i - last_break != 0) { 472 const int posix_ret = 473 posix_memalign((void **) &stream, POSIX_ALIGNMENT, i - last_break); 474 475 if (posix_ret != 0 || stream == NULL) { 476 OK = 1; 477 goto error_exit; 478 } 479 memcpy(stream, vector->C + last_break, i - last_break); 480 } 481 aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, stream, i - last_break); 482 if (i - last_break != 0) { 483 aligned_free(stream); 484 stream = NULL; 485 } 486 last_break = i; 487 i = i + (length - start) / breaks; 488 } 489 490 aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, vector->C + last_break, 491 vector->Plen - last_break); 492 aes_gcm_dec_128_finalize(gkey, gctx, vector->T, vector->Tlen); 493 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 494 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 495 memset(vector->P, 0, vector->Plen); 496 aes_gcm_dec_128(gkey, gctx, vector->P, o_ct_test, vector->Plen, IV_c, vector->A, 497 vector->Alen, vector->T, vector->Tlen); 498 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 499 result = openssl_aes_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 500 vector->T, vector->Tlen, vector->C, vector->Plen, pt_test); 501 if (-1 == result) 502 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 503 OK |= (-1 == result); 504 error_exit: 505 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 506 return OK; 507 } 508 509 int 510 check_strm_vector_efence(struct gcm_key_data *gkey, struct gcm_context_data *gctx, 511 gcm_vector *vector) 512 { 513 uint8_t *pt_test = NULL; 514 uint8_t *ct_test = NULL; 515 uint8_t *o_ct_test = NULL; 516 uint8_t *IV_c = NULL; 517 uint8_t *T_test = NULL; 518 uint8_t *o_T_test = NULL; 519 uint8_t *stream = NULL; 520 int result; 521 int OK = 0; 522 uint32_t last_break = 0; 523 int i = 1; 524 uint8_t *rand_data = NULL; 525 uint64_t length; 526 527 #ifdef GCM_VECTORS_VERBOSE 528 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 529 (int) vector->Klen, (int) vector->IVlen, (int) vector->Plen, (int) vector->Alen, 530 (int) vector->Tlen); 531 #else 532 printf("."); 533 #endif 534 // Allocate required memory 535 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &o_ct_test, 536 (void **) &IV_c, (void **) &T_test, (void **) &o_T_test, 537 (void **) &rand_data }; 538 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, ALIGNMENT, 0, 0, 0, 0 }; 539 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->Plen, vector->IVlen, 540 vector->Tlen, vector->Tlen, 100 }; 541 542 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 543 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 544 return 1; 545 } 546 547 // Prepare IV 548 memcpy(IV_c, vector->IV, vector->IVlen); 549 550 // This is only required once for a given key 551 aes_gcm_pre_128(vector->K, gkey); 552 553 //// 554 // ISA-l Encrypt 555 //// 556 aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 557 while (i < vector->Plen) { 558 if (rand() % 2000 == 0 || i - last_break > PAGE_LEN / 2) { 559 const int posix_ret = 560 posix_memalign((void **) &stream, POSIX_ALIGNMENT, PAGE_LEN); 561 562 if (posix_ret != 0 || stream == NULL) { 563 OK = 1; 564 goto error_exit; 565 } 566 i = i & ALIGNMENT_MASK; 567 memcpy(stream + PAGE_LEN - (i - last_break), vector->P + last_break, 568 i - last_break); 569 aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, 570 stream + PAGE_LEN - (i - last_break), 571 i - last_break); 572 aligned_free(stream); 573 stream = NULL; 574 if (rand() % 1024 == 0) { 575 length = rand() % 100; 576 mk_rand_data(rand_data, length); 577 SHA1(rand_data, length, rand_data); 578 } 579 last_break = i; 580 } 581 if (rand() % 1024 != 0) 582 i++; 583 } 584 aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, vector->P + last_break, 585 vector->Plen - last_break); 586 aes_gcm_enc_128_finalize(gkey, gctx, vector->T, vector->Tlen); 587 openssl_aes_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, o_T_test, 588 vector->Tlen, vector->P, vector->Plen, o_ct_test); 589 OK |= check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 590 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 591 592 memcpy(ct_test, vector->C, vector->Plen); 593 memcpy(pt_test, vector->P, vector->Plen); 594 memset(vector->P, 0, vector->Plen); 595 memcpy(T_test, vector->T, vector->Tlen); 596 memset(vector->T, 0, vector->Tlen); 597 598 //// 599 // ISA-l Decrypt 600 //// 601 602 last_break = 0; 603 i = 0; 604 aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 605 while (i < vector->Plen) { 606 if (rand() % 2000 == 0 || i - last_break > PAGE_LEN / 2) { 607 const int posix_ret = 608 posix_memalign((void **) &stream, POSIX_ALIGNMENT, PAGE_LEN); 609 610 if (posix_ret != 0 || stream == NULL) { 611 OK = 1; 612 goto error_exit; 613 } 614 i = i & ALIGNMENT_MASK; 615 memcpy(stream + PAGE_LEN - (i - last_break), vector->C + last_break, 616 i - last_break); 617 aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, 618 stream + PAGE_LEN - (i - last_break), 619 i - last_break); 620 aligned_free(stream); 621 stream = NULL; 622 if (rand() % 1024 == 0) { 623 length = rand() % 100; 624 625 mk_rand_data(rand_data, length); 626 SHA1(rand_data, length, rand_data); 627 } 628 629 last_break = i; 630 } 631 if (rand() % 1024 != 0) 632 i++; 633 } 634 aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, vector->C + last_break, 635 vector->Plen - last_break); 636 aes_gcm_dec_128_finalize(gkey, gctx, vector->T, vector->Tlen); 637 638 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 639 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 640 memset(vector->P, 0, vector->Plen); 641 aes_gcm_dec_128(gkey, gctx, vector->P, o_ct_test, vector->Plen, IV_c, vector->A, 642 vector->Alen, vector->T, vector->Tlen); 643 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 644 result = openssl_aes_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 645 vector->T, vector->Tlen, vector->C, vector->Plen, pt_test); 646 if (-1 == result) 647 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 648 OK |= (-1 == result); 649 error_exit: 650 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 651 return