1c7da899bSchristos /*
213d40330Schristos * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
3a89c9211Schristos *
4*b0d17251Schristos * Licensed under the Apache License 2.0 (the "License"). You may not use
5c7da899bSchristos * this file except in compliance with the License. You can obtain a copy
6c7da899bSchristos * in the file LICENSE in the source distribution or at
7c7da899bSchristos * https://www.openssl.org/source/license.html
8a89c9211Schristos */
9a89c9211Schristos
10*b0d17251Schristos /* The AES_ige_* functions are deprecated, so we suppress warnings about them */
11*b0d17251Schristos #define OPENSSL_SUPPRESS_DEPRECATED
12*b0d17251Schristos
13c7da899bSchristos #include <openssl/crypto.h>
14a89c9211Schristos #include <openssl/aes.h>
15a89c9211Schristos #include <openssl/rand.h>
16a89c9211Schristos #include <stdio.h>
17a89c9211Schristos #include <string.h>
1813d40330Schristos #include "internal/nelem.h"
1913d40330Schristos #include "testutil.h"
20a89c9211Schristos
21*b0d17251Schristos #ifndef OPENSSL_NO_DEPRECATED_3_0
22*b0d17251Schristos
23a89c9211Schristos # define TEST_SIZE 128
24a89c9211Schristos # define BIG_TEST_SIZE 10240
25a89c9211Schristos
2613d40330Schristos # if BIG_TEST_SIZE < TEST_SIZE
2713d40330Schristos # error BIG_TEST_SIZE is smaller than TEST_SIZE
2813d40330Schristos # endif
29a89c9211Schristos
3013d40330Schristos static unsigned char rkey[16];
3113d40330Schristos static unsigned char rkey2[16];
3213d40330Schristos static unsigned char plaintext[BIG_TEST_SIZE];
3313d40330Schristos static unsigned char saved_iv[AES_BLOCK_SIZE * 4];
34a89c9211Schristos
35a89c9211Schristos # define MAX_VECTOR_SIZE 64
36a89c9211Schristos
37635165faSspz struct ige_test {
38a89c9211Schristos const unsigned char key[16];
39a89c9211Schristos const unsigned char iv[32];
40a89c9211Schristos const unsigned char in[MAX_VECTOR_SIZE];
41a89c9211Schristos const unsigned char out[MAX_VECTOR_SIZE];
42a89c9211Schristos const size_t length;
43a89c9211Schristos const int encrypt;
44a89c9211Schristos };
45a89c9211Schristos
46a89c9211Schristos static struct ige_test const ige_test_vectors[] = {
47a89c9211Schristos {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
48a89c9211Schristos 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key */
49a89c9211Schristos {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
50a89c9211Schristos 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
51a89c9211Schristos 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
52a89c9211Schristos 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* iv */
53a89c9211Schristos {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
54a89c9211Schristos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
55a89c9211Schristos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
56a89c9211Schristos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */
57a89c9211Schristos {0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52,
58a89c9211Schristos 0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45,
59a89c9211Schristos 0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3,
60a89c9211Schristos 0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb}, /* out */
61a89c9211Schristos 32, AES_ENCRYPT}, /* test vector 0 */
62a89c9211Schristos
63a89c9211Schristos {{0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
64a89c9211Schristos 0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65}, /* key */
65a89c9211Schristos {0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f,
66a89c9211Schristos 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45,
67a89c9211Schristos 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f,
68a89c9211Schristos 0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53}, /* iv */
69a89c9211Schristos {0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73,
70a89c9211Schristos 0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65,
71a89c9211Schristos 0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74,
72a89c9211Schristos 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a}, /* in */
73a89c9211Schristos {0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13,
74a89c9211Schristos 0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a,
75a89c9211Schristos 0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34,
76a89c9211Schristos 0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b}, /* out */
77a89c9211Schristos 32, AES_DECRYPT}, /* test vector 1 */
78a89c9211Schristos };
