1 /********************************************************************** 2 Copyright(c) 2011-2016 Intel Corporation All rights reserved. 3 4 Redistribution and use in source and binary forms, with or without 5 modification, are permitted provided that the following conditions 6 are met: 7 * Redistributions of source code must retain the above copyright 8 notice, this list of conditions and the following disclaimer. 9 * Redistributions in binary form must reproduce the above copyright 10 notice, this list of conditions and the following disclaimer in 11 the documentation and/or other materials provided with the 12 distribution. 13 * Neither the name of Intel Corporation nor the names of its 14 contributors may be used to endorse or promote products derived 15 from this software without specific prior written permission. 16 17 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 **********************************************************************/ 29 30 #include <stdlib.h> 31 #include <stdio.h> 32 #include <stdint.h> 33 #include <string.h> // for memcmp() 34 #include <aes_gcm.h> 35 #include <openssl/sha.h> 36 #include "gcm_vectors.h" 37 #include "ossl_helper.h" 38 #include "types.h" 39 #include "gcm_test_alloc.h" 40 41 // #define GCM_VECTORS_VERBOSE 42 // #define GCM_VECTORS_EXTRA_VERBOSE 43 #ifndef TEST_SEED 44 #define TEST_SEED 0x1234 45 #endif 46 #ifndef RANDOMS 47 #define RANDOMS 200 48 #endif 49 #ifndef TEST_LEN 50 #define TEST_LEN 32 * 1024 51 #endif 52 #ifndef PAGE_LEN 53 #define PAGE_LEN (4 * 1024) 54 #endif 55 56 #if defined(NT_LD) || defined(NT_ST) || defined(NT_LDST) 57 #define ALIGNMENT (64) 58 #define ALIGNMENT_MASK (~63) 59 #define OFFSET_BASE_VALUE 64 60 #ifndef MAX_UNALIGNED 61 #define MAX_UNALIGNED (1) 62 #endif 63 #else 64 #define ALIGNMENT (0) 65 #define ALIGNMENT_MASK (~0) 66 #define OFFSET_BASE_VALUE 1 67 #ifndef MAX_UNALIGNED 68 #define MAX_UNALIGNED (16) 69 #endif 70 #endif 71 72 #if ALIGNMENT == 0 73 #define POSIX_ALIGNMENT (sizeof(void *)) 74 #else 75 #define POSIX_ALIGNMENT ALIGNMENT 76 #endif 77 78 void 79 dump_table(char *title, uint8_t *table, uint8_t count) 80 { 81 int i; 82 char const *space = " "; 83 84 printf("%s%s => {\n", space, title); 85 for (i = 0; i < count; i++) { 86 if (0 == (i & 15)) 87 printf("%s%s", space, space); 88 printf("%2x, ", table[i]); 89 if (15 == (i & 15)) 90 printf("\n"); 91 } 92 printf("%s}\n", space); 93 } 94 95 void 96 dump_gcm_data(struct gcm_key_data *gkey) 97 { 98 #ifdef GCM_VECTORS_EXTRA_VERBOSE 99 printf("gcm_data {\n"); 100 dump_table("expanded_keys", gkey->expanded_keys, (16 * 11)); 101 dump_table("shifted_hkey_1", gkey->shifted_hkey_1, 16); 102 dump_table("shifted_hkey_2", gkey->shifted_hkey_2, 16); 103 dump_table("shifted_hkey_3", gkey->shifted_hkey_3, 16); 104 dump_table("shifted_hkey_4", gkey->shifted_hkey_4, 16); 105 dump_table("shifted_hkey_5", gkey->shifted_hkey_5, 16); 106 dump_table("shifted_hkey_6", gkey->shifted_hkey_6, 16); 107 dump_table("shifted_hkey_7", gkey->shifted_hkey_7, 16); 108 dump_table("shifted_hkey_8", gkey->shifted_hkey_8, 16); 109 dump_table("shifted_hkey_1_k", gkey->shifted_hkey_1_k, 16); 110 dump_table("shifted_hkey_2_k", gkey->shifted_hkey_2_k, 16); 111 dump_table("shifted_hkey_3_k", gkey->shifted_hkey_3_k, 16); 112 dump_table("shifted_hkey_4_k", gkey->shifted_hkey_4_k, 16); 113 dump_table("shifted_hkey_5_k", gkey->shifted_hkey_5_k, 16); 114 dump_table("shifted_hkey_6_k", gkey->shifted_hkey_6_k, 16); 115 dump_table("shifted_hkey_7_k", gkey->shifted_hkey_7_k, 16); 116 dump_table("shifted_hkey_8_k", gkey->shifted_hkey_8_k, 16); 117 printf("}\n"); 118 #endif // GCM_VECTORS_VERBOSE 119 } 120 121 void 122 mk_rand_data(uint8_t *data, uint32_t size) 123 { 124 int i; 125 for (i = 0; i < size; i++) { 126 *data++ = rand(); 127 } 128 } 129 130 int 131 check_data(uint8_t *test, uint8_t *expected, uint64_t len, char *data_name) 132 { 133 int mismatch; 134 int OK = 0; 135 136 mismatch = memcmp(test, expected, len); 137 if (mismatch) { 138 OK = 1; 139 printf(" expected results don't match %s \t\t", data_name); 140 { 141 uint64_t a; 142 for (a = 0; a < len; a++) { 143 if (test[a] != expected[a]) { 144 printf(" '%x' != '%x' at 0x%llx of 0x%llx\n", test[a], 145 expected[a], (unsigned long long) a, 146 (unsigned long long) len); 147 break; 148 } 149 } 150 } 151 } 152 return OK; 153 } 154 155 int 156 check_vector(struct gcm_key_data *gkey, struct gcm_context_data *gctx, gcm_vector *vector) 157 { 158 uint8_t *pt_test = NULL; 159 uint8_t *ct_test = NULL; 160 uint8_t *o_ct_test = NULL; 161 uint8_t *IV_c = NULL; 162 uint8_t *T_test = NULL; 163 uint8_t *o_T_test = NULL; 164 int OK = 0; 165 166 #ifdef GCM_VECTORS_VERBOSE 167 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 168 (int) vector->Klen, (int) vector->IVlen, (int) vector->Plen, (int) vector->Alen, 169 (int) vector->Tlen); 170 #else 171 printf("."); 172 #endif 173 174 // Allocate required memory 175 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &o_ct_test, 176 (void **) &IV_c, (void **) &T_test, (void **) &o_T_test }; 177 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, ALIGNMENT, 0, 0, 0 }; 178 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->Plen, 179 vector->IVlen, vector->Tlen, vector->Tlen }; 180 181 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 182 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 183 return 1; 184 } 185 186 // Prepare IV 187 memcpy(IV_c, vector->IV, vector->IVlen); 188 189 // This is only required once for a given key 190 isal_aes_gcm_pre_128(vector->K, gkey); 191 192 //// 193 // ISA-l Encrypt 194 //// 195 isal_aes_gcm_enc_128(gkey, gctx, vector->C, vector->P, vector->Plen, IV_c, vector->A, 196 vector->Alen, vector->T, vector->Tlen); 197 openssl_aes_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, o_T_test, 198 vector->Tlen, vector->P, vector->Plen, o_ct_test); 199 OK |= check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 200 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 201 202 memcpy(ct_test, vector->C, vector->Plen); 203 memcpy(pt_test, vector->P, vector->Plen); 204 memset(vector->P, 0, vector->Plen); 205 memcpy(T_test, vector->T, vector->Tlen); 206 memset(vector->T, 0, vector->Tlen); 207 208 //// 209 // ISA-l Decrypt 210 //// 211 isal_aes_gcm_dec_128(gkey, gctx, vector->P, vector->C, vector->Plen, IV_c, vector->A, 212 vector->Alen, vector->T, vector->Tlen); 213 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 214 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 215 memset(vector->P, 0, vector->Plen); 216 isal_aes_gcm_dec_128(gkey, gctx, vector->P, o_ct_test, vector->Plen, IV_c, vector->A, 217 vector->Alen, vector->T, vector->Tlen); 218 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 219 220 const int result = 221 openssl_aes_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 222 vector->T, vector->Tlen, vector->C, vector->Plen, pt_test); 223 224 if (-1 == result) 225 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 226 227 OK |= (-1 == result); 228 229 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 230 return OK; 231 } 232 233 int 234 check_strm_vector(struct gcm_key_data *gkey, struct gcm_context_data *gctx, gcm_vector *vector, 235 int test_len) 236 { 237 uint8_t *pt_test = NULL; 238 uint8_t *ct_test = NULL; 239 uint8_t *o_ct_test = NULL; 240 uint8_t *IV_c = NULL; 241 uint8_t *T_test = NULL; 242 uint8_t *o_T_test = NULL; 243 uint8_t *stream = NULL; 244 int result; 245 int OK = 0; 246 uint32_t last_break; 247 int i; 248 uint8_t *rand_data = NULL; 249 uint64_t length; 250 251 #ifdef GCM_VECTORS_VERBOSE 252 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 253 (int) vector->Klen, (int) vector->IVlen, (int) vector->Plen, (int) vector->Alen, 254 (int) vector->Tlen); 255 #else 256 printf("."); 257 #endif 258 // Allocate required memory 259 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &o_ct_test, 260 (void **) &IV_c, (void **) &T_test, (void **) &o_T_test, 261 (void **) &rand_data }; 262 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, ALIGNMENT, 