OK; 652 } 653 654 int 655 check_256_vector(struct gcm_key_data *gkey, struct gcm_context_data *gctx, gcm_vector *vector) 656 { 657 uint8_t *pt_test = NULL; 658 uint8_t *ct_test = NULL; 659 uint8_t *o_ct_test = NULL; 660 uint8_t *IV_c = NULL; 661 uint8_t *T_test = NULL; 662 uint8_t *o_T_test = NULL; 663 int result; 664 int OK = 0; 665 666 #ifdef GCM_VECTORS_VERBOSE 667 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 668 (int) vector->Klen, (int) vector->IVlen, (int) vector->Plen, (int) vector->Alen, 669 (int) vector->Tlen); 670 #else 671 printf("."); 672 #endif 673 // Allocate required memory 674 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &o_ct_test, 675 (void **) &IV_c, (void **) &T_test, (void **) &o_T_test }; 676 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, ALIGNMENT, 0, 0, 0 }; 677 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->Plen, 678 vector->IVlen, vector->Tlen, vector->Tlen }; 679 680 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 681 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 682 return 1; 683 } 684 685 // Prepare IV 686 memcpy(IV_c, vector->IV, vector->IVlen); 687 688 // This is only required once for a given key 689 aes_gcm_pre_256(vector->K, gkey); 690 691 //// 692 // ISA-l Encrypt 693 //// 694 aes_gcm_enc_256(gkey, gctx, vector->C, vector->P, vector->Plen, IV_c, vector->A, 695 vector->Alen, vector->T, vector->Tlen); 696 openssl_aes_256_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 697 o_T_test, vector->Tlen, vector->P, vector->Plen, o_ct_test); 698 OK |= check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 699 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 700 701 memcpy(ct_test, vector->C, vector->Plen); 702 memcpy(pt_test, vector->P, vector->Plen); 703 memset(vector->P, 0, vector->Plen); 704 memcpy(T_test, vector->T, vector->Tlen); 705 memset(vector->T, 0, vector->Tlen); 706 707 //// 708 // ISA-l Decrypt 709 //// 710 aes_gcm_dec_256(gkey, gctx, vector->P, vector->C, vector->Plen, IV_c, vector->A, 711 vector->Alen, vector->T, vector->Tlen); 712 OK |= check_data(vector->T, T_test, vector->Tlen, "ISA-L decrypt vs encrypt tag (T)"); 713 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 714 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted ISA-L plain text (P)"); 715 memset(vector->P, 0, vector->Plen); 716 aes_gcm_dec_256(gkey, gctx, vector->P, o_ct_test, vector->Plen, IV_c, vector->A, 717 vector->Alen, vector->T, vector->Tlen); 718 OK |= check_data(pt_test, vector->P, vector->Plen, 719 "ISA-L decrypted OpenSSL plain text (P)"); 720 result = openssl_aes_256_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, 721 vector->Alen, vector->T, vector->Tlen, vector->C, 722 vector->Plen, pt_test); 723 if (-1 == result) 724 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 725 OK |= (-1 == result); 726 727 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 728 return OK; 729 } 730 731 int 732 check_256_strm_vector(struct gcm_key_data *gkey, struct gcm_context_data *gctx, gcm_vector *vector, 733 int test_len) 734 { 735 uint8_t *pt_test = NULL; 736 uint8_t *ct_test = NULL; 737 uint8_t *o_ct_test = NULL; 738 uint8_t *IV_c = NULL; 739 uint8_t *T_test = NULL; 740 uint8_t *o_T_test = NULL; 741 uint8_t *stream = NULL; 742 int result; 743 int OK = 0; 744 uint32_t last_break; 745 int i; 746 uint8_t *rand_data = NULL; 747 uint64_t length; 748 749 #ifdef GCM_VECTORS_VERBOSE 750 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 751 (int) vector->Klen, (int) vector->IVlen, (int) vector->Plen, (int) vector->Alen, 752 (int) vector->Tlen); 753 #else 754 printf("."); 755 #endif 756 // Allocate required memory 757 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &o_ct_test, 758 (void **) &IV_c, (void **) &T_test, (void **) &o_T_test, 759 (void **) &rand_data }; 760 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, ALIGNMENT, 0, 0, 0, 0 }; 761 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->Plen, vector->IVlen, 762 vector->Tlen, vector->Tlen, 100 }; 763 764 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 765 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 766 return 1; 767 } 768 769 // Prepare IV 770 memcpy(IV_c, vector->IV, vector->IVlen); 771 772 // This is only required once for a given key 773 aes_gcm_pre_256(vector->K, gkey); 774 775 //// 776 // ISA-l Encrypt 777 //// 778 aes_gcm_init_256(gkey, gctx, IV_c, vector->A, vector->Alen); 779 780 last_break = 0; 781 i = (rand() % test_len / 8) & ALIGNMENT_MASK; 782 while (i < (vector->Plen)) { 783 if (i - last_break != 0) { 784 const int posix_ret = 785 posix_memalign((void **) &stream, POSIX_ALIGNMENT, i - last_break); 786 787 if (posix_ret != 0 || stream == NULL) { 788 OK = 1; 789 goto error_exit; 790 } 791 memcpy(stream, vector->P + last_break, i - last_break); 792 } 793 794 aes_gcm_enc_256_update(gkey, gctx, vector->C + last_break, stream, i - last_break); 795 if (i - last_break != 0) { 796 aligned_free(stream); 797 stream = NULL; 798 } 799 800 if (rand() % 1024 == 0) { 801 length = rand() % 100; 802 mk_rand_data(rand_data, length); 803 SHA1(rand_data, length, rand_data); 804 } 805 last_break = i; 806 i += (rand() % test_len / 8) & ALIGNMENT_MASK; 807 } 808 aes_gcm_enc_256_update(gkey, gctx, vector->C + last_break, vector->P + last_break, 809 vector->Plen - last_break); 810 if (gctx->in_length != vector->Plen) 811 printf("%lu, %lu\n", gctx->in_length, vector->Plen); 812 aes_gcm_enc_256_finalize(gkey, gctx, vector->T, vector->Tlen); 813 814 openssl_aes_256_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 815 o_T_test, vector->Tlen, vector->P, vector->Plen, o_ct_test); 816 OK |= check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 817 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 818 819 memcpy(ct_test, vector->C, vector->Plen); 820 memcpy(pt_test, vector->P, vector->Plen); 821 memset(vector->P, 0, vector->Plen); 822 memcpy(T_test, vector->T, vector->Tlen); 823 memset(vector->T, 0, vector->Tlen); 824 825 //// 826 // ISA-l Decrypt 827 //// 828 829 last_break = 0; 830 i += (rand() % test_len / 