79a89c9211Schristos
80635165faSspz struct bi_ige_test {
81a89c9211Schristos const unsigned char key1[32];
82a89c9211Schristos const unsigned char key2[32];
83a89c9211Schristos const unsigned char iv[64];
84a89c9211Schristos const unsigned char in[MAX_VECTOR_SIZE];
85a89c9211Schristos const unsigned char out[MAX_VECTOR_SIZE];
86a89c9211Schristos const size_t keysize;
87a89c9211Schristos const size_t length;
88a89c9211Schristos const int encrypt;
89a89c9211Schristos };
90a89c9211Schristos
91a89c9211Schristos static struct bi_ige_test const bi_ige_test_vectors[] = {
92a89c9211Schristos {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
93a89c9211Schristos 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key1 */
94a89c9211Schristos {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
95a89c9211Schristos 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* key2 */
96a89c9211Schristos {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
97a89c9211Schristos 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
98a89c9211Schristos 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
99a89c9211Schristos 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
100a89c9211Schristos 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
101a89c9211Schristos 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
102a89c9211Schristos 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
103a89c9211Schristos 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f}, /* iv */
104a89c9211Schristos {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
105a89c9211Schristos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
106a89c9211Schristos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
107a89c9211Schristos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */
108a89c9211Schristos {0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56,
109a89c9211Schristos 0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc,
110a89c9211Schristos 0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16,
111a89c9211Schristos 0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12}, /* out */
112a89c9211Schristos 16, 32, AES_ENCRYPT}, /* test vector 0 */
113a89c9211Schristos {{0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c,
114a89c9211Schristos 0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a,
115a89c9211Schristos 0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75,
116a89c9211Schristos 0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37}, /* key1 */
117a89c9211Schristos {0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13,
118a89c9211Schristos 0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74,
119a89c9211Schristos 0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21,
120a89c9211Schristos 0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4}, /* key2 */
121a89c9211Schristos {0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9,
122a89c9211Schristos 0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70,
123a89c9211Schristos 0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42,
124a89c9211Schristos 0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67,
125a89c9211Schristos 0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a,
126a89c9211Schristos 0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20,
127a89c9211Schristos 0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd,
128a89c9211Schristos 0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3}, /* iv */
129a89c9211Schristos {0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c,
130a89c9211Schristos 0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0,
131a89c9211Schristos 0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f,
132a89c9211Schristos 0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b,
133a89c9211Schristos 0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52,
134a89c9211Schristos 0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a,
135a89c9211Schristos 0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c,
136a89c9211Schristos 0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */
137a89c9211Schristos {0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23,
138a89c9211Schristos 0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79,
139a89c9211Schristos 0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf,
140a89c9211Schristos 0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92,
141a89c9211Schristos 0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51,
