1 /********************************************************************** 2 Copyright(c) 2011-2016 Intel Corporation All rights reserved. 3 4 Redistribution and use in source and binary forms, with or without 5 modification, are permitted provided that the following conditions 6 are met: 7 * Redistributions of source code must retain the above copyright 8 notice, this list of conditions and the following disclaimer. 9 * Redistributions in binary form must reproduce the above copyright 10 notice, this list of conditions and the following disclaimer in 11 the documentation and/or other materials provided with the 12 distribution. 13 * Neither the name of Intel Corporation nor the names of its 14 contributors may be used to endorse or promote products derived 15 from this software without specific prior written permission. 16 17 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 **********************************************************************/ 29 30 #include <stdlib.h> 31 #include <stdio.h> 32 #include <stdint.h> 33 #include <string.h> // for memcmp 34 #include <aes_gcm.h> 35 #include <openssl/sha.h> 36 #include "gcm_vectors.h" 37 #include "ossl_helper.h" 38 #include "types.h" 39 40 //#define GCM_VECTORS_VERBOSE 41 //#define GCM_VECTORS_EXTRA_VERBOSE 42 #ifndef TEST_SEED 43 # define TEST_SEED 0x1234 44 #endif 45 #ifndef RANDOMS 46 # define RANDOMS 200 47 #endif 48 #ifndef TEST_LEN 49 # define TEST_LEN 32*1024 50 #endif 51 #ifndef PAGE_LEN 52 # define PAGE_LEN (4*1024) 53 #endif 54 55 #if defined(NT_LD) || defined(NT_ST) || defined(NT_LDST) 56 # define ALIGNMENT_MASK (~15) 57 # define OFFSET_BASE_VALUE 16 58 #ifndef MAX_UNALIGNED 59 # define MAX_UNALIGNED (1) 60 #endif 61 #else 62 # define ALIGNMENT_MASK (~0) 63 # define OFFSET_BASE_VALUE 1 64 #ifndef MAX_UNALIGNED 65 # define MAX_UNALIGNED (16) 66 #endif 67 #endif 68 69 void dump_table(char *title, uint8_t * table, uint8_t count) 70 { 71 int i; 72 char const *space = " "; 73 74 printf("%s%s => {\n", space, title); 75 for (i = 0; i < count; i++) { 76 if (0 == (i & 15)) 77 printf("%s%s", space, space); 78 printf("%2x, ", table[i]); 79 if (15 == (i & 15)) 80 printf("\n"); 81 82 } 83 printf("%s}\n", space); 84 } 85 86 void dump_gcm_data(struct gcm_key_data *gkey) 87 { 88 #ifdef GCM_VECTORS_EXTRA_VERBOSE 89 printf("gcm_data {\n"); 90 dump_table("expanded_keys", gkey->expanded_keys, (16 * 11)); 91 dump_table("shifted_hkey_1", gkey->shifted_hkey_1, 16); 92 dump_table("shifted_hkey_2", gkey->shifted_hkey_2, 16); 93 dump_table("shifted_hkey_3", gkey->shifted_hkey_3, 16); 94 dump_table("shifted_hkey_4", gkey->shifted_hkey_4, 16); 95 dump_table("shifted_hkey_5", gkey->shifted_hkey_5, 16); 96 dump_table("shifted_hkey_6", gkey->shifted_hkey_6, 16); 97 dump_table("shifted_hkey_7", gkey->shifted_hkey_7, 16); 98 dump_table("shifted_hkey_8", gkey->shifted_hkey_8, 16); 99 dump_table("shifted_hkey_1_k", gkey->shifted_hkey_1_k, 16); 100 dump_table("shifted_hkey_2_k", gkey->shifted_hkey_2_k, 16); 101 dump_table("shifted_hkey_3_k", gkey->shifted_hkey_3_k, 16); 102 dump_table("shifted_hkey_4_k", gkey->shifted_hkey_4_k, 16); 103 dump_table("shifted_hkey_5_k", gkey->shifted_hkey_5_k, 16); 104 dump_table("shifted_hkey_6_k", gkey->shifted_hkey_6_k, 16); 105 dump_table("shifted_hkey_7_k", gkey->shifted_hkey_7_k, 16); 106 dump_table("shifted_hkey_8_k", gkey->shifted_hkey_8_k, 16); 107 printf("}\n"); 108 #endif //GCM_VECTORS_VERBOSE 109 } 110 111 void mk_rand_data(uint8_t * data, uint32_t size) 112 { 113 int i; 114 for (i = 0; i < size; i++) { 115 *data++ = rand(); 116 } 117 } 118 119 int check_data(uint8_t * test, uint8_t * expected, uint64_t len, char *data_name) 120 { 121 int mismatch; 122 int OK = 0; 123 124 mismatch = memcmp(test, expected, len); 125 if (mismatch) { 126 OK = 1; 127 printf(" expected results don't match %s \t\t", data_name); 128 { 129 uint64_t a; 130 for (a = 0; a < len; a++) { 131 if (test[a] != expected[a]) { 132 printf(" '%x' != '%x' at %lx of %lx\n", 133 test[a], expected[a], a, len); 134 break; 135 } 136 } 137 } 138 } 139 return OK; 140 } 141 142 int check_vector(struct gcm_key_data *gkey, struct gcm_context_data *gctx, gcm_vector * vector) 143 { 144 uint8_t *pt_test = NULL; 145 uint8_t *ct_test = NULL; 146 uint8_t *o_ct_test = NULL; 147 uint8_t *IV_c = NULL; 148 uint8_t *T_test = NULL; 149 uint8_t *o_T_test = NULL; 150 uint64_t IV_alloc_len = 0; 151 int result; 152 int OK = 0; 153 154 #ifdef GCM_VECTORS_VERBOSE 155 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 156 (int)vector->Klen, 157 (int)vector->IVlen, (int)vector->Plen, (int)vector->Alen, (int)vector->Tlen); 158 #else 159 printf("."); 160 #endif 161 // Allocate space for the calculated ciphertext 162 if (vector->Plen != 0) { 163 pt_test = malloc(vector->Plen); 164 ct_test = malloc(vector->Plen); 165 o_ct_test = malloc(vector->Plen); 166 if ((pt_test == NULL) || (ct_test == NULL) || (o_ct_test == NULL)) { 167 fprintf(stderr, "Can't allocate ciphertext memory\n"); 168 return 1; 169 } 170 } 171 IV_alloc_len = vector->IVlen; 172 // Allocate space for the calculated ciphertext 173 IV_c = malloc(IV_alloc_len); 174 if (IV_c == NULL) { 175 fprintf(stderr, "Can't allocate ciphertext memory\n"); 176 return 1; 177 } 178 memcpy(IV_c, vector->IV, vector->IVlen); 179 180 T_test = malloc(vector->Tlen); 181 o_T_test = malloc(vector->Tlen); 182 if ((T_test == NULL) || (o_T_test == NULL)) { 183 fprintf(stderr, "Can't allocate tag memory\n"); 184 return 1; 185 } 186 // This is only required once for a given key 187 aes_gcm_pre_128(vector->K, gkey); 188 189 //// 190 // ISA-l Encrypt 191 //// 192 aes_gcm_enc_128(gkey, gctx, vector->C, vector->P, vector->Plen, 193 IV_c, vector->A, vector->Alen, vector->T, vector->Tlen); 194 openssl_aes_gcm_enc(vector->K, vector->IV, 195 vector->IVlen, vector->A, vector->Alen, o_T_test, 196 vector->Tlen, vector->P, vector->Plen, o_ct_test); 197 OK |= 198 check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 199 OK |= 200 check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 201 202 memcpy(ct_test, vector->C, vector->Plen); 203 memcpy(pt_test, vector->P, vector->Plen); 204 memset(vector->P, 0, vector->Plen); 205 memcpy(T_test, vector->T, vector->Tlen); 206 memset(vector->T, 0, vector->Tlen); 207 208 //// 209 // ISA-l Decrypt 210 //// 211 aes_gcm_dec_128(gkey, gctx, vector->P, vector->C, vector->Plen, 212 IV_c, vector->A, vector->Alen, vector->T, vector->Tlen); 213 OK |= 214 check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 215 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 216 memset(vector->P, 0, vector->Plen); 217 aes_gcm_dec_128(gkey, gctx, vector->P, o_ct_test, vector->Plen, 218 IV_c, vector->A, vector->Alen, vector->T, vector->Tlen); 219 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 220 result = 221 openssl_aes_gcm_dec(vector->K, vector->IV, 222 vector->IVlen, vector->A, vector->Alen, 223 vector->T, vector->Tlen, vector->C, vector->Plen, pt_test); 224 if (-1 == result) 225 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 226 OK |= (-1 == result); 227 free(T_test); 228 free(o_T_test); 229 free(IV_c); 230 free(pt_test); 231 free(ct_test); 232 free(o_ct_test); 233 234 return OK; 235 } 236 237 int check_strm_vector(struct gcm_key_data *gkey, struct gcm_context_data *gctx, 238 gcm_vector * vector, int test_len) 239 { 240 uint8_t *pt_test = NULL; 241 uint8_t *ct_test = NULL; 242 uint8_t *o_ct_test = NULL; 243 uint8_t *IV_c = NULL; 244 uint8_t *T_test = NULL; 245 uint8_t *o_T_test = NULL; 246 uint8_t *stream = NULL; 247 uint64_t IV_alloc_len = 0; 248 int result; 249 int OK = 0; 250 uint32_t