8) & ALIGNMENT_MASK; 831 aes_gcm_init_256(gkey, gctx, IV_c, vector->A, vector->Alen); 832 while (i < (vector->Plen)) { 833 if (i - last_break != 0) { 834 const int posix_ret = 835 posix_memalign((void **) &stream, POSIX_ALIGNMENT, i - last_break); 836 837 if (posix_ret != 0 || stream == NULL) { 838 OK = 1; 839 goto error_exit; 840 } 841 memcpy(stream, vector->C + last_break, i - last_break); 842 } 843 844 aes_gcm_dec_256_update(gkey, gctx, vector->P + last_break, stream, i - last_break); 845 if (i - last_break != 0) { 846 aligned_free(stream); 847 stream = NULL; 848 } 849 850 if (rand() % 1024 == 0) { 851 length = rand() % 100; 852 853 mk_rand_data(rand_data, length); 854 SHA1(rand_data, length, rand_data); 855 } 856 857 last_break = i; 858 i += (rand() % test_len / 8) & ALIGNMENT_MASK; 859 } 860 aes_gcm_dec_256_update(gkey, gctx, vector->P + last_break, vector->C + last_break, 861 vector->Plen - last_break); 862 aes_gcm_dec_256_finalize(gkey, gctx, vector->T, vector->Tlen); 863 864 OK |= check_data(vector->T, T_test, vector->Tlen, "ISA-L decrypt vs encrypt tag (T)"); 865 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 866 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted ISA-L plain text (P)"); 867 memset(vector->P, 0, vector->Plen); 868 aes_gcm_dec_256(gkey, gctx, vector->P, o_ct_test, vector->Plen, IV_c, vector->A, 869 vector->Alen, vector->T, vector->Tlen); 870 OK |= check_data(pt_test, vector->P, vector->Plen, 871 "ISA-L decrypted OpenSSL plain text (P)"); 872 result = openssl_aes_256_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, 873 vector->Alen, vector->T, vector->Tlen, vector->C, 874 vector->Plen, pt_test); 875 if (-1 == result) 876 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 877 OK |= (-1 == result); 878 error_exit: 879 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 880 return OK; 881 } 882 883 int 884 test_gcm_strm_efence(void) 885 { 886 int tag_len = 8; 887 int t = 0; 888 struct gcm_key_data *gkey = NULL; 889 struct gcm_context_data *gctx = NULL; 890 891 gkey = malloc(sizeof(struct gcm_key_data)); 892 gctx = malloc(sizeof(struct gcm_context_data)); 893 if (NULL == gkey || NULL == gctx) { 894 free(gkey); 895 free(gctx); 896 return 1; 897 } 898 899 printf("AES GCM random efence test vectors with random stream:"); 900 for (t = 0; RANDOMS > t; t++) { 901 int posix_ret = 0; 902 gcm_vector test; 903 int Plen = (rand() % TEST_LEN); 904 // lengths must be a multiple of 4 bytes 905 int aad_len = (rand() % TEST_LEN); 906 int offset = (rand() % MAX_UNALIGNED); 907 if (offset == 0 && aad_len == 0) 908 offset = OFFSET_BASE_VALUE; 909 910 if (0 == (t % 25)) 911 printf("\n"); 912 if (0 == (t % 10)) 913 fflush(0); 914 test.P = NULL; 915 test.C = NULL; 916 test.A = NULL; 917 test.T = NULL; 918 test.Plen = Plen; 919 if (test.Plen + offset != 0) { 920 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 921 test.Plen + offset); 922 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 923 test.Plen + offset); 924 } else { // This else clause is here because openssl 1.0.1k does not handle NULL 925 // pointers 926 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 16); 927 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 16); 928 } 929 test.K = malloc(GCM_128_KEY_LEN + offset); 930 test.Klen = GCM_128_KEY_LEN; 931 test.IV = malloc(GCM_IV_DATA_LEN + offset); 932 test.IVlen = GCM_IV_DATA_LEN; 933 test.A = malloc(aad_len + offset); 934 test.Alen = aad_len; 935 test.T = malloc(MAX_TAG_LEN + offset); 936 test.Tlen = MAX_TAG_LEN; 937 938 if ((NULL == test.P && test.Plen != 0) || (NULL == test.C && test.Plen != 0) || 939 (NULL == test.K) || (NULL == test.IV) || (NULL == test.A) || (NULL == test.T) || 940 (posix_ret != 0)) { 941 printf("malloc of testsize:0x%x failed\n", Plen); 942 free(test.A); 943 aligned_free(test.C); 944 free(test.IV); 945 free(test.K); 946 aligned_free(test.P); 947 free(test.T); 948 free(gkey); 949 free(gctx); 950 return 1; 951 } 952 953 gcm_vector test_free = test; 954 955 test.P += offset; 956 test.C += offset; 957 test.K += offset; 958 test.IV += offset; 959 test.A += offset; 960 test.T += offset; 961 962 mk_rand_data(test.P, test.Plen); 963 mk_rand_data(test.K, test.Klen); 964 mk_rand_data(test.IV, test.IVlen); 965 mk_rand_data(test.A, test.Alen); 966 967 // single Key length of 128bits/16bytes supported 968 // single IV length of 96bits/12bytes supported 969 // Tag lengths of 8, 12 or 16 970 for (tag_len = 8; tag_len <= MAX_TAG_LEN;) { 971 test.Tlen = tag_len; 972 if (0 != check_strm_vector_efence(gkey, gctx, &test)) { 973 free(test_free.A); 974 aligned_free(test_free.C); 975 free(test_free.IV); 976 free(test_free.K); 977 aligned_free(test_free.P); 978 free(test_free.T); 979 free(gkey); 980 free(gctx); 981 return 1; 982 } 983 tag_len += 4; // supported lengths are 8, 12 or 16 984 } 985 free(test_free.A); 986 aligned_free(test_free.C); 987 free(test_free.IV); 988 free(test_free.K); 989 aligned_free(test_free.P); 990 free(test_free.T); 991 } 992 printf("\n"); 993 free(gkey); 994 free(gctx); 995 return 0; 996 } 997 998 int 999 test_gcm_strm_combinations(int test_len) 1000 { 1001 int tag_len = 8; 1002 int t = 0; 1003 uint8_t *gkeytemp = NULL; 1004 struct gcm_key_data *gkey = NULL; 1005 struct gcm_context_data *gctx = NULL; 1006 1007 gkeytemp = malloc(sizeof(struct gcm_key_data) + 16); 1008 gctx = malloc(sizeof(struct gcm_context_data)); 1009 gkey = (struct gcm_key_data *) (gkeytemp + rand() % 16); 1010 if (NULL == gkeytemp || NULL == gctx) { 1011 free(gkeytemp); 1012 free(gctx); 1013 return 1; 1014 } 1015 1016 printf("AES GCM random test vectors with random stream of average size %d:", test_len / 64); 1017 for (t = 0; RANDOMS > t; t++) { 1018 int posix_ret = 0; 1019 gcm_vector test; 1020 int Plen = 0; // (rand() % test_len); 1021 // lengths must be a multiple of 4 bytes 1022 int aad_len = (rand() % test_len); 1023 int offset = (rand() % MAX_UNALIGNED); 1024 if (offset == 0 && aad_len == 0) 1025 offset = OFFSET_BASE_VALUE; 1026 1027 if (0 == (t % 25)) 1028 printf("\n"); 1029 if (0 == (t % 10)) 1030 fflush(0); 1031 test.P = NULL; 1032 