142a89c9211Schristos 0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67,
143a89c9211Schristos 0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76,
144a89c9211Schristos 0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */
145a89c9211Schristos 32, 64, AES_ENCRYPT}, /* test vector 1 */
146a89c9211Schristos
147a89c9211Schristos };
148a89c9211Schristos
test_ige_vectors(int n)14913d40330Schristos static int test_ige_vectors(int n)
150a89c9211Schristos {
151a89c9211Schristos const struct ige_test *const v = &ige_test_vectors[n];
152a89c9211Schristos AES_KEY key;
153a89c9211Schristos unsigned char buf[MAX_VECTOR_SIZE];
154a89c9211Schristos unsigned char iv[AES_BLOCK_SIZE * 2];
15513d40330Schristos int testresult = 1;
156a89c9211Schristos
15713d40330Schristos if (!TEST_int_le(v->length, MAX_VECTOR_SIZE))
15813d40330Schristos return 0;
159a89c9211Schristos
160a89c9211Schristos if (v->encrypt == AES_ENCRYPT)
16153060421Schristos AES_set_encrypt_key(v->key, 8 * sizeof(v->key), &key);
162a89c9211Schristos else
16353060421Schristos AES_set_decrypt_key(v->key, 8 * sizeof(v->key), &key);
16453060421Schristos memcpy(iv, v->iv, sizeof(iv));
165a89c9211Schristos AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt);
166a89c9211Schristos
16713d40330Schristos if (!TEST_mem_eq(v->out, v->length, buf, v->length)) {
16813d40330Schristos TEST_info("IGE test vector %d failed", n);
16913d40330Schristos test_output_memory("key", v->key, sizeof(v->key));
17013d40330Schristos test_output_memory("iv", v->iv, sizeof(v->iv));
17113d40330Schristos test_output_memory("in", v->in, v->length);
17213d40330Schristos testresult = 0;
173a89c9211Schristos }
174a89c9211Schristos
175a89c9211Schristos /* try with in == out */
17653060421Schristos memcpy(iv, v->iv, sizeof(iv));
177a89c9211Schristos memcpy(buf, v->in, v->length);
178a89c9211Schristos AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt);
179a89c9211Schristos
18013d40330Schristos if (!TEST_mem_eq(v->out, v->length, buf, v->length)) {
18113d40330Schristos TEST_info("IGE test vector %d failed (with in == out)", n);
18213d40330Schristos test_output_memory("key", v->key, sizeof(v->key));
18313d40330Schristos test_output_memory("iv", v->iv, sizeof(v->iv));
18413d40330Schristos test_output_memory("in", v->in, v->length);
18513d40330Schristos testresult = 0;
186a89c9211Schristos }
187a89c9211Schristos
18813d40330Schristos return testresult;
18913d40330Schristos }
19013d40330Schristos
test_bi_ige_vectors(int n)19113d40330Schristos static int test_bi_ige_vectors(int n)
19213d40330Schristos {
193a89c9211Schristos const struct bi_ige_test *const v = &bi_ige_test_vectors[n];
194a89c9211Schristos AES_KEY key1;
195a89c9211Schristos AES_KEY key2;
196a89c9211Schristos unsigned char buf[MAX_VECTOR_SIZE];
197a89c9211Schristos
19813d40330Schristos if (!TEST_int_le(v->length, MAX_VECTOR_SIZE))
19913d40330Schristos return 0;
200a89c9211Schristos
201635165faSspz if (v->encrypt == AES_ENCRYPT) {
202a89c9211Schristos AES_set_encrypt_key(v->key1, 8 * v->keysize, &key1);
203a89c9211Schristos AES_set_encrypt_key(v->key2, 8 * v->keysize, &key2);
204635165faSspz } else {
205a89c9211Schristos AES_set_decrypt_key(v->key1, 8 * v->keysize, &key1);
206a89c9211Schristos AES_set_decrypt_key(v->key2, 8 * v->keysize, &key2);
207a89c9211Schristos }
208a89c9211Schristos
209a89c9211Schristos AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv,
210a89c9211Schristos v->encrypt);
211a89c9211Schristos
21213d40330Schristos if (!TEST_mem_eq(v->out, v->length, buf, v->length)) {
21313d40330Schristos test_output_memory("key 1", v->key1, sizeof(v->key1));
21413d40330Schristos test_output_memory("key 2", v->key2, sizeof(v->key2));
21513d40330Schristos test_output_memory("iv", v->iv, sizeof(v->iv));
21613d40330Schristos test_output_memory("in", v->in, v->length);
21713d40330Schristos return 0;
218a89c9211Schristos }
219a89c9211Schristos
22013d40330Schristos return 1;
221a89c9211Schristos }
222a89c9211Schristos
test_ige_enc_dec(void)22313d40330Schristos static int test_ige_enc_dec(void)
224a89c9211Schristos {
225a89c9211Schristos AES_KEY key;
22613d40330Schristos unsigned char iv[AES_BLOCK_SIZE * 4];
227a89c9211Schristos unsigned char ciphertext[BIG_TEST_SIZE];
228a89c9211Schristos unsigned char checktext[BIG_TEST_SIZE];
229a89c9211Schristos
23013d40330Schristos memcpy(iv, saved_iv, sizeof(iv));
23153060421Schristos AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
232635165faSspz AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv, AES_ENCRYPT);