0, 0, 0, 0 }; 263 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->Plen, vector->IVlen, 264 vector->Tlen, vector->Tlen, 100 }; 265 266 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 267 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 268 return 1; 269 } 270 271 // Prepare IV 272 memcpy(IV_c, vector->IV, vector->IVlen); 273 274 // This is only required once for a given key 275 isal_aes_gcm_pre_128(vector->K, gkey); 276 277 //// 278 // ISA-l Encrypt 279 //// 280 isal_aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 281 282 last_break = 0; 283 i = (rand() % test_len / 8) & ALIGNMENT_MASK; 284 while (i < (vector->Plen)) { 285 if (i - last_break != 0) { 286 const int posix_ret = 287 posix_memalign((void **) &stream, POSIX_ALIGNMENT, i - last_break); 288 289 if (posix_ret != 0 || stream == NULL) { 290 OK = 1; 291 goto error_exit; 292 } 293 memcpy(stream, vector->P + last_break, i - last_break); 294 } 295 isal_aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, stream, 296 i - last_break); 297 if (i - last_break != 0) { 298 aligned_free(stream); 299 stream = NULL; 300 } 301 302 if (rand() % 1024 == 0) { 303 length = rand() % 100; 304 mk_rand_data(rand_data, length); 305 SHA1(rand_data, length, rand_data); 306 } 307 last_break = i; 308 i = (rand() % test_len / 8) & ALIGNMENT_MASK; 309 } 310 isal_aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, vector->P + last_break, 311 vector->Plen - last_break); 312 if (gctx->in_length != vector->Plen) 313 printf("%llu, %llu\n", (unsigned long long) gctx->in_length, 314 (unsigned long long) vector->Plen); 315 isal_aes_gcm_enc_128_finalize(gkey, gctx, vector->T, vector->Tlen); 316 openssl_aes_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, o_T_test, 317 vector->Tlen, vector->P, vector->Plen, o_ct_test); 318 OK |= check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 319 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 320 321 memcpy(ct_test, vector->C, vector->Plen); 322 memcpy(pt_test, vector->P, vector->Plen); 323 memset(vector->P, 0, vector->Plen); 324 memcpy(T_test, vector->T, vector->Tlen); 325 memset(vector->T, 0, vector->Tlen); 326 327 //// 328 // ISA-l Decrypt 329 //// 330 331 last_break = 0; 332 i = 0; 333 isal_aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 334 while (i < (vector->Plen)) { 335 if (rand() % (test_len / 64) == 0) { 336 if (i - last_break != 0) { 337 const int posix_ret = posix_memalign( 338 (void **) &stream, POSIX_ALIGNMENT, i - last_break); 339 340 if (posix_ret != 0 || stream == NULL) { 341 OK = 1; 342 goto error_exit; 343 } 344 memcpy(stream, vector->C + last_break, i - last_break); 345 } 346 isal_aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, stream, 347 i - last_break); 348 if (i - last_break != 0) { 349 aligned_free(stream); 350 stream = NULL; 351 } 352 353 if (rand() % 1024 == 0) { 354 length = rand() % 100; 355 356 mk_rand_data(rand_data, length); 357 SHA1(rand_data, length, rand_data); 358 } 359 360 last_break = i; 361 } 362 if (rand() % 1024 != 0) 363 i++; 364 } 365 isal_aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, vector->C + last_break, 366 vector->Plen - last_break); 367 isal_aes_gcm_dec_128_finalize(gkey, gctx, vector->T, vector->Tlen); 368 369 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 370 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 371 memset(vector->P, 0, vector->Plen); 372 isal_aes_gcm_dec_128(gkey, gctx, vector->P, o_ct_test, vector->Plen, IV_c, vector->A, 373 vector->Alen, vector->T, vector->Tlen); 374 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 375 result = openssl_aes_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 376 vector->T, vector->Tlen, vector->C, vector->Plen, pt_test); 377 if (-1 == result) 378 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 379 OK |= (-1 == result); 380 error_exit: 381 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 382 return OK; 383 } 384 385 int 386 check_strm_vector2(struct gcm_key_data *gkey, struct gcm_context_data *gctx, gcm_vector *vector, 387 int length, int start, int breaks) 388 { 389 uint8_t *pt_test = NULL; 390 uint8_t *ct_test = NULL; 391 uint8_t *o_ct_test = NULL; 392 uint8_t *IV_c = NULL; 393 uint8_t *T_test = NULL; 394 uint8_t *o_T_test = NULL; 395 uint8_t *stream = NULL; 396 int result; 397 int OK = 0; 398 uint32_t last_break = 0; 399 int i = length; 400 401 #ifdef GCM_VECTORS_VERBOSE 402 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 403 (int) vector->Klen, (int) vector->IVlen, (int) vector->Plen, (int) vector->Alen, 404 (int) vector->Tlen); 405 #else 406 printf("."); 407 #endif 408 // Allocate required memory 409 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &o_ct_test, 410 (void **) &IV_c, (void **) &T_test, (void **) &o_T_test }; 411 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, ALIGNMENT, 0, 0, 0 }; 412 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->Plen, 413 vector->IVlen, vector->Tlen, vector->Tlen }; 414 415 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 416 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 417 return 1; 418 } 419 420 // Prepare IV 421 memcpy(IV_c, vector->IV, vector->IVlen); 422 423 // This is only required once for a given key 424 isal_aes_gcm_pre_128(vector->K, gkey); 425 426 //// 427 // ISA-l Encrypt 428 //// 429 isal_aes_gcm_enc_128(gkey, gctx, vector->C, vector->P, vector->Plen, IV_c, vector->A, 430 vector->Alen, vector->T, vector->Tlen); 431 isal_aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 432 while (i < (vector->Plen)) { 433 if (i - last_break != 0) { 434 const int posix_ret = 435 posix_memalign((void **) &stream, POSIX_ALIGNMENT, i - last_break); 436 437 if (posix_ret != 0 || stream == NULL) { 438 OK = 1; 439 goto error_exit; 440 } 441 memcpy(stream, vector->P + last_break, i - last_break); 442 } 443 isal_aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, stream, 444 i - last_break); 445 if (i - last_break != 0) { 446 aligned_free(stream); 447 stream = NULL; 448 } 449 last_break = i; 450 i = i + (length - start) / breaks; 451 } 452 isal_aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, vector->P + last_break, 453 vector->Plen - last_break); 454 isal_aes_gcm_enc_128_finalize(gkey, gctx, vector->T, vector->Tlen); 455 openssl_aes_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, o_T_test, 456 vector->Tlen, vector->P, vector->Plen, o_ct_test); 457 458 OK |= check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 459 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 460 461 memcpy(ct_test, vector->C, vector->Plen); 462 memcpy(pt_test, vector->P, vector->Plen); 463 memset(vector->P, 0, vector->Plen); 464 memcpy(T_test, vector->T, vector->Tlen); 465 memset(vector->T, 0, vector->Tlen); 466 467 //// 468 // ISA-l Decrypt 469 //// 470 471 last_break = 0; 472 i = length; 473 isal_aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 474 while (i < (vector->Plen)) { 475 if (i - last_break != 0) { 476 const int posix_ret = 477 posix_memalign((void **) &stream, POSIX_ALIGNMENT, i - last_break); 478 479 if (posix_ret != 0 || stream == NULL) { 480 OK = 1; 481 goto error_exit; 482 } 483 memcpy(stream, vector->C + last_break, i - last_break); 484 } 485 isal_aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, stream, 486 i - last_break); 487 if (i - last_break != 0) { 488 aligned_free(stream); 489 stream = NULL; 490 } 491 last_break = i; 492 i = i + (length - start) / breaks; 493 } 494 495 isal_aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, vector->C + last_break, 496 vector->Plen - last_break); 497 isal_aes_gcm_dec_128_finalize(gkey, gctx, vector->T, vector->Tlen); 498 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 499 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 500 memset(vector->P, 0, vector->Plen); 501 isal_aes_gcm_dec_128(gkey, gctx, vector->P, o_ct_test, vector->Plen, IV_c, vector->A, 502 vector->Alen, vector->T, vector->Tlen); 503 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 504 result = openssl_aes_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 505 vector->T, vector->Tlen, vector->C, vector->Plen, pt_test); 506 if (-1 == result) 507 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 508 OK |= (-1 == result); 509 error_exit: 510 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 511 return OK; 512 } 513 514 int 515 check_strm_vector_efence(struct gcm_key_data *gkey, struct gcm_context_data *gctx, 516 gcm_vector *vector) 517 { 518 uint8_t *pt_test = NULL; 519 uint8_t *ct_test = NULL; 520 uint8_t *o_ct_test = NULL; 521 uint8_t *IV_c = NULL; 522 uint8_t *T_test = NULL; 523 uint8_t *o_T_test = NULL; 524 uint8_t *stream = NULL; 525 int result; 526 int OK = 0; 527 uint32_t last_break = 0; 528 int i = 1; 529 uint8_t *rand_data = NULL; 530 uint64_t length; 531 532 #ifdef GCM_VECTORS_VERBOSE 533 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 534 (int) vector->Klen, (int) vector->IVlen, (int) vector->Plen, (int) vector->Alen, 535 (int) vector->Tlen); 536 #else 537 printf("."); 538 #endif 539 // Allocate required memory 540 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &o_ct_test, 541 (void **) &IV_c, (void **) &T_test, (void **) &o_T_test, 542 (void **) &rand_data }; 543 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, ALIGNMENT, 0, 0, 0, 0 }; 544 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->Plen, vector->IVlen, 545 vector->Tlen, vector->Tlen, 100 }; 546 547 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 548 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 549 return 1; 550 } 551 552 // Prepare IV 553 memcpy(IV_c, vector->IV, vector->IVlen); 554 555 // This is only required once for a given key 556 isal_aes_gcm_pre_128(vector->K, gkey); 557 558 //// 559 // ISA-l Encrypt 560 //// 561 isal_aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 562 while (i < vector->Plen) { 563 if (rand() % 2000 == 0 || i - last_break > PAGE_LEN / 2) { 564 const int posix_ret = 565 posix_memalign((void **) &stream, POSIX_ALIGNMENT, PAGE_LEN); 566 567 if (posix_ret != 0 || stream == NULL) { 568 OK = 1; 569 goto error_exit; 570 } 571 i = i & ALIGNMENT_MASK; 572 memcpy(stream + PAGE_LEN - (i - last_break), vector->P + last_break, 573 i - last_break); 574 isal_aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, 575 stream + PAGE_LEN - (i - last_break), 576 i - last_break); 577 aligned_free(stream); 578 stream = NULL; 579 if (rand() % 1024 == 0) { 580 length = rand() % 100; 581 mk_rand_data(rand_data, length); 582 SHA1(rand_data, length, rand_data); 583 } 584 last_break = i; 585 } 586 if (rand() % 1024 != 0) 587 i++; 588 } 589 isal_aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, vector->P + last_break, 590 vector->Plen - last_break); 591 isal_aes_gcm_enc_128_finalize(gkey, gctx, vector->T, vector->Tlen); 592 openssl_aes_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, o_T_test, 593 vector->Tlen, vector->P, vector->Plen, o_ct_test); 594 OK |= check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 595 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 596 597 memcpy(ct_test, vector->C, vector->Plen); 598 memcpy(pt_test, vector->P, vector->Plen); 599 memset(vector->P, 0, vector->Plen); 600 memcpy(T_test, vector->T, vector->Tlen); 601 memset(vector->T, 0, vector->Tlen); 602 603 //// 604 // ISA-l Decrypt 605 //// 606 607 last_break = 0; 608 i = 0; 609 isal_aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 610 while (i < vector->Plen) { 611 if (rand() % 2000 == 0 || i - last_break > PAGE_LEN / 2) { 612 const int posix_ret = 613 posix_memalign((void **) &stream, POSIX_ALIGNMENT, PAGE_LEN); 614 615 if (posix_ret != 0 || stream == NULL) { 616 OK = 1; 617 goto error_exit; 618 } 619 i = i & ALIGNMENT_MASK; 620 memcpy(stream + PAGE_LEN - (i - last_break), vector->C + last_break, 621 i - last_break); 622 isal_aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, 623 stream + PAGE_LEN - (i - last_break), 624 i - last_break); 625 aligned_free(stream); 626 stream = NULL; 627 if (rand() % 1024 == 0) { 628 length = rand() % 100; 629 630 mk_rand_data(rand_data, length); 631 SHA1(rand_data, length, rand_data); 632 } 633 634 last_break = i; 635 } 636 if (rand() % 1024 != 0) 637 i++; 638 } 639 isal_aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, vector->C + last_break, 640 vector->Plen - last_break); 641 isal_aes_gcm_dec_128_finalize(gkey, gctx, vector->T, vector->Tlen); 642 643 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 644 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 645 memset(vector->P, 0, vector->Plen); 646 isal_aes_gcm_dec_128(gkey, gctx, vector->P, o_ct_test, vector->Plen, IV_c, vector->A, 647 vector->Alen, vector->T, vector->Tlen); 648 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 649 result = openssl_aes_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 650 vector->T, vector->Tlen, vector->C, vector->Plen, pt_test); 651 if (-1 == result) 652 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 653 OK |= (-1 == result); 654 error_exit: 655 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 656 return OK; 657 } 658 659 int 660 check_256_vector(struct gcm_key_data *gkey, struct gcm_context_data *gctx, gcm_vector *vector) 661 { 662 uint8_t *pt_test = NULL; 663 uint8_t *ct_test = NULL; 664 uint8_t *o_ct_test = NULL; 665 uint8_t *IV_c = NULL; 666 uint8_t *T_test = NULL; 667 uint8_t *o_T_test = NULL; 668 int result; 669 int OK = 0; 670 671 #ifdef GCM_VECTORS_VERBOSE 672 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 673 (int) vector->Klen, (int) vector->IVlen, (int) vector->Plen, (int) vector->Alen, 674 (int) vector->Tlen); 675 #else 676 printf("."); 677 #endif 678 // Allocate required memory 679 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &o_ct_test, 680 (void **) &IV_c, (void **) &T_test, (void **) &o_T_test }; 681 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, ALIGNMENT, 0, 0, 0 }; 682 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->Plen, 683 vector->IVlen, vector->Tlen, vector->Tlen }; 684 685 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 686 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 687 return 1; 688 } 689 690 // Prepare IV 691 memcpy(IV_c, vector->IV, vector->IVlen); 692 693 // This is only required once for a given key 694 isal_aes_gcm_pre_256(vector->K, gkey); 695 696 //// 697 // ISA-l Encrypt 698 //// 699 isal_aes_gcm_enc_256(gkey, gctx, vector->C, vector->P, vector->Plen, IV_c, vector->A, 700 vector->Alen, vector->T, vector->Tlen); 701 openssl_aes_256_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 702 o_T_test, vector->Tlen, vector->P, vector->Plen, o_ct_test); 703 OK |= check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 704 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 705 706 memcpy(ct_test, vector->C, vector->Plen); 707 memcpy(pt_test, vector->P, vector->Plen); 708 memset(vector->P, 0, vector->Plen); 709 memcpy(T_test, vector->T, vector->Tlen); 710 memset(vector->T, 0, vector->Tlen); 711 712 //// 713 // ISA-l Decrypt 714 //// 715 isal_aes_gcm_dec_256(gkey, gctx, vector->P, vector->C, vector->Plen, IV_c, vector->A, 716 vector->Alen, vector->T, vector->Tlen); 717 OK |= check_data(vector->T, T_test, vector->Tlen, "ISA-L decrypt vs encrypt tag (T)"); 718 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 719 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted ISA-L plain text (P)"); 720 memset(vector->P, 0, vector->Plen); 721 isal_aes_gcm_dec_256(gkey, gctx, vector->P, o_ct_test, vector->Plen, IV_c, vector->A, 722 vector->Alen, vector->T, vector->Tlen); 723 OK |= check_data(pt_test, vector->P, vector->Plen, 724 "ISA-L decrypted OpenSSL plain text (P)"); 725 result = openssl_aes_256_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, 726 vector->Alen, vector->T, vector->Tlen, vector->C, 727 vector->Plen, pt_test); 728 if (-1 == result) 729 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 730 OK |= (-1 == result); 731 732 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 733 return OK; 734 } 735 736 int 737 check_256_strm_vector(struct