test.C = NULL; 1033 test.A = NULL; 1034 test.T = NULL; 1035 test.Plen = Plen; 1036 if (test.Plen + offset != 0) { 1037 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 1038 test.Plen + offset); 1039 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 1040 test.Plen + offset); 1041 } else { // This else clause is here because openssl 1.0.1k does not handle NULL 1042 // pointers 1043 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 16); 1044 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 16); 1045 } 1046 test.K = malloc(GCM_128_KEY_LEN + offset); 1047 test.Klen = GCM_128_KEY_LEN; 1048 test.IV = malloc(GCM_IV_DATA_LEN + offset); 1049 test.IVlen = GCM_IV_DATA_LEN; 1050 test.A = malloc(aad_len + offset); 1051 test.Alen = aad_len; 1052 test.T = malloc(MAX_TAG_LEN + offset); 1053 test.Tlen = MAX_TAG_LEN; 1054 1055 if ((NULL == test.P && test.Plen != 0) || (NULL == test.C && test.Plen != 0) || 1056 (NULL == test.K) || (NULL == test.IV) || (NULL == test.A) || (NULL == test.T) || 1057 (posix_ret != 0)) { 1058 printf("malloc of testsize:0x%x failed\n", Plen); 1059 free(test.A); 1060 aligned_free(test.C); 1061 free(test.IV); 1062 free(test.K); 1063 aligned_free(test.P); 1064 free(test.T); 1065 free(gkeytemp); 1066 free(gctx); 1067 return 1; 1068 } 1069 1070 gcm_vector test_free = test; 1071 1072 test.P += offset; 1073 test.C += offset; 1074 test.K += offset; 1075 test.IV += offset; 1076 test.A += offset; 1077 test.T += offset; 1078 1079 mk_rand_data(test.P, test.Plen); 1080 mk_rand_data(test.K, test.Klen); 1081 mk_rand_data(test.IV, test.IVlen); 1082 mk_rand_data(test.A, test.Alen); 1083 1084 // single Key length of 128bits/16bytes supported 1085 // single IV length of 96bits/12bytes supported 1086 // Tag lengths of 8, 12 or 16 1087 for (tag_len = 8; tag_len <= MAX_TAG_LEN;) { 1088 test.Tlen = tag_len; 1089 if (0 != check_strm_vector(gkey, gctx, &test, test_len)) { 1090 free(test_free.A); 1091 aligned_free(test_free.C); 1092 free(test_free.IV); 1093 free(test_free.K); 1094 aligned_free(test_free.P); 1095 free(test_free.T); 1096 free(gkeytemp); 1097 free(gctx); 1098 return 1; 1099 } 1100 tag_len += 4; // supported lengths are 8, 12 or 16 1101 } 1102 free(test_free.A); 1103 aligned_free(test_free.C); 1104 free(test_free.IV); 1105 free(test_free.K); 1106 aligned_free(test_free.P); 1107 free(test_free.T); 1108 } 1109 printf("\n"); 1110 free(gkeytemp); 1111 free(gctx); 1112 return 0; 1113 } 1114 1115 int 1116 test_gcm_combinations(void) 1117 { 1118 int tag_len = 8; 1119 int t = 0; 1120 struct gcm_key_data *gkey = NULL; 1121 struct gcm_context_data *gctx = NULL; 1122 1123 gkey = malloc(sizeof(struct gcm_key_data)); 1124 gctx = malloc(sizeof(struct gcm_context_data)); 1125 if (NULL == gkey || NULL == gctx) { 1126 free(gctx); 1127 free(gkey); 1128 return 1; 1129 } 1130 1131 printf("AES GCM random test vectors:"); 1132 for (t = 0; RANDOMS > t; t++) { 1133 int posix_ret = 0; 1134 gcm_vector test; 1135 int Plen = (rand() % TEST_LEN); 1136 // lengths must be a multiple of 4 bytes 1137 int aad_len = (rand() % TEST_LEN); 1138 int offset = (rand() % MAX_UNALIGNED); 1139 if (offset == 0 && aad_len == 0) 1140 offset = OFFSET_BASE_VALUE; 1141 1142 if (0 == (t % 25)) 1143 printf("\n"); 1144 if (0 == (t % 10)) 1145 fflush(0); 1146 test.P = NULL; 1147 test.C = NULL; 1148 test.A = NULL; 1149 test.T = NULL; 1150 test.Plen = Plen; 1151 if (test.Plen + offset != 0) { 1152 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 1153 test.Plen + offset); 1154 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 1155 test.Plen + offset); 1156 } else { // This else clause is here because openssl 1.0.1k does not handle NULL 1157 // pointers 1158 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 16); 1159 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 16); 1160 } 1161 test.K = malloc(GCM_128_KEY_LEN + offset); 1162 test.Klen = GCM_128_KEY_LEN; 1163 test.IV = malloc(GCM_IV_DATA_LEN + offset); 1164 test.IVlen = GCM_IV_DATA_LEN; 1165 test.A = malloc(aad_len + offset); 1166 test.Alen = aad_len; 1167 test.T = malloc(MAX_TAG_LEN + offset); 1168 test.Tlen = MAX_TAG_LEN; 1169 1170 if ((NULL == test.P && test.Plen != 0) || (NULL == test.C && test.Plen != 0) || 1171 (NULL == test.K) || (NULL == test.IV) || (NULL == test.A) || (NULL == test.T) || 1172 (posix_ret != 0)) { 1173 printf("malloc of testsize:0x%x failed\n", Plen); 1174 free(test.A); 1175 aligned_free(test.C); 1176 free(test.IV); 1177 free(test.K); 1178 aligned_free(test.P); 1179 free(test.T); 1180 free(gkey); 1181 free(gctx); 1182 return 1; 1183 } 1184 1185 gcm_vector test_free = test; 1186 1187 test.P += offset; 1188 test.C += offset; 1189 test.K += offset; 1190 test.IV += offset; 1191 test.A += offset; 1192 test.T += offset; 1193 1194 mk_rand_data(test.P, test.Plen); 1195 mk_rand_data(test.K, test.Klen); 1196 mk_rand_data(test.IV, test.IVlen); 1197 mk_rand_data(test.A, test.Alen); 1198 1199 // single Key length of 128bits/16bytes supported 1200 // single IV length of 96bits/12bytes supported 1201 // Tag lengths of 8, 12 or 16 1202 for (tag_len = 8; tag_len <= MAX_TAG_LEN;) { 1203 test.Tlen = tag_len; 1204 if (0 != check_vector(gkey, gctx, &test)) { 1205 free(test_free.A); 1206 aligned_free(test_free.C); 1207 free(test_free.IV); 1208 free(test_free.K); 1209 aligned_free(test_free.P); 1210 free(test_free.T); 1211 free(gkey); 1212 free(gctx); 1213 return 1; 1214 } 1215 tag_len += 4; // supported lengths are 8, 12 or 16 1216 } 1217 1218 free(test_free.A); 1219 aligned_free(test_free.C); 1220 free(test_free.IV); 1221 free(test_free.K); 1222 aligned_free(test_free.P); 1223 free(test_free.T); 1224 } 1225 printf("\n"); 1226 free(gkey); 1227 free(gctx); 1228 return 0; 1229 } 1230 1231 int 1232 test_gcm256_combinations(void) 1233 { 1234 int tag_len = 8; 1235 int t = 0; 1236 struct gcm_key_data *gkey = NULL; 1237 struct gcm_context_data *gctx = NULL; 1238 1239 gkey = malloc(sizeof(struct gcm_key_data)); 1240 gctx = malloc(sizeof(struct gcm_context_data)); 1241 if (NULL == gkey || NULL == gctx) { 1242 free(gkey); 1243 free(gctx); 1244 return 1; 1245 } 1246 1247 printf("AES-GCM-256 random test vectors:"); 1248 for (t = 0; RANDOMS > t; t++) { 1249 int posix_ret = 0; 1250 gcm_vector test; 1251 int Plen = (rand() % TEST_LEN); 1252 // lengths must be a multiple of 4 bytes 1253 int aad_len = (rand() % TEST_LEN); 1254 int offset = (rand() % MAX_UNALIGNED); 1255 if (offset == 0 && aad_len == 0) 1256 offset = OFFSET_BASE_VALUE; 1257 1258 if (0 == (t % 25)) 1259 printf("\n"); 1260 if (0 == (t % 10)) 1261 fflush(0); 1262 test.P = NULL; 1263 test.C = NULL; 1264 test.A = NULL; 1265 test.T = NULL; 1266 test.Plen = Plen; 1267 if (test.Plen + offset != 0) { 1268 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 1269 test.Plen + offset); 1270 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 1271 test.Plen + offset); 1272 } else { // This else clause is here because openssl 1.0.1k does not handle NULL 1273 // pointers 1274 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 16); 1275 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 16); 1276 } 1277 test.K = malloc(GCM_256_KEY_LEN + offset); 1278 test.Klen = GCM_256_KEY_LEN; 1279 test.IV = malloc(GCM_IV_DATA_LEN + offset); 1280 test.IVlen = GCM_IV_DATA_LEN; 1281 test.A = malloc(aad_len + offset); 1282 test.Alen = aad_len; 1283 test.T = malloc(MAX_TAG_LEN + offset); 1284 test.Tlen = MAX_TAG_LEN; 1285 1286 if ((NULL == test.P && test.Plen != 0) || (NULL == test.C && test.Plen != 0) || 1287 (NULL == test.K) || (NULL == test.IV) || (NULL == test.A) || (NULL == test.T) || 1288 (posix_ret != 0)) { 1289 printf("malloc of testsize:0x%x failed, P=%p, C=%p, K=%p, IV=%p, A=%p, " 1290 "T=%p, posix_ret=%d\n", 1291 Plen, test.P, test.C, test.K, test.IV, test.A, test.T, posix_ret); 1292 free(test.A); 1293 aligned_free(test.C); 1294 free(test.IV); 1295 free(test.K); 1296 aligned_free(test.P); 1297 free(test.T); 1298 free(gkey); 1299 free(gctx); 1300 return 1; 1301 } 1302 1303 gcm_vector test_free = test; 1304 1305 test.P += offset; 1306 test.C += offset; 1307 test.K += offset; 1308 test.IV += offset; 1309 test.A += offset; 1310 test.T += offset; 1311 1312 mk_rand_data(test.P, test.Plen); 1313 mk_rand_data(test.K, test.Klen); 1314 mk_rand_data(test.IV, test.IVlen); 1315 mk_rand_data(test.A, test.Alen); 1316 1317 // single Key length of 128bits/16bytes supported 1318 // single IV length of 96bits/12bytes supported 1319 // Tag lengths of 8, 12 or 16 1320 for (tag_len = 8; tag_len <= MAX_TAG_LEN;) { 1321 test.Tlen = tag_len; 1322 if (0 != check_256_vector(gkey, gctx, &test)) { 1323 free(test_free.A); 1324 aligned_free(test_free.C); 1325 free(test_free.IV); 1326 free(test_free.K); 1327 aligned_free(test_free.P); 1328 free(test_free.T); 1329 free(gkey); 1330 free(gctx); 1331 return 1; 1332 } 1333 tag_len += 4; // supported lengths are 8, 12 or 16 1334 } 1335 free(test_free.A); 1336 aligned_free(test_free.C); 1337 free(test_free.IV); 1338 free(test_free.K); 1339 aligned_free(test_free.P); 1340 free(test_free.T); 1341 } 1342 printf("\n"); 1343 free(gkey); 1344 free(gctx); 1345 return 0; 1346 } 1347 1348 int 1349 test_gcm256_strm_combinations(int test_len) 1350 { 1351 int tag_len = 8; 1352 int t = 0; 1353 uint8_t *gkeytemp = NULL; 1354 struct gcm_key_data *gkey = NULL; 1355 struct gcm_context_data *gctx = NULL; 1356 1357 gkeytemp = malloc(sizeof(struct gcm_key_data) + 16); 1358 gctx = malloc(sizeof(struct gcm_context_data)); 1359 gkey = (struct gcm_key_data *) (gkeytemp + rand() % 16); 1360 if (NULL == gkeytemp || NULL == gctx) { 1361 free(gkeytemp); 1362 free(gctx); 1363 return 1; 1364 } 1365 1366 printf("AES-GCM-256 random test vectors with random stream of average size %d:", 1367 test_len / 64); 1368 for (t = 0; RANDOMS > t; t++) { 1369 int posix_ret = 0; 1370 gcm_vector test; 1371 int Plen = (rand() % test_len); 1372 // lengths must be a multiple of 4 bytes 1373 int aad_len = (rand() % test_len); 1374 int offset = (rand() % MAX_UNALIGNED); 1375 if (offset == 0 && aad_len == 0) 1376 offset = OFFSET_BASE_VALUE; 1377 1378 if (0 == (t % 25)) 1379 printf("\n"); 1380 if (0 == (t % 10)) 1381 fflush(0); 1382 test.P = NULL; 1383 test.C = NULL; 1384 test.A = NULL; 1385 test.T = NULL; 1386 test.Plen = Plen; 1387 if (test.Plen + offset != 0) { 1388 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 1389 test.Plen + offset); 1390 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 1391 test.Plen + offset); 1392 } else { // This else clause is here because openssl 1.0.1k does not handle NULL 1393 // pointers 1394 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 16); 1395 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 16); 1396 } 1397 test.K = malloc(GCM_256_KEY_LEN + offset); 1398 test.Klen = GCM_256_KEY_LEN; 1399 test.IV = malloc(GCM_IV_DATA_LEN + offset); 1400 test.IVlen = GCM_IV_DATA_LEN; 1401 test.A = malloc(aad_len + offset); 1402 test.Alen = aad_len; 1403 test.T = malloc(MAX_TAG_LEN + offset); 1404 test.Tlen = MAX_TAG_LEN; 1405 1406 if ((NULL == test.P && test.Plen != 0) || (NULL == test.C && test.Plen != 0) || 1407 (NULL == test.K) || (NULL == test.IV) || (NULL == test.A) || (NULL == test.T) || 1408 (posix_ret != 0)) { 1409 printf("malloc of testsize:0x%x failed\n", Plen); 1410 free(test.A); 1411 aligned_free(test.C); 1412 free(test.IV); 1413 free(test.K); 1414 aligned_free(test.P); 1415 free(test.T); 1416 free(gkeytemp); 1417 free(gctx); 1418 return 1; 1419 } 1420 1421 gcm_vector test_free = test; 1422 1423 test.P += offset; 1424 test.C += offset; 1425 test.K += offset; 1426 test.IV += offset; 1427 test.A += offset; 1428 test.T += offset; 1429 1430 mk_rand_data(test.P, test.Plen); 1431 mk_rand_data(test.K, test.Klen); 1432 mk_rand_data(test.IV, test.IVlen); 1433 mk_rand_data(test.A, test.Alen); 1434 1435 // single Key length of 128bits/16bytes supported 1436 // single IV length of 96bits/12bytes supported 1437 // Tag lengths of 8, 12 or 16 1438 for (tag_len = 8; tag_len <= MAX_TAG_LEN;) { 1439 test.Tlen = tag_len; 1440 if (0 != check_256_strm_vector(gkey, gctx, &test, test_len)) { 1441 free(test_free.A); 1442 aligned_free(test_free.C); 1443 free(test_free.IV); 1444 free(test_free.K); 