233a89c9211Schristos
23453060421Schristos AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
23553060421Schristos memcpy(iv, saved_iv, sizeof(iv));
236635165faSspz AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT);
237a89c9211Schristos
23813d40330Schristos return TEST_mem_eq(checktext, TEST_SIZE, plaintext, TEST_SIZE);
239a89c9211Schristos }
240a89c9211Schristos
test_ige_enc_chaining(void)24113d40330Schristos static int test_ige_enc_chaining(void)
24213d40330Schristos {
24313d40330Schristos AES_KEY key;
24413d40330Schristos unsigned char iv[AES_BLOCK_SIZE * 4];
24513d40330Schristos unsigned char ciphertext[BIG_TEST_SIZE];
24613d40330Schristos unsigned char checktext[BIG_TEST_SIZE];
24713d40330Schristos
24853060421Schristos AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
24953060421Schristos memcpy(iv, saved_iv, sizeof(iv));
250a89c9211Schristos AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv,
251a89c9211Schristos AES_ENCRYPT);
252a89c9211Schristos AES_ige_encrypt(plaintext + TEST_SIZE / 2,
253a89c9211Schristos ciphertext + TEST_SIZE / 2, TEST_SIZE / 2,
254a89c9211Schristos &key, iv, AES_ENCRYPT);
255a89c9211Schristos
25653060421Schristos AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
25753060421Schristos memcpy(iv, saved_iv, sizeof(iv));
258635165faSspz AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT);
259a89c9211Schristos
26013d40330Schristos return TEST_mem_eq(checktext, TEST_SIZE, plaintext, TEST_SIZE);
261a89c9211Schristos }
262a89c9211Schristos
test_ige_dec_chaining(void)26313d40330Schristos static int test_ige_dec_chaining(void)
26413d40330Schristos {
26513d40330Schristos AES_KEY key;
26613d40330Schristos unsigned char iv[AES_BLOCK_SIZE * 4];
26713d40330Schristos unsigned char ciphertext[BIG_TEST_SIZE];
26813d40330Schristos unsigned char checktext[BIG_TEST_SIZE];
26913d40330Schristos
27053060421Schristos AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
27153060421Schristos memcpy(iv, saved_iv, sizeof(iv));
272a89c9211Schristos AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv,
273a89c9211Schristos AES_ENCRYPT);
274a89c9211Schristos AES_ige_encrypt(plaintext + TEST_SIZE / 2,
275a89c9211Schristos ciphertext + TEST_SIZE / 2, TEST_SIZE / 2,
276a89c9211Schristos &key, iv, AES_ENCRYPT);
277a89c9211Schristos
27853060421Schristos AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
27953060421Schristos memcpy(iv, saved_iv, sizeof(iv));
280a89c9211Schristos AES_ige_encrypt(ciphertext, checktext, TEST_SIZE / 2, &key, iv,
281a89c9211Schristos AES_DECRYPT);
282a89c9211Schristos AES_ige_encrypt(ciphertext + TEST_SIZE / 2,
283a89c9211Schristos checktext + TEST_SIZE / 2, TEST_SIZE / 2, &key, iv,
284a89c9211Schristos AES_DECRYPT);
285a89c9211Schristos
28613d40330Schristos return TEST_mem_eq(checktext, TEST_SIZE, plaintext, TEST_SIZE);
287a89c9211Schristos }
288a89c9211Schristos
test_ige_garble_forwards(void)28913d40330Schristos static int test_ige_garble_forwards(void)
29013d40330Schristos {
29113d40330Schristos AES_KEY key;
29213d40330Schristos unsigned char iv[AES_BLOCK_SIZE * 4];
29313d40330Schristos unsigned char ciphertext[BIG_TEST_SIZE];
29413d40330Schristos unsigned char checktext[BIG_TEST_SIZE];
29513d40330Schristos unsigned int n;
29613d40330Schristos int testresult = 1;
29713d40330Schristos const size_t ctsize = sizeof(checktext);
29813d40330Schristos size_t matches;
29913d40330Schristos
30053060421Schristos AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
30153060421Schristos memcpy(iv, saved_iv, sizeof(iv));
30253060421Schristos AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv,
303a89c9211Schristos AES_ENCRYPT);
304a89c9211Schristos
305a89c9211Schristos /* corrupt halfway through */
30653060421Schristos ++ciphertext[sizeof(ciphertext) / 2];
30753060421Schristos AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
30853060421Schristos memcpy(iv, saved_iv, sizeof(iv));
30953060421Schristos AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv,
310a89c9211Schristos AES_DECRYPT);
311a89c9211Schristos
312a89c9211Schristos matches = 0;
31353060421Schristos for (n = 0; n < sizeof(checktext); ++n)
314a89c9211Schristos if (checktext[n] == plaintext[n])
315a89c9211Schristos ++matches;
316a89c9211Schristos
31713d40330Schristos /* Fail if there is more than 51% matching bytes */
31813d40330Schristos if (!TEST_size_t_le(matches, ctsize / 2 + ctsize / 100))
31913d40330Schristos testresult = 0;
32013d40330Schristos