last_break; 251 int i; 252 uint8_t *rand_data = NULL; 253 uint64_t length; 254 255 rand_data = malloc(100); 256 257 #ifdef GCM_VECTORS_VERBOSE 258 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 259 (int)vector->Klen, 260 (int)vector->IVlen, (int)vector->Plen, (int)vector->Alen, (int)vector->Tlen); 261 #else 262 printf("."); 263 #endif 264 // Allocate space for the calculated ciphertext 265 if (vector->Plen != 0) { 266 pt_test = malloc(vector->Plen); 267 ct_test = malloc(vector->Plen); 268 o_ct_test = malloc(vector->Plen); 269 if ((pt_test == NULL) || (ct_test == NULL) || (o_ct_test == NULL)) { 270 fprintf(stderr, "Can't allocate ciphertext memory\n"); 271 return 1; 272 } 273 } 274 IV_alloc_len = vector->IVlen; 275 // Allocate space for the calculated ciphertext 276 IV_c = malloc(IV_alloc_len); 277 if (IV_c == NULL) { 278 fprintf(stderr, "Can't allocate ciphertext memory\n"); 279 return 1; 280 } 281 memcpy(IV_c, vector->IV, vector->IVlen); 282 283 T_test = malloc(vector->Tlen); 284 o_T_test = malloc(vector->Tlen); 285 if ((T_test == NULL) || (o_T_test == NULL)) { 286 fprintf(stderr, "Can't allocate tag memory\n"); 287 return 1; 288 } 289 // This is only required once for a given key 290 aes_gcm_pre_128(vector->K, gkey); 291 292 //// 293 // ISA-l Encrypt 294 //// 295 aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 296 297 last_break = 0; 298 i = (rand() % test_len / 32) & ALIGNMENT_MASK; 299 while (i < (vector->Plen)) { 300 if (i - last_break != 0) { 301 stream = malloc(i - last_break); 302 memcpy(stream, vector->P + last_break, i - last_break); 303 } 304 aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, stream, 305 i - last_break); 306 if (i - last_break != 0) 307 free(stream); 308 309 if (rand() % 1024 == 0) { 310 length = rand() % 100; 311 mk_rand_data(rand_data, length); 312 SHA1(rand_data, length, rand_data); 313 } 314 last_break = i; 315 i = (rand() % test_len / 32) & ALIGNMENT_MASK; 316 317 } 318 aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, vector->P + last_break, 319 vector->Plen - last_break); 320 if (gctx->in_length != vector->Plen) 321 printf("%lu, %lu\n", gctx->in_length, vector->Plen); 322 aes_gcm_enc_128_finalize(gkey, gctx, vector->T, vector->Tlen); 323 openssl_aes_gcm_enc(vector->K, vector->IV, 324 vector->IVlen, vector->A, vector->Alen, o_T_test, 325 vector->Tlen, vector->P, vector->Plen, o_ct_test); 326 OK |= 327 check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 328 OK |= 329 check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 330 331 memcpy(ct_test, vector->C, vector->Plen); 332 memcpy(pt_test, vector->P, vector->Plen); 333 memset(vector->P, 0, vector->Plen); 334 memcpy(T_test, vector->T, vector->Tlen); 335 memset(vector->T, 0, vector->Tlen); 336 337 //// 338 // ISA-l Decrypt 339 //// 340 341 last_break = 0; 342 i = 0; 343 aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 344 while (i < (vector->Plen)) { 345 if (rand() % (test_len / 64) == 0) { 346 if (i - last_break != 0) { 347 stream = malloc(i - last_break); 348 memcpy(stream, vector->C + last_break, i - last_break); 349 } 350 aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, stream, 351 i - last_break); 352 if (i - last_break != 0) 353 free(stream); 354 355 if (rand() % 1024 == 0) { 356 length = rand() % 100; 357 358 mk_rand_data(rand_data, length); 359 SHA1(rand_data, length, rand_data); 360 } 361 362 last_break = i; 363 364 } 365 if (rand() % 1024 != 0) 366 i++; 367 368 } 369 aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, vector->C + last_break, 370 vector->Plen - last_break); 371 aes_gcm_dec_128_finalize(gkey, gctx, vector->T, vector->Tlen); 372 373 OK |= 374 check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 375 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 376 memset(vector->P, 0, vector->Plen); 377 aes_gcm_dec_128(gkey, gctx, vector->P, o_ct_test, vector->Plen, 378 IV_c, vector->A, vector->Alen, vector->T, vector->Tlen); 379 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 380 result = 381 openssl_aes_gcm_dec(vector->K, vector->IV, 382 vector->IVlen, vector->A, vector->Alen, 383 vector->T, vector->Tlen, vector->C, vector->Plen, pt_test); 384 if (-1 == result) 385 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 386 OK |= (-1 == result); 387 free(T_test); 388 free(o_T_test); 389 free(IV_c); 390 free(pt_test); 391 free(ct_test); 392 free(o_ct_test); 393 free(rand_data); 394 395 return OK; 396 } 397 398 int check_strm_vector2(struct gcm_key_data *gkey, struct gcm_context_data *gctx, 399 gcm_vector * vector, int length, int start, int breaks) 400 { 401 uint8_t *pt_test = NULL; 402 uint8_t *ct_test = NULL; 403 uint8_t *o_ct_test = NULL; 404 uint8_t *IV_c = NULL; 405 uint8_t *T_test = NULL; 406 uint8_t *o_T_test = NULL; 407 uint8_t *stream = NULL; 408 uint64_t IV_alloc_len = 0; 409 int result; 410 int OK = 0; 411 uint32_t last_break = 0; 412 int i = length; 413 uint8_t *rand_data = NULL; 414 415 rand_data = malloc(100); 416 417 #ifdef GCM_VECTORS_VERBOSE 418 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 419 (int)vector->Klen, 420 (int)vector->IVlen, (int)vector->Plen, (int)vector->Alen, (int)vector->Tlen); 421 #else 422 printf("."); 423 #endif 424 // Allocate space for the calculated ciphertext 425 if (vector->Plen != 0) { 426 pt_test = malloc(vector->Plen); 427 ct_test = malloc(vector->Plen); 428 o_ct_test = malloc(vector->Plen); 429 if ((pt_test == NULL) || (ct_test == NULL) || (o_ct_test == NULL)) { 430 fprintf(stderr, "Can't allocate ciphertext memory\n"); 431 return 1; 432 } 433 } 434 IV_alloc_len = vector->IVlen; 435 // Allocate space for the calculated ciphertext 436 IV_c = malloc(IV_alloc_len); 437 if (IV_c == NULL) { 438 fprintf(stderr, "Can't allocate ciphertext memory\n"); 439 return 1; 440 } 441 memcpy(IV_c, vector->IV, vector->IVlen); 442 443 T_test = malloc(vector->Tlen); 444 o_T_test = malloc(vector->Tlen); 445 if ((T_test == NULL) || (o_T_test == NULL)) { 446 fprintf(stderr, "Can't allocate tag memory\n"); 447 return 1; 448 } 449 // This is only required once for a given key 450 aes_gcm_pre_128(vector->K, gkey); 451 452 //// 453 // ISA-l Encrypt 454 //// 455 aes_gcm_enc_128(gkey, gctx, vector->C, vector->P, vector->Plen, 456 IV_c, vector->A, vector->Alen, vector->T, vector->Tlen); 457 aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 458 while (i < (vector->Plen)) { 459 if (i - last_break != 0) { 460 stream = malloc(i - last_break); 461 memcpy(stream, vector->P + last_break, i - last_break); 462 } 463 aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, stream, 464 i - last_break); 465 if (i - last_break != 0) 466 free(stream); 467 last_break = i; 468 i = i + (length - start) / breaks; 469 470 } 471 aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, vector->P + last_break, 472 vector->Plen - last_break); 473 aes_gcm_enc_128_finalize(gkey, gctx, vector->T, vector->Tlen); 474 openssl_aes_gcm_enc(vector->K, vector->IV, 475 vector->IVlen, vector->A, vector->Alen, o_T_test, 476 vector->Tlen, vector->P, vector->Plen, o_ct_test); 477 478 OK |= 479 check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 480 OK |= 481 check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 482 483 memcpy(ct_test, vector->C, vector->Plen); 484 memcpy(pt_test, vector->P, vector->Plen); 485 memset(vector->P, 0, vector->Plen); 486 memcpy(T_test, vector->T, vector->Tlen); 487 memset(vector->T, 0, vector->Tlen); 488 489 //// 490 // ISA-l Decrypt 491 //// 492 493 last_break = 0; 494 i = length; 495 aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 496 while (i < (vector->Plen)) { 497 if (i - last_break != 0) { 498 stream = malloc(i - last_break); 499 memcpy(stream, vector->C + last_break, i - last_break); 500 } 501 aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, stream, 502 i - last_break); 503 if (i - last_break != 0) 504 free(stream); 505 last_break = i; 506 i = i + (length - start) / breaks; 507 508 } 509 510 aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, vector->C + last_break, 511 vector->Plen - last_break); 512 aes_gcm_dec_128_finalize(gkey, gctx, vector->T, vector->Tlen); 513 OK |= 514 check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 515 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 516 memset(vector->P, 0, vector->Plen); 517 aes_gcm_dec_128(gkey, gctx, vector->P, o_ct_test, vector->Plen, 518 IV_c, vector->A, vector->Alen, vector->T, vector->Tlen); 519 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 520 result = 521 openssl_aes_gcm_dec(vector->K, vector->IV, 522 vector->IVlen, vector->A, vector->Alen, 523 vector->T, vector->Tlen, vector->C, vector->Plen, pt_test); 524 if (-1 == result) 525 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 526 OK |= (-1 == result); 527 free(rand_data); 528 529 return OK; 530 } 531 532 int check_strm_vector_efence(struct gcm_key_data *gkey, struct gcm_context_data *gctx, 533 gcm_vector * vector) 534 { 535 uint8_t *pt_test = NULL; 536 uint8_t *ct_test = NULL; 537 uint8_t *o_ct_test = NULL; 538 uint8_t *IV_c = NULL; 539 uint8_t *T_test = NULL; 540 uint8_t *o_T_test = NULL; 541 uint8_t *stream = NULL; 542 uint64_t IV_alloc_len = 0; 543 int result; 544 int OK = 0; 545 uint32_t last_break = 0; 546 int i = 1; 547 uint8_t *rand_data = NULL; 548 uint64_t length; 549 550 rand_data = malloc(100); 551 552 #ifdef GCM_VECTORS_VERBOSE 553 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 554 (int)vector->Klen, 555 (int)vector->IVlen, (int)vector->Plen, (int)vector->Alen, (int)vector->Tlen); 556 #else 557 printf("."); 558 #endif 559 // Allocate space for the calculated ciphertext 560 if (vector->Plen != 0) { 561 pt_test = malloc(vector->Plen); 562 ct_test = malloc(vector->Plen); 563 o_ct_test = malloc(vector->Plen); 564 if ((pt_test == NULL) || (ct_test == NULL) || (o_ct_test == NULL)) { 565 fprintf(stderr, "Can't allocate ciphertext memory\n"); 566 return 1; 567 } 568 } 569 IV_alloc_len = vector->IVlen; 570 // Allocate space for the calculated ciphertext 571 IV_c = malloc(IV_alloc_len); 572 if (IV_c == NULL) { 573 fprintf(stderr, "Can't allocate ciphertext memory\n"); 574 return 1; 575 } 576 memcpy(IV_c, vector->IV, vector->IVlen); 577 578 T_test = malloc(vector->Tlen); 579 o_T_test = malloc(vector->Tlen); 580 if ((T_test == NULL) || (o_T_test == NULL)) { 581 fprintf(stderr, "Can't allocate tag memory\n"); 582 return 1; 583 } 584 // This is only required once for a given key 585 aes_gcm_pre_128(vector->K, gkey); 586 587 //// 588 // ISA-l Encrypt 589 //// 590 aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 591 while (i < vector->Plen) { 592 if (rand() % 2000 == 0 || i - last_break > PAGE_LEN / 2) { 593 stream = malloc(PAGE_LEN); 594 i = i & ALIGNMENT_MASK; 595 memcpy(stream + PAGE_LEN - (i - last_break), vector->P + last_break, 596 i - last_break); 597 aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, 598 stream + PAGE_LEN - (i - last_break), 599 i - last_break); 600 free(stream); 601 602 if (rand() % 1024 == 0) { 603 length = rand() % 100; 604 mk_rand_data(rand_data, length); 605 SHA1(rand_data, length, rand_data); 606 } 607 last_break = i; 608 } 609 if (rand() % 1024 != 0) 610 i++; 611 612 } 613 aes_gcm_enc_128_update(gkey, gctx, vector->C + last_break, vector->P + last_break, 614 vector->Plen - last_break); 615 aes_gcm_enc_128_finalize(gkey, gctx, vector->T, vector->Tlen); 616 openssl_aes_gcm_enc(vector->K, vector->IV, 617 vector->IVlen, vector->A, vector->Alen, o_T_test, 618 vector->Tlen, vector->P, vector->Plen, o_ct_test); 619 OK |= 620 check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 621 OK |= 622 check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 623 624 memcpy(ct_test, vector->C, vector->Plen); 625 memcpy(pt_test, vector->P, vector->Plen); 626 memset(vector->P, 0, vector->Plen); 627 memcpy(T_test, vector->T, vector->Tlen); 628 memset(vector->T, 0, vector->Tlen); 629 630 //// 631 // ISA-l Decrypt 632 //// 633 634 last_break = 0; 635 i = 0; 636 aes_gcm_init_128(gkey, gctx, IV_c, vector->A, vector->Alen); 637 while (i < vector->Plen) { 638 if (rand() % 2000 == 0 || i - last_break > PAGE_LEN / 2) { 639 stream = malloc(PAGE_LEN); 640 i = i & ALIGNMENT_MASK; 641 memcpy(stream + PAGE_LEN - (i - last_break), vector->C + last_break, 642 i - last_break); 643 aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, 644 stream + PAGE_LEN - (i - last_break), 645 i - last_break); 646 free(stream); 647 648 if (rand() % 1024 == 0) { 649 length = rand() % 100; 650 651 mk_rand_data(rand_data, length); 652 SHA1(rand_data, length, rand_data); 653 } 654 655 last_break = i; 656 657 } 658 if (rand() % 1024 != 0) 659 i++; 660 661 } 662 aes_gcm_dec_128_update(gkey, gctx, vector->P + last_break, vector->C + last_break, 663 vector->Plen - last_break); 664 aes_gcm_dec_128_finalize(gkey, gctx, vector->T, vector->Tlen); 665 666 OK |= 667 check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 668 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 669 memset(vector->P, 0, vector->Plen); 670 aes_gcm_dec_128(gkey, gctx, vector->P, o_ct_test, vector->Plen, 671 IV_c, vector->A, vector->Alen, vector->T, vector->Tlen); 672 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 673 result = 674 openssl_aes_gcm_dec(vector->K, vector->IV, 675 vector->IVlen, vector->A, vector->Alen, 676 vector->T, vector->Tlen, vector->C, vector->Plen, pt_test); 677 if (-1 == result) 678 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 679 OK |= (-1 == result); 680 free(T_test); 681 free(o_T_test); 682 free(IV_c); 683 free(pt_test); 684 free(ct_test); 685 free(o_ct_test); 686 free(rand_data); 687 688 return OK; 689 } 690 691 int check_256_vector(struct gcm_key_data *gkey, struct gcm_context_data *gctx, 692 gcm_vector * vector) 693 { 694 uint8_t *pt_test = NULL; 695 uint8_t *ct_test = NULL; 696 uint8_t *o_ct_test = NULL; 697 uint8_t *IV_c = NULL; 698 uint8_t *T_test = NULL; 699 uint8_t *o_T_test = NULL; 700 uint64_t IV_alloc_len = 0; 701 int result; 702 int OK = 0; 703 704 #ifdef GCM_VECTORS_VERBOSE 705 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 706 (int)vector->Klen, 707 (int)vector->IVlen, (int)vector->Plen, (int)vector->Alen, (int)vector->Tlen); 708 #else 709 printf("."); 710 #endif 711 // Allocate space for the calculated ciphertext 712 if (vector->Plen != 0) { 713 pt_test = malloc(vector->Plen); 714 ct_test = malloc(vector->Plen); 715 o_ct_test = malloc(vector->Plen); 716 if ((pt_test == NULL) || (ct_test == NULL) || (o_ct_test == NULL)) { 717 fprintf(stderr, "Can't allocate ciphertext memory\n"); 718 return 1; 719 } 720 } 721 IV_alloc_len = vector->IVlen; 722 // Allocate space for the calculated ciphertext 723 IV_c = malloc(IV_alloc_len); 724 if (IV_c == NULL) { 725 fprintf(stderr, "Can't allocate ciphertext memory\n"); 726 return 1; 727 } 728 memcpy(IV_c, vector->IV, vector->IVlen); 729 730 T_test = malloc(vector->Tlen); 731 o_T_test = malloc(vector->Tlen); 732 if ((T_test == NULL) || (o_T_test == NULL)) { 733 fprintf(stderr, "Can't allocate tag memory\n"); 734 return 1; 735 } 736 // This is only required once for a given key 737 aes_gcm_pre_256(vector->K, gkey); 738 739 //// 740 // ISA-l Encrypt 741 //// 742 