1445 aligned_free(test_free.P); 1446 free(test_free.T); 1447 free(gkeytemp); 1448 free(gctx); 1449 return 1; 1450 } 1451 tag_len += 4; // supported lengths are 8, 12 or 16 1452 } 1453 free(test_free.A); 1454 aligned_free(test_free.C); 1455 free(test_free.IV); 1456 free(test_free.K); 1457 aligned_free(test_free.P); 1458 free(test_free.T); 1459 } 1460 printf("\n"); 1461 free(gkeytemp); 1462 free(gctx); 1463 return 0; 1464 } 1465 1466 // 1467 // place all data to end at a page boundary to check for read past the end 1468 // 1469 int 1470 test_gcm_efence(void) 1471 { 1472 int posix_ret = 0; 1473 gcm_vector test; 1474 int offset = 0; 1475 gcm_key_size key_len; 1476 struct gcm_key_data *gkey = NULL; 1477 struct gcm_context_data *gctx = NULL; 1478 uint8_t *P = NULL, *C = NULL, *K = NULL, *IV = NULL, *A = NULL, *T = NULL; 1479 1480 gkey = malloc(sizeof(struct gcm_key_data)); 1481 gctx = malloc(sizeof(struct gcm_context_data)); 1482 posix_ret |= posix_memalign((void **) &P, POSIX_ALIGNMENT, PAGE_LEN); 1483 posix_ret |= posix_memalign((void **) &C, POSIX_ALIGNMENT, PAGE_LEN); 1484 K = malloc(PAGE_LEN); 1485 IV = malloc(PAGE_LEN); 1486 A = malloc(PAGE_LEN); 1487 T = malloc(PAGE_LEN); 1488 if ((NULL == P) || (NULL == C) || (NULL == K) || (NULL == IV) || (NULL == A) || 1489 (NULL == T) || (NULL == gkey) || (NULL == gctx) || (posix_ret != 0)) { 1490 printf("malloc of testsize:0x%x failed\n", PAGE_LEN); 1491 free(gkey); 1492 free(gctx); 1493 aligned_free(P); 1494 aligned_free(C); 1495 free(K); 1496 free(IV); 1497 free(A); 1498 free(T); 1499 return -1; 1500 } 1501 1502 test.Plen = PAGE_LEN / 2; 1503 // place buffers to end at page boundary 1504 test.IVlen = GCM_IV_DATA_LEN; 1505 test.Alen = test.Plen; 1506 test.Tlen = MAX_TAG_LEN; 1507 1508 printf("AES GCM efence test vectors:"); 1509 for (key_len = GCM_128_KEY_LEN; GCM_256_KEY_LEN >= key_len; 1510 key_len += (GCM_256_KEY_LEN - GCM_128_KEY_LEN)) { 1511 test.Klen = key_len; 1512 for (offset = 0; MAX_UNALIGNED > offset; offset++) { 1513 if (0 == (offset % 80)) 1514 printf("\n"); 1515 // move the start and size of the data block towards the end of the page 1516 test.Plen = (PAGE_LEN / 2) - offset; 1517 test.Alen = (PAGE_LEN / 4) - 1518 (offset * 4); // lengths must be a multiple of 4 bytes 1519 // Place data at end of page 1520 test.P = P + PAGE_LEN - test.Plen; 1521 test.C = C + PAGE_LEN - test.Plen; 1522 test.K = K + PAGE_LEN - test.Klen; 1523 test.IV = IV + PAGE_LEN - test.IVlen; 1524 test.A = A + PAGE_LEN - test.Alen; 1525 test.T = T + PAGE_LEN - test.Tlen; 1526 1527 mk_rand_data(test.P, test.Plen); 1528 mk_rand_data(test.K, test.Klen); 1529 mk_rand_data(test.IV, test.IVlen); 1530 mk_rand_data(test.A, test.Alen); 1531 if (GCM_128_KEY_LEN == key_len) { 1532 if (0 != check_vector(gkey, gctx, &test)) { 1533 free(gkey); 1534 free(gctx); 1535 aligned_free(P); 1536 aligned_free(C); 1537 free(K); 1538 free(IV); 1539 free(A); 1540 free(T); 1541 return 1; 1542 } 1543 } else { 1544 if (0 != check_256_vector(gkey, gctx, &test)) { 1545 free(gkey); 1546 free(gctx); 1547 aligned_free(P); 1548 aligned_free(C); 1549 free(K); 1550 free(IV); 1551 free(A); 1552 free(T); 1553 return 1; 1554 } 1555 } 1556 } 1557 } 1558 free(gkey); 1559 free(gctx); 1560 aligned_free(P); 1561 aligned_free(C); 1562 free(K); 1563 free(IV); 1564 free(A); 1565 free(T); 1566 1567 printf("\n"); 1568 return 0; 1569 } 1570 1571 int 1572 test_gcm128_std_vectors(gcm_vector const *vector) 1573 { 1574 struct gcm_key_data gkey; 1575 struct gcm_context_data gctx; 1576 int OK = 0; 1577 // Temporary array for the calculated vectors 1578 uint8_t *ct_test = NULL; 1579 uint8_t *pt_test = NULL; 1580 uint8_t *IV_c = NULL; 1581 uint8_t *T_test = NULL; 1582 uint8_t *T2_test = NULL; 1583 int result; 1584 1585 #ifdef GCM_VECTORS_VERBOSE 1586 printf("AES-GCM-128:\n"); 1587 #endif 1588 1589 // Allocate required memory 1590 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &IV_c, 1591 (void **) &T_test, (void **) &T2_test }; 1592 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, 0, 0, 0 }; 1593 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->IVlen, vector->Tlen, 1594 vector->Tlen }; 1595 1596 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 1597 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 1598 return 1; 1599 } 1600 1601 // Prepare IV 1602 memcpy(IV_c, vector->IV, vector->IVlen); 1603 1604 // This is only required once for a given key 1605 aes_gcm_pre_128(vector->K, &gkey); 1606 #ifdef GCM_VECTORS_VERBOSE 1607 dump_gcm_data(&gkey); 1608 #endif 1609 1610 //// 1611 // ISA-l Encrypt 1612 //// 1613 aes_gcm_enc_128(&gkey, &gctx, ct_test, vector->P, vector->Plen, IV_c, vector->A, 1614 vector->Alen, T_test, vector->Tlen); 1615 OK |= check_data(ct_test, vector->C, vector->Plen, "ISA-L encrypted cypher text (C)"); 1616 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L tag (T)"); 1617 1618 openssl_aes_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, pt_test, 1619 vector->Tlen, vector->P, vector->Plen, ct_test); 1620 OK |= check_data(pt_test, T_test, vector->Tlen, "OpenSSL vs ISA-L tag (T)"); 1621 // test of in-place encrypt 1622 memcpy(pt_test, vector->P, vector->Plen); 1623 aes_gcm_enc_128(&gkey, &gctx, pt_test, pt_test, vector->Plen, IV_c, vector->A, vector->Alen, 1624 T_test, vector->Tlen); 1625 OK |= check_data(pt_test, vector->C, vector->Plen, "ISA-L encrypted cypher text(in-place)"); 1626 memset(ct_test, 0, vector->Plen); 1627 memset(T_test, 0, vector->Tlen); 1628 1629 //// 1630 // ISA-l Decrypt 1631 //// 1632 aes_gcm_dec_128(&gkey, &gctx, pt_test, vector->C, vector->Plen, IV_c, vector->A, 1633 vector->Alen, T_test, vector->Tlen); 1634 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 1635 // GCM decryption outputs a 16 byte tag value that must be verified against the expected tag 1636 // value 1637 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L decrypted tag (T)"); 1638 1639 // test in in-place decrypt 1640 memcpy(ct_test, vector->C, vector->Plen); 1641 aes_gcm_dec_128(&gkey, &gctx, ct_test, ct_test, vector->Plen, IV_c, vector->A, vector->Alen, 1642 