gcm_key_data *gkey, struct gcm_context_data *gctx, gcm_vector *vector, 738 int test_len) 739 { 740 uint8_t *pt_test = NULL; 741 uint8_t *ct_test = NULL; 742 uint8_t *o_ct_test = NULL; 743 uint8_t *IV_c = NULL; 744 uint8_t *T_test = NULL; 745 uint8_t *o_T_test = NULL; 746 uint8_t *stream = NULL; 747 int result; 748 int OK = 0; 749 uint32_t last_break; 750 int i; 751 uint8_t *rand_data = NULL; 752 uint64_t length; 753 754 #ifdef GCM_VECTORS_VERBOSE 755 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 756 (int) vector->Klen, (int) vector->IVlen, (int) vector->Plen, (int) vector->Alen, 757 (int) vector->Tlen); 758 #else 759 printf("."); 760 #endif 761 // Allocate required memory 762 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &o_ct_test, 763 (void **) &IV_c, (void **) &T_test, (void **) &o_T_test, 764 (void **) &rand_data }; 765 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, ALIGNMENT, 0, 0, 0, 0 }; 766 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->Plen, vector->IVlen, 767 vector->Tlen, vector->Tlen, 100 }; 768 769 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 770 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 771 return 1; 772 } 773 774 // Prepare IV 775 memcpy(IV_c, vector->IV, vector->IVlen); 776 777 // This is only required once for a given key 778 isal_aes_gcm_pre_256(vector->K, gkey); 779 780 //// 781 // ISA-l Encrypt 782 //// 783 isal_aes_gcm_init_256(gkey, gctx, IV_c, vector->A, vector->Alen); 784 785 last_break = 0; 786 i = (rand() % test_len / 8) & ALIGNMENT_MASK; 787 while (i < (vector->Plen)) { 788 if (i - last_break != 0) { 789 const int posix_ret = 790 posix_memalign((void **) &stream, POSIX_ALIGNMENT, i - last_break); 791 792 if (posix_ret != 0 || stream == NULL) { 793 OK = 1; 794 goto error_exit; 795 } 796 memcpy(stream, vector->P + last_break, i - last_break); 797 } 798 799 isal_aes_gcm_enc_256_update(gkey, gctx, vector->C + last_break, stream, 800 i - last_break); 801 if (i - last_break != 0) { 802 aligned_free(stream); 803 stream = NULL; 804 } 805 806 if (rand() % 1024 == 0) { 807 length = rand() % 100; 808 mk_rand_data(rand_data, length); 809 SHA1(rand_data, length, rand_data); 810 } 811 last_break = i; 812 i += (rand() % test_len / 8) & ALIGNMENT_MASK; 813 } 814 isal_aes_gcm_enc_256_update(gkey, gctx, vector->C + last_break, vector->P + last_break, 815 vector->Plen - last_break); 816 if (gctx->in_length != vector->Plen) 817 printf("%llu, %llu\n", (unsigned long long) gctx->in_length, 818 (unsigned long long) vector->Plen); 819 isal_aes_gcm_enc_256_finalize(gkey, gctx, vector->T, vector->Tlen); 820 821 openssl_aes_256_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 822 o_T_test, vector->Tlen, vector->P, vector->Plen, o_ct_test); 823 OK |= check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 824 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 825 826 memcpy(ct_test, vector->C, vector->Plen); 827 memcpy(pt_test, vector->P, vector->Plen); 828 memset(vector->P, 0, vector->Plen); 829 memcpy(T_test, vector->T, vector->Tlen); 830 memset(vector->T, 0, vector->Tlen); 831 832 //// 833 // ISA-l Decrypt 834 //// 835 836 last_break = 0; 837 i += (rand() % test_len / 8) & ALIGNMENT_MASK; 838 isal_aes_gcm_init_256(gkey, gctx, IV_c, vector->A, vector->Alen); 839 while (i < (vector->Plen)) { 840 if (i - last_break != 0) { 841 const int posix_ret = 842 posix_memalign((void **) &stream, POSIX_ALIGNMENT, i - last_break); 843 844 if (posix_ret != 0 || stream == NULL) { 845 OK = 1; 846 goto error_exit; 847 } 848 memcpy(stream, vector->C + last_break, i - last_break); 849 } 850 851 isal_aes_gcm_dec_256_update(gkey, gctx, vector->P + last_break, stream, 852 i - last_break); 853 if (i - last_break != 0) { 854 aligned_free(stream); 855 stream = NULL; 856 } 857 858 if (rand() % 1024 == 0) { 859 length = rand() % 100; 860 861 mk_rand_data(rand_data, length); 862 SHA1(rand_data, length, rand_data); 863 } 864 865 last_break = i; 866 i += (rand() % test_len / 8) & ALIGNMENT_MASK; 867 } 868 isal_aes_gcm_dec_256_update(gkey, gctx, vector->P + last_break, vector->C + last_break, 869 vector->Plen - last_break); 870 isal_aes_gcm_dec_256_finalize(gkey, gctx, vector->T, vector->Tlen); 871 872 OK |= check_data(vector->T, T_test, vector->Tlen, "ISA-L decrypt vs encrypt tag (T)"); 873 OK |= check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 874 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted ISA-L plain text (P)"); 875 memset(vector->P, 0, vector->Plen); 876 isal_aes_gcm_dec_256(gkey, gctx, vector->P, o_ct_test, vector->Plen, IV_c, vector->A, 877 vector->Alen, vector->T, vector->Tlen); 878 OK |= check_data(pt_test, vector->P, vector->Plen, 879 "ISA-L decrypted OpenSSL plain text (P)"); 880 result = openssl_aes_256_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, 881 vector->Alen, vector->T, vector->Tlen, vector->C, 882 vector->Plen, pt_test); 883 if (-1 == result) 884 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 885 OK |= (-1 == result); 886 error_exit: 887 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 888 return OK; 889 } 890 891 int 892 test_gcm_strm_efence(void) 893 { 894 int tag_len = 8; 895 int t = 0; 896 struct gcm_key_data *gkey = NULL; 897 struct gcm_context_data *gctx = NULL; 898 899 gkey = malloc(sizeof(struct gcm_key_data)); 900 gctx = malloc(sizeof(struct gcm_context_data)); 901 if (NULL == gkey || NULL == gctx) { 902 free(gkey); 903 free(gctx); 904 return 1; 905 } 906 907 printf("AES GCM random efence test vectors with random stream:"); 908 for (t = 0; RANDOMS > t; t++) { 909 int posix_ret = 0; 910 gcm_vector test; 911 int Plen = (rand() % TEST_LEN); 912 // lengths must be a multiple of 4 bytes 913 int aad_len = (rand() % TEST_LEN); 914 int offset = (rand() % MAX_UNALIGNED); 915 if (offset == 0 && aad_len == 0) 916 offset = OFFSET_BASE_VALUE; 917 918 if (0 == (t % 25)) 919 printf("\n"); 920 if (0 == (t % 10)) 921 fflush(0); 922 test.P = NULL; 923 test.C = NULL; 924 test.A = NULL; 925 test.T = NULL; 926 test.Plen = Plen; 927 if (test.Plen + offset != 0) { 928 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 929 test.Plen + offset); 930 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 931 test.Plen + offset); 932 } else { // This else clause is here because openssl 1.0.1k does not handle NULL 933 // pointers 934 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 16); 935 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 16); 936 } 937 test.K = malloc(ISAL_GCM_128_KEY_LEN + offset); 938 test.Klen = ISAL_GCM_128_KEY_LEN; 939 test.IV = malloc(ISAL_GCM_IV_LEN + offset); 940 test.IVlen = ISAL_GCM_IV_LEN; 941 test.A = malloc(aad_len + offset); 942 test.Alen = aad_len; 943 test.T = malloc(ISAL_GCM_MAX_TAG_LEN + offset); 944 test.Tlen = ISAL_GCM_MAX_TAG_LEN; 945 946 if ((NULL == test.P && test.Plen != 0) || (NULL == test.C && test.Plen != 0) || 947 (NULL == test.K) || (NULL == test.IV) || (NULL == test.A) || (NULL == test.T) || 948 (posix_ret != 0)) { 949 printf("malloc of testsize:0x%x failed\n", Plen); 950 free(test.A); 951 aligned_free(test.C); 952 free(test.IV); 953 free(test.K); 954 aligned_free(test.P); 955 free(test.T); 956 free(gkey); 957 free(gctx); 958 return 1; 959 } 960 961 gcm_vector test_free = test; 962 963 test.P += offset; 964 test.C += offset; 965 test.K += offset; 966 test.IV += offset; 967 test.A += offset; 968 test.T += offset; 969 970 mk_rand_data(test.P, test.Plen); 971 mk_rand_data(test.K, test.Klen); 972 mk_rand_data(test.IV, test.IVlen); 973 mk_rand_data(test.A, test.Alen); 974 975 // single Key length of 128bits/16bytes supported 976 // single IV length of 96bits/12bytes supported 977 // Tag lengths of 8, 12 or 16 978 for (tag_len = 8; tag_len <= ISAL_GCM_MAX_TAG_LEN;) { 979 test.Tlen = tag_len; 980 if (0 != check_strm_vector_efence(gkey, gctx, &test)) { 981 free(test_free.A); 982 aligned_free(test_free.C); 983 free(test_free.IV); 984 free(test_free.K); 985 aligned_free(test_free.P); 986 free(test_free.T); 987 free(gkey); 988 free(gctx); 989 return 1; 990 } 