aes_gcm_enc_256(gkey, gctx, vector->C, vector->P, vector->Plen, 743 IV_c, vector->A, vector->Alen, vector->T, vector->Tlen); 744 openssl_aes_256_gcm_enc(vector->K, vector->IV, 745 vector->IVlen, vector->A, vector->Alen, o_T_test, 746 vector->Tlen, vector->P, vector->Plen, o_ct_test); 747 OK |= 748 check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 749 OK |= 750 check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 751 752 memcpy(ct_test, vector->C, vector->Plen); 753 memcpy(pt_test, vector->P, vector->Plen); 754 memset(vector->P, 0, vector->Plen); 755 memcpy(T_test, vector->T, vector->Tlen); 756 memset(vector->T, 0, vector->Tlen); 757 758 //// 759 // ISA-l Decrypt 760 //// 761 aes_gcm_dec_256(gkey, gctx, vector->P, vector->C, vector->Plen, 762 IV_c, vector->A, vector->Alen, vector->T, vector->Tlen); 763 OK |= check_data(vector->T, T_test, vector->Tlen, "ISA-L decrypt vs encrypt tag (T)"); 764 OK |= 765 check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 766 OK |= 767 check_data(pt_test, vector->P, vector->Plen, 768 "ISA-L decrypted ISA-L plain text (P)"); 769 memset(vector->P, 0, vector->Plen); 770 aes_gcm_dec_256(gkey, gctx, vector->P, o_ct_test, vector->Plen, 771 IV_c, vector->A, vector->Alen, vector->T, vector->Tlen); 772 OK |= 773 check_data(pt_test, vector->P, vector->Plen, 774 "ISA-L decrypted OpenSSL plain text (P)"); 775 result = 776 openssl_aes_256_gcm_dec(vector->K, vector->IV, 777 vector->IVlen, vector->A, vector->Alen, 778 vector->T, vector->Tlen, vector->C, vector->Plen, pt_test); 779 if (-1 == result) 780 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 781 OK |= (-1 == result); 782 free(T_test); 783 free(o_T_test); 784 free(IV_c); 785 free(pt_test); 786 free(ct_test); 787 free(o_ct_test); 788 789 return OK; 790 } 791 792 int check_256_strm_vector(struct gcm_key_data *gkey, struct gcm_context_data *gctx, 793 gcm_vector * vector, int test_len) 794 { 795 uint8_t *pt_test = NULL; 796 uint8_t *ct_test = NULL; 797 uint8_t *o_ct_test = NULL; 798 uint8_t *IV_c = NULL; 799 uint8_t *T_test = NULL; 800 uint8_t *o_T_test = NULL; 801 uint8_t *stream = NULL; 802 uint64_t IV_alloc_len = 0; 803 int result; 804 int OK = 0; 805 uint32_t last_break; 806 int i; 807 uint8_t *rand_data = NULL; 808 uint64_t length; 809 810 rand_data = malloc(100); 811 812 #ifdef GCM_VECTORS_VERBOSE 813 printf("combination vector Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 814 (int)vector->Klen, 815 (int)vector->IVlen, (int)vector->Plen, (int)vector->Alen, (int)vector->Tlen); 816 #else 817 printf("."); 818 #endif 819 // Allocate space for the calculated ciphertext 820 if (vector->Plen != 0) { 821 pt_test = malloc(vector->Plen); 822 ct_test = malloc(vector->Plen); 823 o_ct_test = malloc(vector->Plen); 824 if ((pt_test == NULL) || (ct_test == NULL) || (o_ct_test == NULL)) { 825 fprintf(stderr, "Can't allocate ciphertext memory\n"); 826 return 1; 827 } 828 } 829 IV_alloc_len = vector->IVlen; 830 // Allocate space for the calculated ciphertext 831 IV_c = malloc(IV_alloc_len); 832 if (IV_c == NULL) { 833 fprintf(stderr, "Can't allocate ciphertext memory\n"); 834 return 1; 835 } 836 memcpy(IV_c, vector->IV, vector->IVlen); 837 838 T_test = malloc(vector->Tlen); 839 o_T_test = malloc(vector->Tlen); 840 if ((T_test == NULL) || (o_T_test == NULL)) { 841 fprintf(stderr, "Can't allocate tag memory\n"); 842 return 1; 843 } 844 // This is only required once for a given key 845 aes_gcm_pre_256(vector->K, gkey); 846 847 //// 848 // ISA-l Encrypt 849 //// 850 aes_gcm_init_256(gkey, gctx, IV_c, vector->A, vector->Alen); 851 852 last_break = 0; 853 i = (rand() % test_len / 32) & ALIGNMENT_MASK; 854 while (i < (vector->Plen)) { 855 if (i - last_break != 0) { 856 stream = malloc(i - last_break); 857 memcpy(stream, vector->P + last_break, i - last_break); 858 } 859 860 aes_gcm_enc_256_update(gkey, gctx, vector->C + last_break, stream, 861 i - last_break); 862 if (i - last_break != 0) 863 free(stream); 864 865 if (rand() % 1024 == 0) { 866 length = rand() % 100; 867 mk_rand_data(rand_data, length); 868 SHA1(rand_data, length, rand_data); 869 } 870 last_break = i; 871 i += (rand() % test_len / 32) & ALIGNMENT_MASK; 872 873 } 874 aes_gcm_enc_256_update(gkey, gctx, vector->C + last_break, vector->P + last_break, 875 vector->Plen - last_break); 876 if (gctx->in_length != vector->Plen) 877 printf("%lu, %lu\n", gctx->in_length, vector->Plen); 878 aes_gcm_enc_256_finalize(gkey, gctx, vector->T, vector->Tlen); 879 880 openssl_aes_256_gcm_enc(vector->K, vector->IV, 881 vector->IVlen, vector->A, vector->Alen, o_T_test, 882 vector->Tlen, vector->P, vector->Plen, o_ct_test); 883 OK |= 884 check_data(vector->C, o_ct_test, vector->Plen, "OpenSSL vs ISA-L cypher text (C)"); 885 OK |= 886 check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L encrypt tag (T)"); 887 888 memcpy(ct_test, vector->C, vector->Plen); 889 memcpy(pt_test, vector->P, vector->Plen); 890 memset(vector->P, 0, vector->Plen); 891 memcpy(T_test, vector->T, vector->Tlen); 892 memset(vector->T, 0, vector->Tlen); 893 894 //// 895 // ISA-l Decrypt 896 //// 897 898 last_break = 0; 899 i += (rand() % test_len / 32) & ALIGNMENT_MASK; 900 aes_gcm_init_256(gkey, gctx, IV_c, vector->A, vector->Alen); 901 while (i < (vector->Plen)) { 902 if (i - last_break != 0) { 903 stream = malloc(i - last_break); 904 memcpy(stream, vector->C + last_break, i - last_break); 905 } 906 907 aes_gcm_dec_256_update(gkey, gctx, vector->P + last_break, stream, 908 i - last_break); 909 if (i - last_break != 0) 910 free(stream); 911 912 if (rand() % 1024 == 0) { 913 length = rand() % 100; 914 915 mk_rand_data(rand_data, length); 916 SHA1(rand_data, length, rand_data); 917 } 918 919 last_break = i; 920 i += (rand() % test_len / 32) & ALIGNMENT_MASK; 921 922 } 923 aes_gcm_dec_256_update(gkey, gctx, vector->P + last_break, vector->C + last_break, 924 vector->Plen - last_break); 925 aes_gcm_dec_256_finalize(gkey, gctx, vector->T, vector->Tlen); 926 927 OK |= check_data(vector->T, T_test, vector->Tlen, "ISA-L decrypt vs encrypt tag (T)"); 928 OK |= 929 check_data(vector->T, o_T_test, vector->Tlen, "OpenSSL vs ISA-L decrypt tag (T)"); 930 OK |= 931 check_data(pt_test, vector->P, vector->Plen, 932 "ISA-L decrypted ISA-L plain text (P)"); 933 memset(vector->P, 0, vector->Plen); 934 aes_gcm_dec_256(gkey, gctx, vector->P, o_ct_test, vector->Plen, 935 IV_c, vector->A, vector->Alen, vector->T, vector->Tlen); 936 OK |= 937 check_data(pt_test, vector->P, vector->Plen, 938 "ISA-L decrypted OpenSSL plain text (P)"); 939 result = 940 openssl_aes_256_gcm_dec(vector->K, vector->IV, 941 vector->IVlen, vector->A, vector->Alen, 942 vector->T, vector->Tlen, vector->C, vector->Plen, pt_test); 943 if (-1 == result) 944 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 945 OK |= (-1 == result); 946 free(T_test); 947 free(o_T_test); 948 free(IV_c); 949 free(pt_test); 950 free(ct_test); 951 free(o_ct_test); 952 953 return OK; 954 } 955 956 int test_gcm_strm_efence(void) 957 { 958 gcm_vector test; 959 int tag_len = 8; 960 int t = 0; 961 struct gcm_key_data *gkey = NULL; 962 struct gcm_context_data *gctx = NULL; 963 964 gkey = malloc(sizeof(struct gcm_key_data)); 965 gctx = malloc(sizeof(struct gcm_context_data)); 966 if (NULL == gkey || NULL == gctx) 967 return 1; 968 969 printf("AES GCM random efence test vectors with random stream:"); 970 for (t = 0; RANDOMS > t; t++) { 971 int Plen = (rand() % TEST_LEN); 972 //lengths must be a multiple of 4 bytes 973 int aad_len = (rand() % TEST_LEN); 974 int offset = (rand() % MAX_UNALIGNED); 975 if (offset == 0 && aad_len == 0) 976 offset = OFFSET_BASE_VALUE; 