T_test, vector->Tlen); 1643 OK |= check_data(ct_test, vector->P, vector->Plen, "ISA-L plain text (P) - in-place"); 1644 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L decrypted tag (T) - in-place"); 1645 // ISA-L enc -> ISA-L dec 1646 aes_gcm_enc_128(&gkey, &gctx, ct_test, vector->P, vector->Plen, IV_c, vector->A, 1647 vector->Alen, T_test, vector->Tlen); 1648 memset(pt_test, 0, vector->Plen); 1649 aes_gcm_dec_128(&gkey, &gctx, pt_test, ct_test, vector->Plen, IV_c, vector->A, vector->Alen, 1650 T2_test, vector->Tlen); 1651 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L self decrypted plain text (P)"); 1652 OK |= check_data(T_test, T2_test, vector->Tlen, "ISA-L self decrypted tag (T)"); 1653 // OpenSSl enc -> ISA-L dec 1654 openssl_aes_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, T_test, 1655 vector->Tlen, vector->P, vector->Plen, ct_test); 1656 OK |= check_data(ct_test, vector->C, vector->Plen, "OpenSSL encrypted cypher text (C)"); 1657 memset(pt_test, 0, vector->Plen); 1658 aes_gcm_dec_128(&gkey, &gctx, pt_test, ct_test, vector->Plen, IV_c, vector->A, vector->Alen, 1659 T2_test, vector->Tlen); 1660 OK |= check_data(pt_test, vector->P, vector->Plen, 1661 "OpenSSL->ISA-L decrypted plain text (P)"); 1662 OK |= check_data(T_test, T2_test, vector->Tlen, "OpenSSL->ISA-L decrypted tag (T)"); 1663 // ISA-L enc -> OpenSSl dec 1664 aes_gcm_enc_128(&gkey, &gctx, ct_test, vector->P, vector->Plen, IV_c, vector->A, 1665 vector->Alen, T_test, vector->Tlen); 1666 memset(pt_test, 0, vector->Plen); 1667 result = openssl_aes_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 1668 T_test, vector->Tlen, ct_test, vector->Plen, pt_test); 1669 if (-1 == result) 1670 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 1671 OK |= (-1 == result); 1672 OK |= check_data(pt_test, vector->P, vector->Plen, "OSSL decrypted plain text (C)"); 1673 1674 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 1675 return OK; 1676 } 1677 1678 int 1679 test_gcm256_std_vectors(gcm_vector const *vector) 1680 { 1681 struct gcm_key_data gkey; 1682 struct gcm_context_data gctx; 1683 int OK = 0; 1684 // Temporary array for the calculated vectors 1685 uint8_t *ct_test = NULL; 1686 uint8_t *pt_test = NULL; 1687 uint8_t *IV_c = NULL; 1688 uint8_t *T_test = NULL; 1689 uint8_t *T2_test = NULL; 1690 int result; 1691 1692 #ifdef GCM_VECTORS_VERBOSE 1693 printf("AES-GCM-256:\n"); 1694 #endif 1695 1696 // Allocate required memory 1697 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &IV_c, 1698 (void **) &T_test, (void **) &T2_test }; 1699 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, 0, 0, 0 }; 1700 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->IVlen, vector->Tlen, 1701 vector->Tlen }; 1702 1703 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 1704 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 1705 return 1; 1706 } 1707 1708 // Prepare IV 1709 memcpy(IV_c, vector->IV, vector->IVlen); 1710 1711 // This is only required once for a given key 1712 aes_gcm_pre_256(vector->K, &gkey); 1713 #ifdef GCM_VECTORS_VERBOSE 1714 dump_gcm_data(&gkey); 1715 #endif 1716 1717 //// 1718 // ISA-l Encrypt 1719 //// 1720 memset(ct_test, 0, vector->Plen); 1721 aes_gcm_enc_256(&gkey, &gctx, ct_test, vector->P, vector->Plen, IV_c, vector->A, 1722 vector->Alen, T_test, vector->Tlen); 1723 OK |= check_data(ct_test, vector->C, vector->Plen, "ISA-L encrypted cypher text (C)"); 1724 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L tag (T)"); 1725 1726 openssl_aes_256_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 1727 pt_test, vector->Tlen, vector->P, vector->Plen, ct_test); 1728 OK |= check_data(ct_test, vector->C, vector->Tlen, "OpenSSL vs KA - cypher text (C)"); 1729 OK |= check_data(pt_test, vector->T, vector->Tlen, "OpenSSL vs KA - tag (T)"); 1730 OK |= check_data(pt_test, T_test, vector->Tlen, "OpenSSL vs ISA-L - tag (T)"); 1731 // test of in-place encrypt 1732 memcpy(pt_test, vector->P, vector->Plen); 1733 aes_gcm_enc_256(&gkey, &gctx, pt_test, pt_test, vector->Plen, IV_c, vector->A, vector->Alen, 1734 T_test, vector->Tlen); 1735 OK |= check_data(pt_test, vector->C, vector->Plen, "ISA-L encrypted cypher text(in-place)"); 1736 memset(ct_test, 0, vector->Plen); 1737 memset(T_test, 0, vector->Tlen); 1738 1739 //// 1740 // ISA-l Decrypt 1741 //// 1742 aes_gcm_dec_256(&gkey, &gctx, pt_test, vector->C, vector->Plen, IV_c, vector->A, 1743 vector->Alen, T_test, vector->Tlen); 1744 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 1745 // GCM decryption outputs a 16 byte tag value that must be verified against the expected tag 1746 // value 1747 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L decrypted tag (T)"); 1748 1749 // test in in-place decrypt 1750 memcpy(ct_test, vector->C, vector->Plen); 1751 aes_gcm_dec_256(&gkey, &gctx, ct_test, ct_test, vector->Plen, IV_c, vector->A, vector->Alen, 1752 T_test, vector->Tlen); 1753 OK |= check_data(ct_test, vector->P, vector->Plen, "ISA-L plain text (P) - in-place"); 1754 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L decrypted tag (T) - in-place"); 1755 // ISA-L enc -> ISA-L dec 1756 aes_gcm_enc_256(&gkey, &gctx, ct_test, vector->P, vector->Plen, IV_c, vector->A, 1757 vector->Alen, T_test, vector->Tlen); 1758 memset(pt_test, 0, vector->Plen); 1759 aes_gcm_dec_256(&gkey, &gctx, pt_test, ct_test, vector->Plen, IV_c, vector->A, vector->Alen, 1760 T2_test, vector->Tlen); 1761 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L self decrypted plain text (P)"); 1762 OK |= check_data(T_test, T2_test, vector->Tlen, "ISA-L self decrypted tag (T)"); 1763 // OpenSSl enc -> ISA-L dec 1764 openssl_aes_256_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 1765 T_test, vector->Tlen, vector->P, vector->Plen, ct_test); 1766 OK |= check_data(ct_test, vector->C, vector->Plen, "OpenSSL encrypted cypher text (C)"); 1767 memset(pt_test, 0, vector->Plen); 1768 aes_gcm_dec_256(&gkey, &gctx, pt_test, ct_test, vector->Plen, IV_c, vector->A, vector->Alen, 1769 T2_test, vector->Tlen); 1770 OK |= check_data(pt_test, vector->P, vector->Plen, 1771 "OpenSSL->ISA-L decrypted plain text (P)"); 1772 OK |= check_data(T_test, T2_test, vector->Tlen, "OpenSSL->ISA-L decrypted tag (T)"); 1773 // ISA-L enc -> OpenSSl dec 1774 aes_gcm_enc_256(&gkey, &gctx, ct_test, vector->P, vector->Plen, IV_c, vector->A, 1775 vector->Alen, T_test, vector->Tlen); 1776 memset(pt_test, 0, vector->Plen); 1777 result = openssl_aes_256_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, 1778 vector->Alen, T_test, vector->Tlen, ct_test, vector->Plen, 1779 pt_test); 1780 if (-1 == result) 1781 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 1782 OK |= (-1 == result); 1783 OK |= check_data(pt_test, vector->P, vector->Plen, "OSSL decrypted plain text (C)"); 1784 1785 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 1786 return OK; 1787 } 1788 1789 int 1790 test_gcm_std_vectors(void) 1791 { 1792 int const vectors_cnt = sizeof(gcm_vectors) / sizeof(gcm_vectors[0]); 1793 int vect; 1794 int OK = 0; 1795 1796 printf("AES-GCM standard test vectors:\n"); 1797 for (vect = 0; vect < vectors_cnt; vect++) { 1798 #ifdef GCM_VECTORS_VERBOSE 1799 printf("Standard vector %d/%d Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 1800 vect, vectors_cnt - 1, (int) gcm_vectors[vect].Klen, 1801 (int) gcm_vectors[vect].IVlen, (int) gcm_vectors[vect].Plen, 1802 (int) gcm_vectors[vect].Alen, (int) gcm_vectors[vect].Tlen); 1803 #else 1804 printf("."); 1805 #endif 1806 1807 if (BITS_128 == gcm_vectors[vect].Klen) { 1808 OK |= test_gcm128_std_vectors(&gcm_vectors[vect]); 1809 } else { 1810 OK |= test_gcm256_std_vectors(&gcm_vectors[vect]); 1811 } 1812 if (0 != OK) 1813 return OK; 1814 } 1815 printf("\n"); 1816 return OK; 1817 } 1818 1819 // The length of the data is set to length. The first stream is from 0 to start. After 1820 // that the data is broken into breaks chunks of equal size (except possibly the last 1821 // one due to divisibility). 1822 int 1823 test_gcm_strm_combinations2(int length, int start, int breaks) 1824 { 1825 int tag_len = 8; 1826 int t = 0; 1827 struct gcm_key_data *gkey = NULL; 1828 struct gcm_context_data *gctx = NULL; 1829 1830 gkey = malloc(sizeof(struct gcm_key_data)); 1831 gctx = malloc(sizeof(struct gcm_context_data)); 1832 if (NULL == gkey || NULL == gctx) { 1833 free(gkey); 1834 free(gctx); 1835 return 1; 1836 } 1837 1838 printf("AES GCM random test vectors of length %d and stream with %d breaks:", length, 1839 breaks + 1); 1840 for (t = 0; RANDOMS > t; t++) { 1841 int posix_ret = 0; 1842 gcm_vector test; 1843 int Plen = length; 1844 // lengths must be a multiple of 4 bytes 1845 int aad_len = (rand() % TEST_LEN); 1846 int offset = (rand() % MAX_UNALIGNED); 1847 if (offset == 0 && aad_len == 0) 1848 offset = OFFSET_BASE_VALUE; 1849 1850 if (0 == (t % 25)) 1851 printf("\n"); 1852 if (0 == (t % 10)) 1853 fflush(0); 1854 test.P = NULL; 1855 test.C = NULL; 1856 test.A = NULL; 1857 test.T = NULL; 1858 test.Plen = Plen; 1859 if (test.Plen + offset != 0) { 1860 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 1861 test.Plen + offset); 1862 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 1863 test.Plen + offset); 1864 } else { // This else clause is here because openssl 1.0.1k does not handle NULL 1865 // pointers 1866 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 16); 1867 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 16); 1868 } 1869 test.K = malloc(GCM_128_KEY_LEN + offset); 1870 test.Klen = GCM_128_KEY_LEN; 1871 test.IV = malloc(GCM_IV_DATA_LEN + offset); 1872 test.IVlen = GCM_IV_DATA_LEN; 1873 test.A = malloc(aad_len + offset); 1874 test.Alen = aad_len; 1875 test.T = malloc(MAX_TAG_LEN + offset); 1876 test.Tlen = MAX_TAG_LEN; 1877 1878 if ((NULL == test.P && test.Plen != 0) || (NULL == test.C && test.Plen != 0) || 1879 (NULL == test.K) || (NULL == test.IV) || (NULL == test.A) || (NULL == test.T) || 1880 (posix_ret != 0)) { 1881 printf("malloc of testsize:0x%x failed\n", Plen); 1882 free(test.A); 1883 aligned_free(test.C); 1884 free(test.IV); 1885 free(test.K); 1886 aligned_free(test.P); 1887 free(test.T); 1888 free(gkey); 1889 free(gctx); 1890 return 1; 1891 } 1892 1893 gcm_vector test_free = test; 1894 1895 test.P += offset; 1896 test.C += offset; 1897 test.K += offset; 1898 test.IV += offset; 1899 test.A += offset; 1900 test.T += offset; 1901 1902 mk_rand_data(test.P, test.Plen); 1903 mk_rand_data(test.K, test.Klen); 1904 mk_rand_data(test.IV, test.IVlen); 1905 mk_rand_data(test.A, test.Alen); 1906 1907 // single Key length of 128bits/16bytes supported 1908 // single IV length of 96bits/12bytes supported 1909 // Tag lengths of 8, 12 or 16 1910 for (tag_len = 8; tag_len <= MAX_TAG_LEN;) { 1911 test.Tlen = tag_len; 1912 if (0 != check_strm_vector2(gkey, gctx, &test, length, start, breaks)) { 1913 free(test_free.A); 1914 aligned_free(test_free.C); 1915 free(test_free.IV); 1916 free(test_free.K); 1917 aligned_free(test_free.P); 1918 free(test_free.T); 1919 free(gkey); 1920 free(gctx); 1921 return 1; 1922 } 1923 tag_len += 4; // supported lengths are 8, 12 or 16 1924 } 1925 free(test_free.A); 1926 aligned_free(test_free.C); 1927 free(test_free.IV); 1928 free(test_free.K); 1929 aligned_free(test_free.P); 1930 free(test_free.T); 1931 } 1932 printf("\n"); 1933 free(gkey); 1934 free(gctx); 1935 return 0; 1936 } 1937 1938 int 1939 main(int argc, char **argv) 1940 { 1941 int errors = 0; 1942 int seed; 1943 1944 if (argc == 1) 1945 seed = TEST_SEED; 1946 else 1947 seed = atoi(argv[1]); 1948 1949 srand(seed); 1950 printf("SEED: %d\n", seed); 1951 1952 errors += test_gcm_std_vectors(); 1953 errors += test_gcm256_combinations(); 1954 errors += test_gcm_combinations(); 1955 errors += test_gcm_efence(); 1956 errors += test_gcm256_strm_combinations(TEST_LEN); 1957 errors += test_gcm_strm_combinations(TEST_LEN); 1958 errors += test_gcm256_strm_combinations(1024); 1959 errors += test_gcm_strm_combinations(1024); 1960 errors += test_gcm_strm_efence(); 1961 errors += test_gcm_strm_combinations2(1024, 0, 1024); 1962 1963 if (0 == errors) 1964 printf("...Pass\n"); 1965 else 1966 printf("...Fail\n"); 1967 1968 return errors; 1969 } 1970