991 tag_len += 4; // supported lengths are 8, 12 or 16 992 } 993 free(test_free.A); 994 aligned_free(test_free.C); 995 free(test_free.IV); 996 free(test_free.K); 997 aligned_free(test_free.P); 998 free(test_free.T); 999 } 1000 printf("\n"); 1001 free(gkey); 1002 free(gctx); 1003 return 0; 1004 } 1005 1006 int 1007 test_gcm_strm_combinations(int test_len) 1008 { 1009 int tag_len = 8; 1010 int t = 0; 1011 uint8_t *gkeytemp = NULL; 1012 struct gcm_key_data *gkey = NULL; 1013 struct gcm_context_data *gctx = NULL; 1014 1015 gkeytemp = malloc(sizeof(struct gcm_key_data) + 16); 1016 gctx = malloc(sizeof(struct gcm_context_data)); 1017 gkey = (struct gcm_key_data *) (gkeytemp + rand() % 16); 1018 if (NULL == gkeytemp || NULL == gctx) { 1019 free(gkeytemp); 1020 free(gctx); 1021 return 1; 1022 } 1023 1024 printf("AES GCM random test vectors with random stream of average size %d:", test_len / 64); 1025 for (t = 0; RANDOMS > t; t++) { 1026 int posix_ret = 0; 1027 gcm_vector test; 1028 int Plen = 0; // (rand() % test_len); 1029 // lengths must be a multiple of 4 bytes 1030 int aad_len = (rand() % test_len); 1031 int offset = (rand() % MAX_UNALIGNED); 1032 if (offset == 0 && aad_len == 0) 1033 offset = OFFSET_BASE_VALUE; 1034 1035 if (0 == (t % 25)) 1036 printf("\n"); 1037 if (0 == (t % 10)) 1038 fflush(0); 1039 test.P = NULL; 1040 test.C = NULL; 1041 test.A = NULL; 1042 test.T = NULL; 1043 test.Plen = Plen; 1044 if (test.Plen + offset != 0) { 1045 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 1046 test.Plen + offset); 1047 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 1048 test.Plen + offset); 1049 } else { // This else clause is here because openssl 1.0.1k does not handle NULL 1050 // pointers 1051 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 16); 1052 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 16); 1053 } 1054 test.K = malloc(ISAL_GCM_128_KEY_LEN + offset); 1055 test.Klen = ISAL_GCM_128_KEY_LEN; 1056 test.IV = malloc(ISAL_GCM_IV_LEN + offset); 1057 test.IVlen = ISAL_GCM_IV_LEN; 1058 test.A = malloc(aad_len + offset); 1059 test.Alen = aad_len; 1060 test.T = malloc(ISAL_GCM_MAX_TAG_LEN + offset); 1061 test.Tlen = ISAL_GCM_MAX_TAG_LEN; 1062 1063 if ((NULL == test.P && test.Plen != 0) || (NULL == test.C && test.Plen != 0) || 1064 (NULL == test.K) || (NULL == test.IV) || (NULL == test.A) || (NULL == test.T) || 1065 (posix_ret != 0)) { 1066 printf("malloc of testsize:0x%x failed\n", Plen); 1067 free(test.A); 1068 aligned_free(test.C); 1069 free(test.IV); 1070 free(test.K); 1071 aligned_free(test.P); 1072 free(test.T); 1073 free(gkeytemp); 1074 free(gctx); 1075 return 1; 1076 } 1077 1078 gcm_vector test_free = test; 1079 1080 test.P += offset; 1081 test.C += offset; 1082 test.K += offset; 1083 test.IV += offset; 1084 test.A += offset; 1085 test.T += offset; 1086 1087 mk_rand_data(test.P, test.Plen); 1088 mk_rand_data(test.K, test.Klen); 1089 mk_rand_data(test.IV, test.IVlen); 1090 mk_rand_data(test.A, test.Alen); 1091 1092 // single Key length of 128bits/16bytes supported 1093 // single IV length of 96bits/12bytes supported 1094 // Tag lengths of 8, 12 or 16 1095 for (tag_len = 8; tag_len <= ISAL_GCM_MAX_TAG_LEN;) { 1096 test.Tlen = tag_len; 1097 if (0 != check_strm_vector(gkey, gctx, &test, test_len)) { 1098 free(test_free.A); 1099 aligned_free(test_free.C); 1100 free(test_free.IV); 1101 free(test_free.K); 1102 aligned_free(test_free.P); 1103 free(test_free.T); 1104 free(gkeytemp); 1105 free(gctx); 1106 return 1; 1107 } 1108 tag_len += 4; // supported lengths are 8, 12 or 16 1109 } 1110 free(test_free.A); 1111 aligned_free(test_free.C); 1112 free(test_free.IV); 1113 free(test_free.K); 1114 aligned_free(test_free.P); 1115 free(test_free.T); 1116 } 1117 printf("\n"); 1118 free(gkeytemp); 1119 free(gctx); 1120 return 0; 1121 } 1122 1123 int 1124 test_gcm_combinations(void) 1125 { 1126 int tag_len = 8; 1127 int t = 0; 1128 struct gcm_key_data *gkey = NULL; 1129 struct gcm_context_data *gctx = NULL; 1130 1131 gkey = malloc(sizeof(struct gcm_key_data)); 1132 gctx = malloc(sizeof(struct gcm_context_data)); 1133 if (NULL == gkey || NULL == gctx) { 1134 free(gctx); 1135 free(gkey); 1136 return 1; 1137 } 1138 1139 printf("AES GCM random test vectors:"); 1140 for (t = 0; RANDOMS > t; t++) { 1141 int posix_ret = 0; 1142 gcm_vector test; 1143 int Plen = (rand() % TEST_LEN); 1144 // lengths must be a multiple of 4 bytes 1145 int aad_len = (rand() % TEST_LEN); 1146 int offset = (rand() % MAX_UNALIGNED); 1147 if (offset == 0 && aad_len == 0) 1148 offset = OFFSET_BASE_VALUE; 1149 1150 if (0 == (t % 25)) 1151 printf("\n"); 1152 if (0 == (t % 10)) 1153 fflush(0); 1154 test.P = NULL; 1155 test.C = NULL; 1156 test.A = NULL; 1157 test.T = NULL; 1158 test.Plen = Plen; 1159 if (test.Plen + offset != 0) { 1160 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 1161 test.Plen + offset); 1162 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 1163 test.Plen + offset); 1164 } else { // This else clause is here because openssl 1.0.1k does not handle NULL 1165 // pointers 1166 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 16); 1167 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 16); 1168 } 1169 test.K = malloc(ISAL_GCM_128_KEY_LEN + offset); 1170 test.Klen = ISAL_GCM_128_KEY_LEN; 1171 test.IV = malloc(ISAL_GCM_IV_LEN + offset); 1172 test.IVlen = ISAL_GCM_IV_LEN; 1173 test.A = malloc(aad_len + offset); 1174 test.Alen = aad_len; 1175 test.T = malloc(ISAL_GCM_MAX_TAG_LEN + offset); 1176 test.Tlen = ISAL_GCM_MAX_TAG_LEN; 1177 1178 if ((NULL == test.P && test.Plen != 0) || (NULL == test.C && test.Plen != 0) || 1179 (NULL == test.K) || (NULL == test.IV) || (NULL == test.A) || (NULL == test.T) || 1180 (posix_ret != 0)) { 1181 printf("malloc of testsize:0x%x failed\n", Plen); 1182 free(test.A); 1183 aligned_free(test.C); 1184 free(test.IV); 1185 free(test.K); 1186 aligned_free(test.P); 1187 free(test.T); 1188 free(gkey); 1189 free(gctx); 1190 return 1; 1191 } 1192 1193 gcm_vector test_free = test; 1194 1195 test.P += offset; 1196 test.C += offset; 1197 test.K += offset; 1198 test.IV += offset; 1199 test.A += offset; 1200 test.T += offset; 1201 1202 mk_rand_data(test.P, test.Plen); 1203 mk_rand_data(test.K, test.Klen); 1204 mk_rand_data(test.IV, test.IVlen); 1205 mk_rand_data(test.A, test.Alen); 1206 1207 // single Key length of 128bits/16bytes supported 1208 // single IV length of 96bits/12bytes supported 1209 // Tag lengths of 8, 12 or 16 1210 for (tag_len = 8; tag_len <= ISAL_GCM_MAX_TAG_LEN;) { 1211 test.Tlen = tag_len; 1212 if (0 != check_vector(gkey, gctx, &test)) { 1213 free(test_free.A); 1214 aligned_free(test_free.C); 1215 free(test_free.IV); 1216 free(test_free.K); 1217 aligned_free(test_free.P); 1218 free(test_free.T); 1219 free(gkey); 1220 free(gctx); 1221 return 1; 1222 } 1223 tag_len += 4; // supported lengths are 8, 12 or 16 1224 } 1225 1226 free(test_free.A); 1227 aligned_free(test_free.C); 1228 free(test_free.IV); 1229 free(test_free.K); 1230 aligned_free(test_free.P); 1231 free(test_free.T); 1232 } 1233 printf("\n"); 1234 free(gkey); 1235 free(gctx); 1236 return 0; 1237 } 1238 1239 int 1240 test_gcm256_combinations(void) 1241 { 1242 int tag_len = 8; 1243 int t = 0; 1244 struct gcm_key_data *gkey = NULL; 1245 struct gcm_context_data *gctx = NULL; 1246 1247 gkey = malloc(sizeof(struct gcm_key_data)); 1248 gctx = malloc(sizeof(struct gcm_context_data)); 1249 if (NULL == gkey || NULL == gctx) { 1250 free(gkey); 1251 free(gctx); 1252 return 1; 1253 } 1254 1255 printf("AES-GCM-256 random test vectors:"); 1256 for (t = 0; RANDOMS > t; t++) { 1257 int posix_ret = 0; 1258 gcm_vector test; 1259 int Plen = (rand() % TEST_LEN); 1260 // lengths must be a multiple of 4 bytes 1261 int aad_len = (rand() % TEST_LEN); 1262 int offset = (rand() % MAX_UNALIGNED); 1263 if (offset == 0 && aad_len == 0) 1264 offset = OFFSET_BASE_VALUE; 1265 1266 if (0 == (t % 25)) 1267 printf("\n"); 1268 if (0 == (t % 10)) 1269 fflush(0); 1270 test.P = NULL; 1271 test.C = NULL; 1272 test.A = NULL; 1273 test.T = NULL; 