977 978 if (0 == (t % 25)) 979 printf("\n"); 980 if (0 == (t % 10)) 981 fflush(0); 982 test.P = NULL; 983 test.C = NULL; 984 test.A = NULL; 985 test.T = NULL; 986 test.Plen = Plen; 987 if (test.Plen + offset != 0) { 988 test.P = malloc(test.Plen + offset); 989 test.C = malloc(test.Plen + offset); 990 } else { //This else clause is here because openssl 1.0.1k does not handle NULL pointers 991 test.P = malloc(16); 992 test.C = malloc(16); 993 } 994 test.K = malloc(GCM_128_KEY_LEN + offset); 995 test.Klen = GCM_128_KEY_LEN; 996 test.IV = malloc(GCM_IV_DATA_LEN + offset); 997 test.IVlen = GCM_IV_DATA_LEN; 998 test.A = malloc(aad_len + offset); 999 test.Alen = aad_len; 1000 test.T = malloc(MAX_TAG_LEN + offset); 1001 1002 if ((NULL == test.P && test.Plen != 0) || (NULL == test.K) 1003 || (NULL == test.IV)) { 1004 printf("malloc of testsize:0x%x failed\n", Plen); 1005 return 1; 1006 } 1007 1008 test.P += offset; 1009 test.C += offset; 1010 test.K += offset; 1011 test.IV += offset; 1012 test.A += offset; 1013 test.T += offset; 1014 1015 mk_rand_data(test.P, test.Plen); 1016 mk_rand_data(test.K, test.Klen); 1017 mk_rand_data(test.IV, test.IVlen); 1018 mk_rand_data(test.A, test.Alen); 1019 1020 // single Key length of 128bits/16bytes supported 1021 // single IV length of 96bits/12bytes supported 1022 // Tag lengths of 8, 12 or 16 1023 for (tag_len = 8; tag_len <= MAX_TAG_LEN;) { 1024 test.Tlen = tag_len; 1025 if (0 != check_strm_vector_efence(gkey, gctx, &test)) 1026 return 1; 1027 tag_len += 4; //supported lengths are 8, 12 or 16 1028 } 1029 test.A -= offset; 1030 free(test.A); 1031 test.C -= offset; 1032 free(test.C); 1033 test.IV -= offset; 1034 free(test.IV); 1035 test.K -= offset; 1036 free(test.K); 1037 test.P -= offset; 1038 free(test.P); 1039 test.T -= offset; 1040 free(test.T); 1041 } 1042 printf("\n"); 1043 free(gkey); 1044 free(gctx); 1045 return 0; 1046 } 1047 1048 int test_gcm_strm_combinations(int test_len) 1049 { 1050 gcm_vector test; 1051 int tag_len = 8; 1052 int t = 0; 1053 uint8_t *gkeytemp = NULL; 1054 struct gcm_key_data *gkey = NULL; 1055 struct gcm_context_data *gctx = NULL; 1056 1057 gkeytemp = malloc(sizeof(struct gcm_key_data) + 16); 1058 gctx = malloc(sizeof(struct gcm_context_data)); 1059 gkey = (struct gcm_key_data *)(gkeytemp + rand() % 16); 1060 if (NULL == gkey || NULL == gctx) 1061 return 1; 1062 1063 printf("AES GCM random test vectors with random stream of average size %d:", 1064 test_len / 64); 1065 for (t = 0; RANDOMS > t; t++) { 1066 int Plen = 0; // (rand() % test_len); 1067 //lengths must be a multiple of 4 bytes 1068 int aad_len = (rand() % test_len); 1069 int offset = (rand() % MAX_UNALIGNED); 1070 if (offset == 0 && aad_len == 0) 1071 offset = OFFSET_BASE_VALUE; 1072 1073 if (0 == (t % 25)) 1074 printf("\n"); 1075 if (0 == (t % 10)) 1076 fflush(0); 1077 test.P = NULL; 1078 test.C = NULL; 1079 test.A = NULL; 1080 test.T = NULL; 1081 test.Plen = Plen; 1082 if (test.Plen + offset != 0) { 1083 test.P = malloc(test.Plen + offset); 1084 test.C = malloc(test.Plen + offset); 1085 } else { //This else clause is here because openssl 1.0.1k does not handle NULL pointers 1086 test.P = malloc(16); 1087 test.C = malloc(16); 1088 } 1089 test.K = malloc(GCM_128_KEY_LEN + offset); 1090 test.Klen = GCM_128_KEY_LEN; 1091 test.IV = malloc(GCM_IV_DATA_LEN + offset); 1092 test.IVlen = GCM_IV_DATA_LEN; 1093 test.A = malloc(aad_len + offset); 1094 1095 test.Alen = aad_len; 1096 test.T = malloc(MAX_TAG_LEN + offset); 1097 1098 if ((NULL == test.P && test.Plen != 0) || (NULL == test.K) 1099 || (NULL == test.IV)) { 1100 printf("malloc of testsize:0x%x failed\n", Plen); 1101 return 1; 1102 } 1103 1104 test.P += offset; 1105 test.C += offset; 1106 test.K += offset; 1107 test.IV += offset; 1108 test.A += offset; 1109 test.T += offset; 1110 1111 mk_rand_data(test.P, test.Plen); 1112 mk_rand_data(test.K, test.Klen); 1113 mk_rand_data(test.IV, test.IVlen); 1114 mk_rand_data(test.A, test.Alen); 1115 1116 // single Key length of 128bits/16bytes supported 1117 // single IV length of 96bits/12bytes supported 1118 // Tag lengths of 8, 12 or 16 1119 for (tag_len = 8; tag_len <= MAX_TAG_LEN;) { 1120 test.Tlen = tag_len; 1121 if (0 != check_strm_vector(gkey, gctx, &test, test_len)) 1122 return 1; 1123 tag_len += 4; //supported lengths are 8, 12 or 16 1124 } 1125 test.A -= offset; 1126 free(test.A); 1127 test.C -= offset; 1128 free(test.C); 1129 test.IV -= offset; 1130 free(test.IV); 1131 test.K -= offset; 1132 free(test.K); 1133 test.P -= offset; 1134 free(test.P); 1135 test.T -= offset; 1136 free(test.T); 1137 } 1138 printf("\n"); 1139 free(gkeytemp); 1140 free(gctx); 1141 return 0; 1142 } 1143 1144 int test_gcm_combinations(void) 1145 { 1146 gcm_vector test; 1147 int tag_len = 8; 1148 int t = 0; 1149 struct gcm_key_data *gkey = NULL; 1150 struct gcm_context_data *gctx = NULL; 1151 1152 gkey = malloc(sizeof(struct gcm_key_data)); 1153 gctx = malloc(sizeof(struct gcm_context_data)); 1154 if (NULL == gkey || NULL == gctx) 1155 return 1; 1156 1157 printf("AES GCM random test vectors:"); 1158 for (t = 0; RANDOMS > t; t++) { 1159 int Plen = (rand() % TEST_LEN); 1160 //lengths must be a multiple of 4 bytes 1161 int aad_len = (rand() % TEST_LEN); 1162 int offset = (rand() % MAX_UNALIGNED); 1163 if (offset == 0 && aad_len == 0) 1164 offset = OFFSET_BASE_VALUE; 1165 1166 if (0 == (t % 25)) 1167 printf("\n"); 1168 if (0 == (t % 10)) 1169 fflush(0); 1170 test.P = NULL; 1171 test.C = NULL; 1172 test.A = NULL; 1173 test.T = NULL; 1174 test.Plen = Plen; 1175 if (test.Plen + offset != 0) { 1176 test.P = malloc(test.Plen + offset); 1177 test.C = malloc(test.Plen + offset); 1178 } else { //This else clause is here because openssl 1.0.1k does not handle NULL pointers 1179 test.P = malloc(16); 1180 test.C = malloc(16); 1181 } 1182 test.K = malloc(GCM_128_KEY_LEN + offset); 1183 test.Klen = GCM_128_KEY_LEN; 1184 test.IV = malloc(GCM_IV_DATA_LEN + offset); 1185 test.IVlen = GCM_IV_DATA_LEN; 1186 test.A = malloc(aad_len + offset); 1187 1188 test.Alen = aad_len; 1189 test.T = malloc(MAX_TAG_LEN + offset); 1190 1191 if ((NULL == test.P && test.Plen != 0) || (NULL == test.K) 1192 || (NULL == test.IV)) { 1193 printf("malloc of testsize:0x%x failed\n", Plen); 1194 return 1; 1195 } 1196 1197 test.P += offset; 1198 test.C += offset; 1199 test.K += offset; 1200 test.IV += offset; 1201 test.A += offset; 1202 test.T += offset; 1203 1204 mk_rand_data(test.P, test.Plen); 1205 mk_rand_data(test.K, test.Klen); 1206 mk_rand_data(test.IV, test.IVlen); 1207 mk_rand_data(test.A, test.Alen); 1208 1209 // single Key length of 128bits/16bytes supported 1210 // single IV length of 96bits/12bytes supported 1211 // Tag lengths of 8, 12 or 16 1212 for (tag_len = 8; tag_len <= MAX_TAG_LEN;) { 1213 test.Tlen = tag_len; 1214 if (0 != check_vector(gkey, gctx, &test)) 1215 return 1; 1216 tag_len += 4; //supported lengths are 8, 12 or 16 1217 } 1218 test.A -= offset; 1219 free(test.A); 1220 test.C -= offset; 1221 free(test.C); 1222 test.IV -= offset; 1223 free(test.IV); 1224 test.K -= offset; 1225 free(test.K); 1226 test.P -= offset; 1227 free(test.P); 1228 test.T -= offset; 1229 free(test.T); 1230 } 1231 printf("\n"); 1232 free(gkey); 1233 free(gctx); 1234 return 0; 1235 } 1236 1237 int test_gcm256_combinations(void) 1238 { 1239 gcm_vector test; 1240 int tag_len = 8; 1241 int t = 0; 1242 struct gcm_key_data *gkey = NULL; 1243 struct gcm_context_data *gctx = NULL; 1244 1245 gkey = malloc(sizeof(struct gcm_key_data)); 1246 gctx = malloc(sizeof(struct gcm_context_data)); 1247 if (NULL == gkey || NULL == gctx) 1248 return 1; 1249 1250 printf("AES-GCM-256 random test vectors:"); 1251 for (t = 0; RANDOMS > t; t++) { 1252 int Plen = (rand() % TEST_LEN); 1253 //lengths must be a multiple of 4 bytes 1254 int aad_len = (rand() % TEST_LEN); 1255 int offset = (rand() % MAX_UNALIGNED); 1256 if (offset == 0 && aad_len == 0) 1257 offset = OFFSET_BASE_VALUE; 1258 1259 if (0 == (t % 25)) 1260 printf("\n"); 1261 if (0 == (t % 10)) 1262 fflush(0); 1263 test.P = NULL; 1264 test.C = NULL; 1265 test.A = NULL; 1266 test.T = NULL; 1267 test.Plen = Plen; 1268 if (test.Plen + offset != 0) { 1269 test.P = malloc(test.Plen + offset); 1270 test.C = malloc(test.Plen + offset); 1271 } else { //This else clause is here because openssl 1.0.1k does not handle NULL pointers 1272 test.P = malloc(16); 1273 test.C = malloc(16); 1274 } 1275 test.K = malloc(GCM_256_KEY_LEN + offset); 1276 test.Klen = GCM_256_KEY_LEN; 1277 test.IV = malloc(GCM_IV_DATA_LEN + offset); 1278 test.IVlen = GCM_IV_DATA_LEN; 1279 test.A = malloc(aad_len + offset); 1280 1281 test.Alen = aad_len; 1282 test.T = malloc(MAX_TAG_LEN + offset); 1283 1284 if ((NULL == test.P && test.Plen != 0) || (NULL == test.K) 1285 || (NULL == test.IV)) { 1286 printf("malloc of testsize:0x%x failed\n", Plen); 1287 return 1; 1288 } 1289 1290 test.P += offset; 1291 test.C += offset; 1292 test.K += offset; 1293 test.IV += offset; 1294 test.A += offset; 1295 test.T += offset; 1296 1297 mk_rand_data(test.P, test.Plen); 1298 mk_rand_data(test.K, test.Klen); 1299 mk_rand_data(test.IV, test.IVlen); 1300 mk_rand_data(test.A, test.Alen); 1301 1302 // single Key length of 128bits/16bytes supported 1303 // single IV length of 96bits/12bytes supported 1304 // Tag lengths of 8, 12 or 16 1305 for (tag_len = 8; tag_len <= MAX_TAG_LEN;) { 1306 test.Tlen = tag_len; 1307 if (0 != check_256_vector(gkey, gctx, &test)) 1308 return 1; 1309 tag_len += 4; //supported lengths are 8, 12 or 16 1310 } 1311 test.A -= offset; 1312 free(test.A); 1313 test.C -= offset; 1314 free(test.C); 1315 test.IV -= offset; 1316 free(test.IV); 1317 test.K -= offset; 1318 free(test.K); 1319 test.P -= offset; 1320 free(test.P); 1321 test.T -= offset; 1322 free(test.T); 1323 } 1324 printf("\n"); 1325 free(gkey); 1326 free(gctx); 1327 return 0; 1328 } 1329 1330 int test_gcm256_strm_combinations(int test_len) 1331 { 1332 gcm_vector test; 1333 int tag_len = 8; 1334 int t = 0; 1335 uint8_t *gkeytemp = NULL; 1336 struct gcm_key_data *gkey = NULL; 1337 struct gcm_context_data *gctx = NULL; 1338 1339 gkeytemp = malloc(sizeof(struct gcm_key_data) + 16); 1340 gctx = malloc(sizeof(struct gcm_context_data)); 1341 gkey = (struct gcm_key_data *)(gkeytemp + rand() % 16); 1342 if (NULL == gkey || NULL == gctx) 1343 return 1; 1344 1345 printf("AES-GCM-256 random test vectors with random stream of average size %d:", 1346 test_len / 64); 1347 for (t = 0; RANDOMS > t; t++) { 1348 int Plen = (rand() % test_len); 1349 //lengths must be a multiple of 4 bytes 1350 int aad_len = (rand() % test_len); 1351 int offset = (rand() % MAX_UNALIGNED); 1352 if (offset == 0 && aad_len == 0) 1353 offset = OFFSET_BASE_VALUE; 1354 1355 if (0 == (t % 25)) 1356 printf("\n"); 1357 if (0 == (t % 10)) 1358 fflush(0); 1359 test.P = NULL; 1360 test.C = NULL; 1361 test.A = NULL; 1362 test.T = NULL; 1363 test.Plen = Plen; 1364 if (test.Plen + offset != 0) { 1365 test.P = malloc(test.Plen + offset); 1366 test.C = malloc(test.Plen + offset); 1367 } else { //This else clause is here because openssl 1.0.1k does not handle NULL pointers 1368 test.P = malloc(16); 1369 test.C = malloc(16); 1370 } 1371 test.K = malloc(GCM_256_KEY_LEN + offset); 1372 test.Klen = GCM_256_KEY_LEN; 1373 test.IV = malloc(GCM_IV_DATA_LEN + offset); 1374 test.IVlen = GCM_IV_DATA_LEN; 1375 test.A = malloc(aad_len + offset); 1376 1377 test.Alen = aad_len; 1378 test.T = malloc(MAX_TAG_LEN + offset); 1379 1380 if ((NULL == test.P && test.Plen != 0) || (NULL == test.K) 1381 || (NULL == test.IV)) { 1382 printf("malloc of testsize:0x%x failed\n", Plen); 1383 return 1; 1384 } 1385 1386 test.P += offset; 1387 test.C += offset; 1388 test.K += offset; 1389 test.IV += offset; 1390 test.A += offset; 1391 test.T += offset; 1392 1393 mk_rand_data(test.P, test.Plen); 1394 mk_rand_data(test.K, test.Klen); 1395 mk_rand_data(test.IV, test.IVlen); 1396 mk_rand_data(test.A, test.Alen); 1397 1398 // single Key length of 128bits/16bytes supported 1399 // single IV length of 96bits/12bytes supported 1400 // Tag lengths of 8, 12 or 16 1401 for (tag_len = 8; tag_len <= MAX_TAG_LEN;) { 1402 test.Tlen = tag_len; 1403 if (0 != check_256_strm_vector(gkey, gctx, &test, test_len)) 1404 return 1; 1405 tag_len += 4; //supported lengths are 8, 12 or 16 1406 } 1407 test.A -= offset; 1408 free(test.A); 1409 test.C -= offset; 1410 free(test.C); 1411 test.IV -= offset; 1412 free(test.IV); 1413 test.K -= offset; 1414 free(test.K); 1415 test.P -= offset; 1416 free(test.P); 1417 test.T -= offset; 1418 free(test.T); 1419 } 1420 printf("\n"); 1421 free(gkeytemp); 1422 free(gctx); 1423 return 0; 1424 } 1425 1426 // 1427 // place all data to end at a page boundary to check for read past the end 1428 // 1429 int test_gcm_efence(void) 1430 { 1431 gcm_vector test; 1432 int offset = 0; 1433 gcm_key_size key_len; 1434 struct gcm_key_data *gkey = NULL; 1435 struct gcm_context_data *gctx = NULL; 1436 uint8_t *P, *C, *K, *IV, *A, *T; 1437 1438 gkey = malloc(sizeof(struct gcm_key_data)); 1439 gctx = malloc(sizeof(struct gcm_context_data)); 1440 P = malloc(PAGE_LEN); 1441 C = malloc(PAGE_LEN); 1442 K = malloc(PAGE_LEN); 1443 IV = malloc(PAGE_LEN); 1444 A = malloc(PAGE_LEN); 1445 T = malloc(PAGE_LEN); 1446 if ((NULL == P) || (NULL == C) || (NULL == K) || (NULL == IV) || (NULL == A) 1447 || (NULL == T) || (NULL == gkey) || (NULL == gctx)) { 1448 printf("malloc of testsize:0x%x failed\n", PAGE_LEN); 1449 return -1; 1450 } 1451 1452 test.Plen = PAGE_LEN / 2; 1453 // place buffers to end at page boundary 1454 test.IVlen = GCM_IV_DATA_LEN; 1455 test.Alen = test.Plen; 1456 test.Tlen = MAX_TAG_LEN; 1457 1458 printf("AES GCM efence test vectors:"); 1459 for (key_len = GCM_128_KEY_LEN; GCM_256_KEY_LEN >= key_len; 1460 key_len += (GCM_256_KEY_LEN - GCM_128_KEY_LEN)) { 1461 test.Klen = key_len; 1462 for (offset = 0; MAX_UNALIGNED > offset; offset++) { 1463 if (0 == (offset % 80)) 1464 printf("\n"); 1465 // move the start and size of the data block towards the end of the page 1466 test.Plen = (PAGE_LEN / 2) - offset; 1467 test.Alen = (PAGE_LEN / 4) - (offset * 4); //lengths must be a multiple of 4 bytes 1468 //Place data at end of page 1469 test.P = P + PAGE_LEN - test.Plen; 1470 test.C = C + PAGE_LEN - test.Plen; 1471 test.K = K + PAGE_LEN - test.Klen; 1472 test.IV = IV + PAGE_LEN - test.IVlen; 1473 test.A = A + PAGE_LEN - test.Alen; 1474 test.T = T + PAGE_LEN - test.Tlen; 1475 1476 mk_rand_data(test.P, test.Plen); 1477 mk_rand_data(test.K, test.Klen); 1478 mk_rand_data(test.IV, test.IVlen); 1479 mk_rand_data(test.A, test.Alen); 1480 if (GCM_128_KEY_LEN == key_len) { 1481 if (0 != check_vector(gkey, gctx, &test)) 1482 return 1; 1483 } else { 1484 if (0 != check_256_vector(gkey, gctx, &test)) 1485 return 1; 1486 } 1487 } 1488 } 1489 free(gkey); 1490 free(gctx); 1491 free(P); 1492 free(C); 1493 free(K); 1494 free(IV); 1495 free(A); 1496 free(T); 1497 1498 printf("\n"); 1499 return 0; 1500 } 1501 1502 int test_gcm128_std_vectors(gcm_vector const *vector) 1503 { 1504 struct gcm_key_data gkey; 1505 struct gcm_context_data gctx; 1506 int OK = 0; 1507 // Temporary array for the calculated vectors 1508 uint8_t *ct_test = NULL; 