1274 test.Plen = Plen; 1275 if (test.Plen + offset != 0) { 1276 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 1277 test.Plen + offset); 1278 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 1279 test.Plen + offset); 1280 } else { // This else clause is here because openssl 1.0.1k does not handle NULL 1281 // pointers 1282 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 16); 1283 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 16); 1284 } 1285 test.K = malloc(ISAL_GCM_256_KEY_LEN + offset); 1286 test.Klen = ISAL_GCM_256_KEY_LEN; 1287 test.IV = malloc(ISAL_GCM_IV_LEN + offset); 1288 test.IVlen = ISAL_GCM_IV_LEN; 1289 test.A = malloc(aad_len + offset); 1290 test.Alen = aad_len; 1291 test.T = malloc(ISAL_GCM_MAX_TAG_LEN + offset); 1292 test.Tlen = ISAL_GCM_MAX_TAG_LEN; 1293 1294 if ((NULL == test.P && test.Plen != 0) || (NULL == test.C && test.Plen != 0) || 1295 (NULL == test.K) || (NULL == test.IV) || (NULL == test.A) || (NULL == test.T) || 1296 (posix_ret != 0)) { 1297 printf("malloc of testsize:0x%x failed, P=%p, C=%p, K=%p, IV=%p, A=%p, " 1298 "T=%p, posix_ret=%d\n", 1299 Plen, test.P, test.C, test.K, test.IV, test.A, test.T, posix_ret); 1300 free(test.A); 1301 aligned_free(test.C); 1302 free(test.IV); 1303 free(test.K); 1304 aligned_free(test.P); 1305 free(test.T); 1306 free(gkey); 1307 free(gctx); 1308 return 1; 1309 } 1310 1311 gcm_vector test_free = test; 1312 1313 test.P += offset; 1314 test.C += offset; 1315 test.K += offset; 1316 test.IV += offset; 1317 test.A += offset; 1318 test.T += offset; 1319 1320 mk_rand_data(test.P, test.Plen); 1321 mk_rand_data(test.K, test.Klen); 1322 mk_rand_data(test.IV, test.IVlen); 1323 mk_rand_data(test.A, test.Alen); 1324 1325 // single Key length of 128bits/16bytes supported 1326 // single IV length of 96bits/12bytes supported 1327 // Tag lengths of 8, 12 or 16 1328 for (tag_len = 8; tag_len <= ISAL_GCM_MAX_TAG_LEN;) { 1329 test.Tlen = tag_len; 1330 if (0 != check_256_vector(gkey, gctx, &test)) { 1331 free(test_free.A); 1332 aligned_free(test_free.C); 1333 free(test_free.IV); 1334 free(test_free.K); 1335 aligned_free(test_free.P); 1336 free(test_free.T); 1337 free(gkey); 1338 free(gctx); 1339 return 1; 1340 } 1341 tag_len += 4; // supported lengths are 8, 12 or 16 1342 } 1343 free(test_free.A); 1344 aligned_free(test_free.C); 1345 free(test_free.IV); 1346 free(test_free.K); 1347 aligned_free(test_free.P); 1348 free(test_free.T); 1349 } 1350 printf("\n"); 1351 free(gkey); 1352 free(gctx); 1353 return 0; 1354 } 1355 1356 int 1357 test_gcm256_strm_combinations(int test_len) 1358 { 1359 int tag_len = 8; 1360 int t = 0; 1361 uint8_t *gkeytemp = NULL; 1362 struct gcm_key_data *gkey = NULL; 1363 struct gcm_context_data *gctx = NULL; 1364 1365 gkeytemp = malloc(sizeof(struct gcm_key_data) + 16); 1366 gctx = malloc(sizeof(struct gcm_context_data)); 1367 gkey = (struct gcm_key_data *) (gkeytemp + rand() % 16); 1368 if (NULL == gkeytemp || NULL == gctx) { 1369 free(gkeytemp); 1370 free(gctx); 1371 return 1; 1372 } 1373 1374 printf("AES-GCM-256 random test vectors with random stream of average size %d:", 1375 test_len / 64); 1376 for (t = 0; RANDOMS > t; t++) { 1377 int posix_ret = 0; 1378 gcm_vector test; 1379 int Plen = (rand() % test_len); 1380 // lengths must be a multiple of 4 bytes 1381 int aad_len = (rand() % test_len); 1382 int offset = (rand() % MAX_UNALIGNED); 1383 if (offset == 0 && aad_len == 0) 1384 offset = OFFSET_BASE_VALUE; 1385 1386 if (0 == (t % 25)) 1387 printf("\n"); 1388 if (0 == (t % 10)) 1389 fflush(0); 1390 test.P = NULL; 1391 test.C = NULL; 1392 test.A = NULL; 1393 test.T = NULL; 1394 test.Plen = Plen; 1395 if (test.Plen + offset != 0) { 1396 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 1397 test.Plen + offset); 1398 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 1399 test.Plen + offset); 1400 } else { // This else clause is here because openssl 1.0.1k does not handle NULL 1401 // pointers 1402 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 16); 1403 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 16); 1404 } 1405 test.K = malloc(ISAL_GCM_256_KEY_LEN + offset); 1406 test.Klen = ISAL_GCM_256_KEY_LEN; 1407 test.IV = malloc(ISAL_GCM_IV_LEN + offset); 1408 test.IVlen = ISAL_GCM_IV_LEN; 1409 test.A = malloc(aad_len + offset); 1410 test.Alen = aad_len; 1411 test.T = malloc(ISAL_GCM_MAX_TAG_LEN + offset); 1412 test.Tlen = ISAL_GCM_MAX_TAG_LEN; 1413 1414 if ((NULL == test.P && test.Plen != 0) || (NULL == test.C && test.Plen != 0) || 1415 (NULL == test.K) || (NULL == test.IV) || (NULL == test.A) || (NULL == test.T) || 1416 (posix_ret != 0)) { 1417 printf("malloc of testsize:0x%x failed\n", Plen); 1418 free(test.A); 1419 aligned_free(test.C); 1420 free(test.IV); 1421 free(test.K); 1422 aligned_free(test.P); 1423 free(test.T); 1424 free(gkeytemp); 1425 free(gctx); 1426 return 1; 1427 } 1428 1429 gcm_vector test_free = test; 1430 1431 test.P += offset; 1432 test.C += offset; 1433 test.K += offset; 1434 test.IV += offset; 1435 test.A += offset; 1436 test.T += offset; 1437 1438 mk_rand_data(test.P, test.Plen); 1439 mk_rand_data(test.K, test.Klen); 1440 mk_rand_data(test.IV, test.IVlen); 1441 mk_rand_data(test.A, test.Alen); 1442 1443 // single Key length of 128bits/16bytes supported 1444 // single IV length of 96bits/12bytes supported 1445 // Tag lengths of 8, 12 or 16 1446 for (tag_len = 8; tag_len <= ISAL_GCM_MAX_TAG_LEN;) { 1447 test.Tlen = tag_len; 1448 if (0 != check_256_strm_vector(gkey, gctx, &test, test_len)) { 1449 free(test_free.A); 1450 aligned_free(test_free.C); 1451 free(test_free.IV); 1452 free(test_free.K); 1453 aligned_free(test_free.P); 1454 free(test_free.T); 1455 free(gkeytemp); 1456 free(gctx); 1457 return 1; 1458 } 1459 tag_len += 4; // supported lengths are 8, 12 or 16 1460 } 1461 free(test_free.A); 1462 aligned_free(test_free.C); 1463 free(test_free.IV); 1464 free(test_free.K); 1465 aligned_free(test_free.P); 1466 free(test_free.T); 1467 } 1468 printf("\n"); 1469 free(gkeytemp); 1470 free(gctx); 1471 return 0; 1472 } 1473 1474 // 1475 // place all data to end at a page boundary to check for read past the end 1476 // 1477 int 1478 test_gcm_efence(void) 1479 { 1480 int posix_ret = 0; 1481 gcm_vector test; 1482 int offset = 0; 1483 gcm_key_size key_len; 1484 struct gcm_key_data *gkey = NULL; 1485 struct gcm_context_data *gctx = NULL; 1486 uint8_t *P = NULL, *C = NULL, *K = NULL, *IV = NULL, *A = NULL, *T = NULL; 1487 1488 gkey = malloc(sizeof(struct gcm_key_data)); 1489 gctx = malloc(sizeof(struct gcm_context_data)); 1490 posix_ret |= posix_memalign((void **) &P, POSIX_ALIGNMENT, PAGE_LEN); 1491 posix_ret |= posix_memalign((void **) &C, POSIX_ALIGNMENT, PAGE_LEN); 1492 K = malloc(PAGE_LEN); 1493 IV = malloc(PAGE_LEN); 1494 A = malloc(PAGE_LEN); 1495 T = malloc(PAGE_LEN); 1496 if ((NULL == P) || (NULL == C) || (NULL == K) || (NULL == IV) || (NULL == A) || 1497 (NULL == T) || (NULL == gkey) || (NULL == gctx) || (posix_ret != 0)) { 1498 printf("malloc of testsize:0x%x failed\n", PAGE_LEN); 1499 free(gkey); 1500 free(gctx); 1501 aligned_free(P); 1502 aligned_free(C); 1503 free(K); 1504 free(IV); 1505 free(A); 1506 free(T); 1507 return -1; 1508 } 1509 1510 test.Plen = PAGE_LEN / 2; 1511 // place buffers to end at page boundary 1512 test.IVlen = ISAL_GCM_IV_LEN; 1513 test.Alen = test.Plen; 1514 test.Tlen = ISAL_GCM_MAX_TAG_LEN; 1515 1516 printf("AES GCM efence test vectors:"); 1517 for (key_len = ISAL_GCM_128_KEY_LEN; ISAL_GCM_256_KEY_LEN >= key_len; 1518 key_len += (ISAL_GCM_256_KEY_LEN - ISAL_GCM_128_KEY_LEN)) { 1519 test.Klen = key_len; 1520 for (offset = 0; MAX_UNALIGNED > offset; offset++) { 1521 if (0 == (offset % 80)) 1522 printf("\n"); 1523 // move the start and size of the data block towards the end of the page 1524 test.Plen = (PAGE_LEN / 2) - offset; 1525 test.Alen = (PAGE_LEN / 4) - 1526 (offset * 4); // lengths must be a multiple of 4 bytes 1527 // Place data at end of page 1528 test.P = P + PAGE_LEN - test.Plen; 1529 test.C = C + PAGE_LEN - test.Plen; 1530 test.K = K + PAGE_LEN - test.Klen; 1531 test.IV = IV + PAGE_LEN - test.IVlen; 1532 test.A = A + PAGE_LEN - test.Alen; 1533 test.T = T + PAGE_LEN - test.Tlen; 1534 1535 mk_rand_data(test.P, test.Plen); 1536 mk_rand_data(test.K, test.Klen); 1537 mk_rand_data(test.IV, test.IVlen); 1538 mk_rand_data(test.A, test.Alen); 1539 if (ISAL_GCM_128_KEY_LEN == key_len) { 1540 if (0 != check_vector(gkey, gctx, &test)) { 1541 free(gkey); 1542 free(gctx); 1543 aligned_free(P); 1544 aligned_free(C); 1545 free(K); 1546 free(IV); 1547 free(A); 1548 free(T); 1549 return 1; 1550 } 1551 } else { 1552 if (0 != check_256_vector(gkey, gctx, &test)) { 1553 free(gkey); 1554 free(gctx); 1555 aligned_free(P); 1556 aligned_free(C); 1557 free(K); 1558 free(IV); 1559 free(A); 1560 free(T); 1561 return 1; 1562 } 1563 } 1564 } 1565 } 1566 free(gkey); 1567 free(gctx); 1568 aligned_free(P); 1569 aligned_free(C); 1570 free(K); 1571 free(IV); 1572 free(A); 1573 free(T); 1574 1575 printf("\n"); 1576 return 0; 1577 } 1578 1579 int 1580 test_gcm128_std_vectors(gcm_vector const *vector) 1581 { 1582 struct gcm_key_data gkey; 1583 struct gcm_context_data gctx; 1584 int OK = 0; 1585 // Temporary array for the calculated vectors 1586 uint8_t *ct_test = NULL; 1587 uint8_t *pt_test = NULL; 1588 uint8_t *IV_c = NULL; 1589 uint8_t *T_test = NULL; 1590 uint8_t *T2_test = NULL; 1591 int result; 1592 1593 #ifdef GCM_VECTORS_VERBOSE 1594 printf("AES-GCM-128:\n"); 1595 #endif 1596 1597 // Allocate required memory 1598 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &IV_c, 1599 (void **) &T_test, (void **) &T2_test }; 1600 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, 0, 0, 0 }; 1601 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->IVlen, vector->Tlen, 1602 vector->Tlen }; 1603 1604 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 1605 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 1606 return 1; 1607 } 1608 1609 // Prepare IV 1610 memcpy(IV_c, vector->IV, vector->IVlen); 1611 1612 // This is only required once for a given key 1613 isal_aes_gcm_pre_128(vector->K, &gkey); 1614 #ifdef GCM_VECTORS_VERBOSE 1615 dump_gcm_data(&gkey); 1616 #endif 1617 1618 //// 1619 // ISA-l Encrypt 1620 //// 1621 isal_aes_gcm_enc_128(&gkey, &gctx, ct_test, vector->P, vector->Plen, IV_c, vector->A, 1622 vector->Alen, T_test, vector->Tlen); 1623 OK |= check_data(ct_test, vector->C, vector->Plen, "ISA-L encrypted cypher text (C)"); 1624 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L tag (T)"); 1625 1626 openssl_aes_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, pt_test, 1627 vector->Tlen, vector->P, vector->Plen, ct_test); 1628 OK |= check_data(pt_test, T_test, vector->Tlen, "OpenSSL vs ISA-L tag (T)"); 1629 // test of in-place encrypt 1630 memcpy(pt_test, vector->P, vector->Plen); 1631 isal_aes_gcm_enc_128(&gkey, &gctx, pt_test, pt_test, vector->Plen, IV_c, vector->A, 1632 vector->Alen, T_test, vector->Tlen); 1633 OK |= check_data(pt_test, vector->C, vector->Plen, "ISA-L encrypted cypher text(in-place)"); 1634 memset(ct_test, 0, vector->Plen); 1635 memset(T_test, 0, vector->Tlen); 1636 1637 //// 1638 // ISA-l Decrypt 1639 //// 1640 isal_aes_gcm_dec_128(&gkey, &gctx, pt_test, vector->C, vector->Plen, IV_c, vector->A, 1641 vector->Alen, T_test, vector->Tlen); 1642 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 1643 // GCM decryption outputs a 16 byte tag value that must be verified against the expected tag 1644 // value 1645 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L decrypted tag (T)"); 1646 1647 // test in in-place decrypt 1648 memcpy(ct_test, vector->C, vector->Plen); 1649 isal_aes_gcm_dec_128(&gkey, &gctx, ct_test, ct_test, vector->Plen, IV_c, vector->A, 1650 vector->Alen, T_test, vector->Tlen); 1651 OK |= check_data(ct_test, vector->P, vector->Plen, "ISA-L plain text (P) - in-place"); 1652 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L decrypted tag (T) - in-place"); 1653 // ISA-L enc -> ISA-L dec 1654 isal_aes_gcm_enc_128(&gkey, &gctx, ct_test, vector->P, vector->Plen, IV_c, vector->A, 1655 vector->Alen, T_test, vector->Tlen); 1656 memset(pt_test, 0, vector->Plen); 1657 isal_aes_gcm_dec_128(&gkey, &gctx, pt_test, ct_test, vector->Plen, IV_c, vector->A, 1658 vector->Alen, T2_test, vector->Tlen); 1659 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L self decrypted plain text (P)"); 1660 OK |= check_data(T_test, T2_test, vector->Tlen, "ISA-L self decrypted tag (T)"); 1661 // OpenSSl enc -> ISA-L dec 1662 openssl_aes_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, T_test, 1663 vector->Tlen, vector->P, vector->Plen, ct_test); 1664 OK |= check_data(ct_test, vector->C, vector->Plen, "OpenSSL encrypted cypher text (C)"); 1665 memset(pt_test, 0, vector->Plen); 1666 isal_aes_gcm_dec_128(&gkey, &gctx, pt_test, ct_test, vector->Plen, IV_c, vector->A, 1667 vector->Alen, T2_test, vector->Tlen); 1668 OK |= check_data(pt_test, vector->P, vector->Plen, 1669 "OpenSSL->ISA-L decrypted plain text (P)"); 1670 OK |= check_data(T_test, T2_test, vector->Tlen, "OpenSSL->ISA-L decrypted tag (T)"); 1671 // ISA-L enc -> OpenSSl dec 1672 isal_aes_gcm_enc_128(&gkey, &gctx, ct_test, vector->P, vector->Plen, IV_c, vector->A, 1673 vector->Alen, T_test, vector->Tlen); 1674 memset(pt_test, 0, vector->Plen); 1675 result = openssl_aes_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 1676 T_test, vector->Tlen, ct_test, vector->Plen, pt_test); 1677 if (-1 == result) 1678 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 1679 OK |= (-1 == result); 1680 OK |= check_data(pt_test, vector->P, vector->Plen, "OSSL decrypted plain text (C)"); 1681 1682 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 1683 return OK; 1684 } 1685 1686 int 1687 test_gcm256_std_vectors(gcm_vector const *vector) 1688 { 1689 struct gcm_key_data gkey; 1690 struct gcm_context_data gctx; 1691 int OK = 0; 1692 // Temporary array for the calculated vectors 1693 uint8_t *ct_test = NULL; 1694 uint8_t *pt_test = NULL; 1695 uint8_t *IV_c = NULL; 1696 uint8_t *T_test = NULL; 1697 uint8_t *T2_test = NULL; 1698 int result; 1699 1700 #ifdef GCM_VECTORS_VERBOSE 1701 printf("AES-GCM-256:\n"); 1702 #endif 1703 1704 // Allocate required memory 1705 void **alloc_tab[] = { (void **) &pt_test, (void **) &ct_test, (void **) &IV_c, 1706 (void **) &T_test, (void **) &T2_test }; 1707 const size_t align_tab[] = { ALIGNMENT, ALIGNMENT, 0, 0, 0 }; 1708 const size_t length_tab[] = { vector->Plen, vector->Plen, vector->IVlen, vector->Tlen, 1709 vector->Tlen }; 1710 1711 if (vector_allocate(alloc_tab, length_tab, align_tab, DIM(alloc_tab)) != 0) { 1712 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 1713 return 1; 1714 } 1715 1716 // Prepare IV 1717 memcpy(IV_c, vector->IV, vector->IVlen); 1718 1719 // This is only required once for a given key 1720 isal_aes_gcm_pre_256(vector->K, &gkey); 1721 #ifdef GCM_VECTORS_VERBOSE 1722 dump_gcm_data(&gkey); 1723 #endif 1724 1725 //// 1726 // ISA-l Encrypt 1727 //// 1728 memset(ct_test, 0, vector->Plen); 1729 isal_aes_gcm_enc_256(&gkey, &gctx, ct_test, vector->P, vector->Plen, IV_c, vector->A, 1730 vector->Alen, T_test, vector->Tlen); 1731 OK |= check_data(ct_test, vector->C, vector->Plen, "ISA-L encrypted cypher text (C)"); 1732 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L tag (T)"); 1733 1734 openssl_aes_256_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 1735 pt_test, vector->Tlen, vector->P, vector->Plen, ct_test); 1736 OK |= check_data(ct_test, vector->C, vector->Tlen, "OpenSSL vs KA - cypher text (C)"); 1737 OK |= check_data(pt_test, vector->T, vector->Tlen, "OpenSSL vs KA - tag (T)"); 1738 OK |= check_data(pt_test, T_test, vector->Tlen, "OpenSSL vs ISA-L - tag (T)"); 1739 // test of in-place encrypt 1740 memcpy(pt_test, vector->P, vector->Plen); 1741 isal_aes_gcm_enc_256(&gkey, &gctx, pt_test, pt_test, vector->Plen, IV_c, vector->A, 1742 vector->Alen, T_test, vector->Tlen); 1743 OK |= check_data(pt_test, vector->C, vector->Plen, "ISA-L encrypted cypher text(in-place)"); 1744 memset(ct_test, 0, vector->Plen); 1745 memset(T_test, 0, vector->Tlen); 1746 1747 //// 1748 // ISA-l Decrypt 1749 //// 1750 isal_aes_gcm_dec_256(&gkey, &gctx, pt_test, vector->C, vector->Plen, IV_c, vector->A, 1751 vector->Alen, T_test, vector->Tlen); 1752 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 1753 // GCM decryption outputs a 16 byte tag value that must be verified against the expected tag 1754 // value 1755 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L decrypted tag (T)"); 1756 1757 // test in in-place decrypt 1758 memcpy(ct_test, vector->C, vector->Plen); 1759 isal_aes_gcm_dec_256(&gkey, &gctx, ct_test, ct_test, vector->Plen, IV_c, vector->A, 1760 vector->Alen, T_test, vector->Tlen); 1761 OK |= check_data(ct_test, vector->P, vector->Plen, "ISA-L plain text (P) - in-place"); 1762 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L decrypted tag (T) - in-place"); 1763 // ISA-L enc -> ISA-L dec 1764 isal_aes_gcm_enc_256(&gkey, &gctx, ct_test, vector->P, vector->Plen, IV_c, vector->A, 1765 vector->Alen, T_test, vector->Tlen); 1766 memset(pt_test, 0, vector->Plen); 1767 isal_aes_gcm_dec_256(&gkey, &gctx, pt_test, ct_test, vector->Plen, IV_c, vector->A, 1768 vector->Alen, T2_test, vector->Tlen); 1769 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L self decrypted plain text (P)"); 1770 OK |= check_data(T_test, T2_test, vector->Tlen, "ISA-L self decrypted tag (T)"); 1771 // OpenSSl enc -> ISA-L dec 1772 openssl_aes_256_gcm_enc(vector->K, vector->IV, vector->IVlen, vector->A, vector->Alen, 1773 T_test, vector->Tlen, vector->P, vector->Plen, ct_test); 1774 OK |= check_data(ct_test, vector->C, vector->Plen, "OpenSSL encrypted cypher text (C)"); 1775 memset(pt_test, 0, vector->Plen); 1776 isal_aes_gcm_dec_256(&gkey, &gctx, pt_test, ct_test, vector->Plen, IV_c, vector->A, 1777 vector->Alen, T2_test, vector->Tlen); 1778 OK |= check_data(pt_test, vector->P, vector->Plen, 1779 "OpenSSL->ISA-L decrypted plain text (P)"); 1780 OK |= check_data(T_test, T2_test, vector->Tlen, "OpenSSL->ISA-L decrypted tag (T)"); 1781 // ISA-L enc -> OpenSSl dec 1782 isal_aes_gcm_enc_256(&gkey, &gctx, ct_test, vector->P, vector->Plen, IV_c, vector->A, 1783 vector->Alen, T_test, vector->Tlen); 1784 memset(pt_test, 0, vector->Plen); 1785 result = openssl_aes_256_gcm_dec(vector->K, vector->IV, vector->IVlen, vector->A, 1786 vector->Alen, T_test, vector->Tlen, ct_test, vector->Plen, 1787 pt_test); 1788 if (-1 == result) 1789 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 1790 OK |= (-1 == result); 1791 OK |= check_data(pt_test, vector->P, vector->Plen, "OSSL decrypted plain text (C)"); 1792 1793 vector_free(alloc_tab, align_tab, DIM(alloc_tab)); 1794 return OK; 1795 } 1796 1797 int 1798 test_gcm_std_vectors(void) 1799 { 1800 int const vectors_cnt = sizeof(gcm_vectors) / sizeof(gcm_vectors[0]); 1801 int vect; 1802 int OK = 0; 1803 1804 printf("AES-GCM standard test vectors:\n"); 1805 for (vect = 0; vect < vectors_cnt; vect++) { 1806 #ifdef GCM_VECTORS_VERBOSE 1807 printf("Standard vector %d/%d Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 1808 vect, vectors_cnt - 1, (int) gcm_vectors[vect].Klen, 1809 (int) gcm_vectors[vect].IVlen, (int) gcm_vectors[vect].Plen, 1810 (int) gcm_vectors[vect].Alen, (int) gcm_vectors[vect].Tlen); 1811 #else 1812 printf("."); 1813 #endif 1814 1815 if (BITS_128 == gcm_vectors[vect].Klen) { 1816 OK |= test_gcm128_std_vectors(&gcm_vectors[vect]); 1817 } else { 1818 OK |= test_gcm256_std_vectors(&gcm_vectors[vect]); 1819 } 1820 if (0 != OK) 1821 return OK; 1822 } 1823 printf("\n"); 1824 return OK; 1825 } 1826 1827 // The length of the data is set to length. The first stream is from 0 to start. After 1828 // that the data is broken into breaks chunks of equal size (except possibly the last 1829 // one due to divisibility). 1830 int 1831 test_gcm_strm_combinations2(int length, int start, int breaks) 1832 { 1833 int tag_len = 8; 1834 int t = 0; 1835 struct gcm_key_data *gkey = NULL; 1836 struct gcm_context_data *gctx = NULL; 1837 1838 gkey = malloc(sizeof(struct gcm_key_data)); 1839 gctx = malloc(sizeof(struct gcm_context_data)); 1840 if (NULL == gkey || NULL == gctx) { 1841 free(gkey); 1842 free(gctx); 1843 return 1; 1844 } 1845 1846 printf("AES GCM random test vectors of length %d and stream with %d breaks:", length, 1847 breaks + 1); 1848 for (t = 0; RANDOMS > t; t++) { 1849 int posix_ret = 0; 1850 gcm_vector test; 1851 int Plen = length; 1852 // lengths must be a multiple of 4 bytes 1853 int aad_len = (rand() % TEST_LEN); 1854 int offset = (rand() % MAX_UNALIGNED); 1855 if (offset == 0 && aad_len == 0) 1856 offset = OFFSET_BASE_VALUE; 1857 1858 if (0 == (t % 25)) 1859 printf("\n"); 1860 if (0 == (t % 10)) 1861 fflush(0); 1862 test.P = NULL; 1863 test.C = NULL; 1864 test.A = NULL; 1865 test.T = NULL; 1866 test.Plen = Plen; 1867 if (test.Plen + offset != 0) { 1868 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 1869 test.Plen + offset); 1870 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 1871 test.Plen + offset); 1872 } else { // This else clause is here because openssl 1.0.1k does not handle NULL 1873 // pointers 1874 posix_ret |= posix_memalign((void **) &test.P, POSIX_ALIGNMENT, 16); 1875 posix_ret |= posix_memalign((void **) &test.C, POSIX_ALIGNMENT, 16); 1876 } 1877 test.K = malloc(ISAL_GCM_128_KEY_LEN + offset); 1878 test.Klen = ISAL_GCM_128_KEY_LEN; 1879 test.IV = malloc(ISAL_GCM_IV_LEN + offset); 1880 test.IVlen = ISAL_GCM_IV_LEN; 1881 test.A = malloc(aad_len + offset); 1882 test.Alen = aad_len; 1883 test.T = malloc(ISAL_GCM_MAX_TAG_LEN + offset); 1884 test.Tlen = ISAL_GCM_MAX_TAG_LEN; 1885 1886 if ((NULL == test.P && test.Plen != 0) || (NULL == test.C && test.Plen != 0) || 1887 (NULL == test.K) || (NULL == test.IV) || (NULL == test.A) || (NULL == test.T) || 1888 (posix_ret != 0)) { 1889 printf("malloc of testsize:0x%x failed\n", Plen); 1890 free(test.A); 1891 aligned_free(test.C); 1892 free(test.IV); 1893 free(test.K); 1894 aligned_free(test.P); 1895 free(test.T); 1896 free(gkey); 1897 free(gctx); 1898 return 1; 1899 } 1900 1901 gcm_vector test_free = test; 1902 1903 test.P += offset; 1904 test.C += offset; 1905 test.K += offset; 1906 test.IV += offset; 1907 test.A += offset; 1908 test.T += offset; 1909 1910 mk_rand_data(test.P, test.Plen); 1911 mk_rand_data(test.K, test.Klen); 1912 mk_rand_data(test.IV, test.IVlen); 1913 mk_rand_data(test.A, test.Alen); 1914 1915 // single Key length of 128bits/16bytes supported 1916 // single IV length of 96bits/12bytes supported 1917 // Tag lengths of 8, 12 or 16 1918 for (tag_len = 8; tag_len <= ISAL_GCM_MAX_TAG_LEN;) { 1919 test.Tlen = tag_len; 1920 if (0 != check_strm_vector2(gkey, gctx, &test, length, start, breaks)) { 1921 free(test_free.A); 1922 aligned_free(test_free.C); 1923 free(test_free.IV); 1924 free(test_free.K); 1925 aligned_free(test_free.P); 1926 free(test_free.T); 1927 free(gkey); 1928 free(gctx); 1929 return 1; 1930 } 1931 tag_len += 4; // supported lengths are 8, 12 or 16 1932 } 1933 free(test_free.A); 1934 aligned_free(test_free.C); 1935 free(test_free.IV); 1936 free(test_free.K); 1937 aligned_free(test_free.P); 1938 free(test_free.T); 1939 } 1940 printf("\n"); 1941 free(gkey); 1942 free(gctx); 1943 return 0; 1944 } 1945 1946 int 1947 main(int argc, char **argv) 1948 { 1949 int errors = 0; 1950 int seed; 1951 1952 if (argc == 1) 1953 seed = TEST_SEED; 1954 else 1955 seed = atoi(argv[1]); 1956 1957 srand(seed); 1958 printf("SEED: %d\n", seed); 1959 1960 errors += test_gcm_std_vectors(); 1961 errors += test_gcm256_combinations(); 1962 errors += test_gcm_combinations(); 1963 errors += test_gcm_efence(); 1964 errors += test_gcm256_strm_combinations(TEST_LEN); 1965 errors += test_gcm_strm_combinations(TEST_LEN); 1966 errors += test_gcm256_strm_combinations(1024); 1967 errors += test_gcm_strm_combinations(1024); 1968 errors += test_gcm_strm_efence(); 1969 errors += test_gcm_strm_combinations2(1024, 0, 1024); 1970 1971 if (0 == errors) 1972 printf("...Pass\n"); 1973 else 1974 printf("...Fail\n"); 1975 1976 return errors; 1977 } 1978