1509 uint8_t *pt_test = NULL; 1510 uint8_t *IV_c = NULL; 1511 uint8_t *T_test = NULL; 1512 uint8_t *T2_test = NULL; 1513 uint64_t IV_alloc_len = 0; 1514 int result; 1515 1516 #ifdef GCM_VECTORS_VERBOSE 1517 printf("AES-GCM-128:\n"); 1518 #endif 1519 1520 // Allocate space for the calculated ciphertext 1521 ct_test = malloc(vector->Plen); 1522 if (ct_test == NULL) { 1523 fprintf(stderr, "Can't allocate ciphertext memory\n"); 1524 return 1; 1525 } 1526 // Allocate space for the calculated ciphertext 1527 pt_test = malloc(vector->Plen); 1528 if (pt_test == NULL) { 1529 fprintf(stderr, "Can't allocate plaintext memory\n"); 1530 return 1; 1531 } 1532 IV_alloc_len = vector->IVlen; 1533 // Allocate space for the calculated ciphertext 1534 IV_c = malloc(IV_alloc_len); 1535 if (IV_c == NULL) { 1536 fprintf(stderr, "Can't allocate ciphertext memory\n"); 1537 return 1; 1538 } 1539 memcpy(IV_c, vector->IV, vector->IVlen); 1540 1541 T_test = malloc(vector->Tlen); 1542 T2_test = malloc(vector->Tlen); 1543 if ((T_test == NULL) || (T2_test == NULL)) { 1544 fprintf(stderr, "Can't allocate tag memory\n"); 1545 return 1; 1546 } 1547 // This is only required once for a given key 1548 aes_gcm_pre_128(vector->K, &gkey); 1549 #ifdef GCM_VECTORS_VERBOSE 1550 dump_gcm_data(&gkey); 1551 #endif 1552 1553 //// 1554 // ISA-l Encrypt 1555 //// 1556 aes_gcm_enc_128(&gkey, &gctx, ct_test, vector->P, vector->Plen, 1557 IV_c, vector->A, vector->Alen, T_test, vector->Tlen); 1558 OK |= check_data(ct_test, vector->C, vector->Plen, "ISA-L encrypted cypher text (C)"); 1559 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L tag (T)"); 1560 1561 openssl_aes_gcm_enc(vector->K, vector->IV, 1562 vector->IVlen, vector->A, 1563 vector->Alen, pt_test, vector->Tlen, 1564 vector->P, vector->Plen, ct_test); 1565 OK |= check_data(pt_test, T_test, vector->Tlen, "OpenSSL vs ISA-L tag (T)"); 1566 // test of in-place encrypt 1567 memcpy(pt_test, vector->P, vector->Plen); 1568 aes_gcm_enc_128(&gkey, &gctx, pt_test, pt_test, vector->Plen, IV_c, 1569 vector->A, vector->Alen, T_test, vector->Tlen); 1570 OK |= 1571 check_data(pt_test, vector->C, vector->Plen, 1572 "ISA-L encrypted cypher text(in-place)"); 1573 memset(ct_test, 0, vector->Plen); 1574 memset(T_test, 0, vector->Tlen); 1575 1576 //// 1577 // ISA-l Decrypt 1578 //// 1579 aes_gcm_dec_128(&gkey, &gctx, pt_test, vector->C, vector->Plen, 1580 IV_c, vector->A, vector->Alen, T_test, vector->Tlen); 1581 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 1582 // GCM decryption outputs a 16 byte tag value that must be verified against the expected tag value 1583 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L decrypted tag (T)"); 1584 1585 // test in in-place decrypt 1586 memcpy(ct_test, vector->C, vector->Plen); 1587 aes_gcm_dec_128(&gkey, &gctx, ct_test, ct_test, vector->Plen, IV_c, 1588 vector->A, vector->Alen, T_test, vector->Tlen); 1589 OK |= check_data(ct_test, vector->P, vector->Plen, "ISA-L plain text (P) - in-place"); 1590 OK |= 1591 check_data(T_test, vector->T, vector->Tlen, "ISA-L decrypted tag (T) - in-place"); 1592 // ISA-L enc -> ISA-L dec 1593 aes_gcm_enc_128(&gkey, &gctx, ct_test, vector->P, vector->Plen, 1594 IV_c, vector->A, vector->Alen, T_test, vector->Tlen); 1595 memset(pt_test, 0, vector->Plen); 1596 aes_gcm_dec_128(&gkey, &gctx, pt_test, ct_test, vector->Plen, IV_c, 1597 vector->A, vector->Alen, T2_test, vector->Tlen); 1598 OK |= 1599 check_data(pt_test, vector->P, vector->Plen, 1600 "ISA-L self decrypted plain text (P)"); 1601 OK |= check_data(T_test, T2_test, vector->Tlen, "ISA-L self decrypted tag (T)"); 1602 // OpenSSl enc -> ISA-L dec 1603 openssl_aes_gcm_enc(vector->K, vector->IV, 1604 vector->IVlen, vector->A, 1605 vector->Alen, T_test, vector->Tlen, 1606 vector->P, vector->Plen, ct_test); 1607 OK |= 1608 check_data(ct_test, vector->C, vector->Plen, "OpenSSL encrypted cypher text (C)"); 1609 memset(pt_test, 0, vector->Plen); 1610 aes_gcm_dec_128(&gkey, &gctx, pt_test, ct_test, vector->Plen, IV_c, 1611 vector->A, vector->Alen, T2_test, vector->Tlen); 1612 OK |= 1613 check_data(pt_test, vector->P, vector->Plen, 1614 "OpenSSL->ISA-L decrypted plain text (P)"); 1615 OK |= check_data(T_test, T2_test, vector->Tlen, "OpenSSL->ISA-L decrypted tag (T)"); 1616 // ISA-L enc -> OpenSSl dec 1617 aes_gcm_enc_128(&gkey, &gctx, ct_test, vector->P, vector->Plen, 1618 IV_c, vector->A, vector->Alen, T_test, vector->Tlen); 1619 memset(pt_test, 0, vector->Plen); 1620 result = 1621 openssl_aes_gcm_dec(vector->K, vector->IV, 1622 vector->IVlen, vector->A, 1623 vector->Alen, T_test, vector->Tlen, 1624 ct_test, vector->Plen, pt_test); 1625 if (-1 == result) 1626 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 1627 OK |= (-1 == result); 1628 OK |= check_data(pt_test, vector->P, vector->Plen, "OSSL decrypted plain text (C)"); 1629 if (NULL != ct_test) 1630 free(ct_test); 1631 if (NULL != pt_test) 1632 free(pt_test); 1633 if (NULL != IV_c) 1634 free(IV_c); 1635 if (NULL != T_test) 1636 free(T_test); 1637 if (NULL != T2_test) 1638 free(T2_test); 1639 1640 return OK; 1641 } 1642 1643 int test_gcm256_std_vectors(gcm_vector const *vector) 1644 { 1645 struct gcm_key_data gkey; 1646 struct gcm_context_data gctx; 1647 int OK = 0; 1648 // Temporary array for the calculated vectors 1649 uint8_t *ct_test = NULL; 1650 uint8_t *pt_test = NULL; 1651 uint8_t *IV_c = NULL; 1652 uint8_t *T_test = NULL; 1653 uint8_t *T2_test = NULL; 1654 uint64_t IV_alloc_len = 0; 1655 int result; 1656 1657 #ifdef GCM_VECTORS_VERBOSE 1658 printf("AES-GCM-256:\n"); 1659 #endif 1660 1661 // Allocate space for the calculated ciphertext 1662 ct_test = malloc(vector->Plen); 1663 // Allocate space for the calculated ciphertext 1664 pt_test = malloc(vector->Plen); 1665 if ((ct_test == NULL) || (pt_test == NULL)) { 1666 fprintf(stderr, "Can't allocate ciphertext or plaintext memory\n"); 1667 return 1; 1668 } 1669 IV_alloc_len = vector->IVlen; 1670 // Allocate space for the calculated ciphertext 1671 IV_c = malloc(IV_alloc_len); 1672 if (IV_c == NULL) { 1673 fprintf(stderr, "Can't allocate ciphertext memory\n"); 1674 return 1; 1675 } 1676 memcpy(IV_c, vector->IV, vector->IVlen); 1677 1678 T_test = malloc(vector->Tlen); 1679 T2_test = malloc(vector->Tlen); 1680 if (T_test == NULL) { 1681 fprintf(stderr, "Can't allocate tag memory\n"); 1682 return 1; 1683 } 1684 // This is only required once for a given key 1685 aes_gcm_pre_256(vector->K, &gkey); 1686 #ifdef GCM_VECTORS_VERBOSE 1687 dump_gcm_data(&gkey); 1688 #endif 1689 1690 //// 1691 // ISA-l Encrypt 1692 //// 1693 memset(ct_test, 0, vector->Plen); 1694 aes_gcm_enc_256(&gkey, &gctx, ct_test, vector->P, vector->Plen, 1695 IV_c, vector->A, vector->Alen, T_test, vector->Tlen); 1696 OK |= check_data(ct_test, vector->C, vector->Plen, "ISA-L encrypted cypher text (C)"); 1697 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L tag (T)"); 1698 1699 openssl_aes_256_gcm_enc(vector->K, vector->IV, 1700 vector->IVlen, vector->A, 1701 vector->Alen, pt_test, vector->Tlen, 1702 vector->P, vector->Plen, ct_test); 1703 OK |= check_data(ct_test, vector->C, vector->Tlen, "OpenSSL vs KA - cypher text (C)"); 1704 OK |= check_data(pt_test, vector->T, vector->Tlen, "OpenSSL vs KA - tag (T)"); 1705 OK |= check_data(pt_test, T_test, vector->Tlen, "OpenSSL vs ISA-L - tag (T)"); 1706 // test of in-place encrypt 1707 memcpy(pt_test, vector->P, vector->Plen); 1708 aes_gcm_enc_256(&gkey, &gctx, pt_test, pt_test, vector->Plen, IV_c, 1709 vector->A, vector->Alen, T_test, vector->Tlen); 1710 OK |= 1711 check_data(pt_test, vector->C, vector->Plen, 1712 "ISA-L encrypted cypher text(in-place)"); 1713 memset(ct_test, 0, vector->Plen); 1714 memset(T_test, 0, vector->Tlen); 1715 1716 //// 1717 // ISA-l Decrypt 1718 //// 1719 aes_gcm_dec_256(&gkey, &gctx, pt_test, vector->C, vector->Plen, 1720 IV_c, vector->A, vector->Alen, T_test, vector->Tlen); 1721 OK |= check_data(pt_test, vector->P, vector->Plen, "ISA-L decrypted plain text (P)"); 1722 // GCM decryption outputs a 16 byte tag value that must be verified against the expected tag value 1723 OK |= check_data(T_test, vector->T, vector->Tlen, "ISA-L decrypted tag (T)"); 1724 1725 // test in in-place decrypt 1726 memcpy(ct_test, vector->C, vector->Plen); 1727 aes_gcm_dec_256(&gkey, &gctx, ct_test, ct_test, vector->Plen, IV_c, 1728 vector->A, vector->Alen, T_test, vector->Tlen); 1729 OK |= check_data(ct_test, vector->P, vector->Plen, "ISA-L plain text (P) - in-place"); 1730 OK |= 1731 check_data(T_test, vector->T, vector->Tlen, "ISA-L decrypted tag (T) - in-place"); 1732 // ISA-L enc -> ISA-L dec 1733 aes_gcm_enc_256(&gkey, &gctx, ct_test, vector->P, vector->Plen, 1734 IV_c, vector->A, vector->Alen, T_test, vector->Tlen); 1735 memset(pt_test, 0, vector->Plen); 1736 aes_gcm_dec_256(&gkey, &gctx, pt_test, ct_test, vector->Plen, IV_c, 1737 vector->A, vector->Alen, T2_test, vector->Tlen); 1738 OK |= 1739 check_data(pt_test, vector->P, vector->Plen, 1740 "ISA-L self decrypted plain text (P)"); 1741 OK |= check_data(T_test, T2_test, vector->Tlen, "ISA-L self decrypted tag (T)"); 1742 // OpenSSl enc -> ISA-L dec 1743 openssl_aes_256_gcm_enc(vector->K, vector->IV, 1744 vector->IVlen, vector->A, 1745 vector->Alen, T_test, vector->Tlen, 1746 vector->P, vector->Plen, ct_test); 1747 OK |= 1748 check_data(ct_test, vector->C, vector->Plen, "OpenSSL encrypted cypher text (C)"); 1749 memset(pt_test, 0, vector->Plen); 1750 aes_gcm_dec_256(&gkey, &gctx, pt_test, ct_test, vector->Plen, IV_c, 1751 vector->A, vector->Alen, T2_test, vector->Tlen); 1752 OK |= 1753 check_data(pt_test, vector->P, vector->Plen, 1754 "OpenSSL->ISA-L decrypted plain text (P)"); 1755 OK |= check_data(T_test, T2_test, vector->Tlen, "OpenSSL->ISA-L decrypted tag (T)"); 1756 // ISA-L enc -> OpenSSl dec 1757 aes_gcm_enc_256(&gkey, &gctx, ct_test, vector->P, vector->Plen, 1758 IV_c, vector->A, vector->Alen, T_test, vector->Tlen); 1759 memset(pt_test, 0, vector->Plen); 1760 result = 1761 openssl_aes_256_gcm_dec(vector->K, vector->IV, 1762 vector->IVlen, vector->A, 1763 vector->Alen, T_test, vector->Tlen, 1764 ct_test, vector->Plen, pt_test); 1765 if (-1 == result) 1766 printf(" ISA-L->OpenSSL decryption failed Authentication\n"); 1767 OK |= (-1 == result); 1768 OK |= check_data(pt_test, vector->P, vector->Plen, "OSSL decrypted plain text (C)"); 1769 if (NULL != ct_test) 1770 free(ct_test); 1771 if (NULL != pt_test) 1772 free(pt_test); 1773 if (NULL != IV_c) 1774 free(IV_c); 1775 if (NULL != T_test) 1776 free(T_test); 1777 if (NULL != T2_test) 1778 free(T2_test); 1779 1780 return OK; 1781 } 1782 1783 int test_gcm_std_vectors(void) 1784 { 1785 int const vectors_cnt = sizeof(gcm_vectors) / sizeof(gcm_vectors[0]); 1786 int vect; 1787 int OK = 0; 1788 1789 printf("AES-GCM standard test vectors:\n"); 1790 for (vect = 0; vect < vectors_cnt; vect++) { 1791 #ifdef GCM_VECTORS_VERBOSE 1792 printf 1793 ("Standard vector %d/%d Keylen:%d IVlen:%d PTLen:%d AADlen:%d Tlen:%d\n", 1794 vect, vectors_cnt - 1, (int)gcm_vectors[vect].Klen, 1795 (int)gcm_vectors[vect].IVlen, (int)gcm_vectors[vect].Plen, 1796 (int)gcm_vectors[vect].Alen, (int)gcm_vectors[vect].Tlen); 1797 #else 1798 printf("."); 1799 #endif 1800 1801 if (BITS_128 == gcm_vectors[vect].Klen) { 1802 OK |= test_gcm128_std_vectors(&gcm_vectors[vect]); 1803 } else { 1804 OK |= test_gcm256_std_vectors(&gcm_vectors[vect]); 1805 } 1806 if (0 != OK) 1807 return OK; 1808 } 1809 printf("\n"); 1810 return OK; 1811 } 1812 1813 // The length of the data is set to length. The first stream is from 0 to start. After 1814 // that the data is broken into breaks chunks of equal size (except possibly the last 1815 // one due to divisibility). 1816 int test_gcm_strm_combinations2(int length, int start, int breaks) 1817 { 1818 gcm_vector test; 1819 int tag_len = 8; 1820 int t = 0; 1821 struct gcm_key_data *gkey = NULL; 1822 struct gcm_context_data *gctx = NULL; 1823 1824 gkey = malloc(sizeof(struct gcm_key_data)); 1825 gctx = malloc(sizeof(struct gcm_context_data)); 1826 if (NULL == gkey || NULL == gctx) 1827 return 1; 1828 1829 printf("AES GCM random test vectors of length %d and stream with %d breaks:", length, 1830 breaks + 1); 1831 for (t = 0; RANDOMS > t; t++) { 1832 int Plen = length; 1833 //lengths must be a multiple of 4 bytes 1834 int aad_len = (rand() % TEST_LEN); 1835 int offset = (rand() % MAX_UNALIGNED); 1836 if (offset == 0 && aad_len == 0) 1837 offset = OFFSET_BASE_VALUE; 1838 1839 if (0 == (t % 25)) 1840 printf("\n"); 1841 if (0 == (t % 10)) 1842 fflush(0); 1843 test.P = NULL; 1844 test.C = NULL; 1845 test.A = NULL; 1846 test.T = NULL; 1847 test.Plen = Plen; 1848 if (test.Plen + offset != 0) { 1849 test.P = malloc(test.Plen + offset); 1850 test.C = malloc(test.Plen + offset); 1851 } else { //This else clause is here because openssl 1.0.1k does not handle NULL pointers 1852 test.P = malloc(16); 1853 test.C = malloc(16); 1854 } 1855 test.K = malloc(GCM_128_KEY_LEN + offset); 1856 test.Klen = GCM_128_KEY_LEN; 1857 test.IV = malloc(GCM_IV_DATA_LEN + offset); 1858 test.IVlen = GCM_IV_DATA_LEN; 1859 test.A = malloc(aad_len + offset); 1860 1861 test.Alen = aad_len; 1862 test.T = malloc(MAX_TAG_LEN + offset); 1863 1864 if ((NULL == test.P && test.Plen != 0) || (NULL == test.K) 1865 || (NULL == test.IV)) { 1866 printf("malloc of testsize:0x%x failed\n", Plen); 1867 return 1; 1868 } 1869 1870 test.P += offset; 1871 test.C += offset; 1872 test.K += offset; 1873 test.IV += offset; 1874 test.A += offset; 1875 test.T += offset; 1876 1877 mk_rand_data(test.P, test.Plen); 1878 mk_rand_data(test.K, test.Klen); 1879 mk_rand_data(test.IV, test.IVlen); 1880 mk_rand_data(test.A, test.Alen); 1881 1882 // single Key length of 128bits/16bytes supported 1883 // single IV length of 96bits/12bytes supported 1884 // Tag lengths of 8, 12 or 16 1885 for (tag_len = 8; tag_len <= MAX_TAG_LEN;) { 1886 test.Tlen = tag_len; 1887 if (0 != check_strm_vector2(gkey, gctx, &test, length, start, breaks)) 1888 return 1; 1889 tag_len += 4; //supported lengths are 8, 12 or 16 1890 } 1891 test.A -= offset; 1892 free(test.A); 1893 test.C -= offset; 1894 free(test.C); 1895 test.IV -= offset; 1896 free(test.IV); 1897 test.K -= offset; 1898 free(test.K); 1899 test.P -= offset; 1900 free(test.P); 1901 test.T -= offset; 1902 free(test.T); 1903 } 1904 printf("\n"); 1905 free(gkey); 1906 free(gctx); 1907 return 0; 1908 } 1909 1910 int main(int argc, char **argv) 1911 { 1912 int errors = 0; 1913 int seed; 1914 1915 if (argc == 1) 1916 seed = TEST_SEED; 1917 else 1918 seed = atoi(argv[1]); 1919 1920 srand(seed); 1921 printf("SEED: %d\n", seed); 1922 1923 errors += test_gcm_std_vectors(); 1924 errors += test_gcm256_combinations(); 1925 errors += test_gcm_combinations(); 1926 errors += test_gcm_efence(); 1927 errors += test_gcm256_strm_combinations(TEST_LEN); 1928 errors += test_gcm_strm_combinations(TEST_LEN); 1929 errors += test_gcm256_strm_combinations(1024); 1930 errors += test_gcm_strm_combinations(1024); 1931 errors += test_gcm_strm_efence(); 1932 errors += test_gcm_strm_combinations2(1024, 0, 1024); 1933 1934 if (0 == errors) 1935 printf("...Pass\n"); 1936 else 1937 printf("...Fail\n"); 1938 1939 return errors; 1940 } 1941