32113d40330Schristos /* Fail if the garble goes backwards */
32213d40330Schristos if (!TEST_size_t_gt(matches, ctsize / 2))
32313d40330Schristos testresult = 0;
32413d40330Schristos return testresult;
325a89c9211Schristos }
326a89c9211Schristos
test_bi_ige_enc_dec(void)32713d40330Schristos static int test_bi_ige_enc_dec(void)
32813d40330Schristos {
32913d40330Schristos AES_KEY key, key2;
33013d40330Schristos unsigned char iv[AES_BLOCK_SIZE * 4];
33113d40330Schristos unsigned char ciphertext[BIG_TEST_SIZE];
33213d40330Schristos unsigned char checktext[BIG_TEST_SIZE];
333a89c9211Schristos
33413d40330Schristos memcpy(iv, saved_iv, sizeof(iv));
33553060421Schristos AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
33653060421Schristos AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
337a89c9211Schristos AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv,
338a89c9211Schristos AES_ENCRYPT);
339a89c9211Schristos
34053060421Schristos AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
34153060421Schristos AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
342a89c9211Schristos AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv,
343a89c9211Schristos AES_DECRYPT);
344a89c9211Schristos
34513d40330Schristos return TEST_mem_eq(checktext, TEST_SIZE, plaintext, TEST_SIZE);
346a89c9211Schristos }
347a89c9211Schristos
test_bi_ige_garble1(void)34813d40330Schristos static int test_bi_ige_garble1(void)
34913d40330Schristos {
35013d40330Schristos AES_KEY key, key2;
35113d40330Schristos unsigned char iv[AES_BLOCK_SIZE * 4];
35213d40330Schristos unsigned char ciphertext[BIG_TEST_SIZE];
35313d40330Schristos unsigned char checktext[BIG_TEST_SIZE];
35413d40330Schristos unsigned int n;
35513d40330Schristos size_t matches;
35613d40330Schristos
35713d40330Schristos memcpy(iv, saved_iv, sizeof(iv));
35853060421Schristos AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
35953060421Schristos AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
36053060421Schristos AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv,
361a89c9211Schristos AES_ENCRYPT);
362a89c9211Schristos
363a89c9211Schristos /* corrupt halfway through */
36453060421Schristos ++ciphertext[sizeof(ciphertext) / 2];
36553060421Schristos AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
36653060421Schristos AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
36753060421Schristos AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv,
368a89c9211Schristos AES_DECRYPT);
369a89c9211Schristos
370a89c9211Schristos matches = 0;
37153060421Schristos for (n = 0; n < sizeof(checktext); ++n)
372a89c9211Schristos if (checktext[n] == plaintext[n])
373a89c9211Schristos ++matches;
374a89c9211Schristos
37513d40330Schristos /* Fail if there is more than 1% matching bytes */
37613d40330Schristos return TEST_size_t_le(matches, sizeof(checktext) / 100);
377a89c9211Schristos }
378a89c9211Schristos
test_bi_ige_garble2(void)37913d40330Schristos static int test_bi_ige_garble2(void)
38013d40330Schristos {
38113d40330Schristos AES_KEY key, key2;
38213d40330Schristos unsigned char iv[AES_BLOCK_SIZE * 4];
38313d40330Schristos unsigned char ciphertext[BIG_TEST_SIZE];
38413d40330Schristos unsigned char checktext[BIG_TEST_SIZE];
38513d40330Schristos unsigned int n;
38613d40330Schristos size_t matches;
38713d40330Schristos
38813d40330Schristos memcpy(iv, saved_iv, sizeof(iv));
38953060421Schristos AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
39053060421Schristos AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
39153060421Schristos AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv,
392a89c9211Schristos AES_ENCRYPT);
393a89c9211Schristos
394a89c9211Schristos /* corrupt right at the end */
39553060421Schristos ++ciphertext[sizeof(ciphertext) - 1];
39653060421Schristos AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
39753060421Schristos AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
39853060421Schristos AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv,
399a89c9211Schristos AES_DECRYPT);
400a89c9211Schristos
401a89c9211Schristos matches = 0;
40253060421Schristos for (n = 0; n < sizeof(checktext); ++n)
403a89c9211Schristos if (checktext[n] == plaintext[n])
404a89c9211Schristos ++matches;
405a89c9211Schristos
40613d40330Schristos /* Fail if there is more than 1% matching bytes */
40713d40330Schristos return TEST_size_t_le(matches, sizeof(checktext) / 100);
408a89c9211Schristos }
409a89c9211Schristos
test_bi_ige_garble3(void)41013d40330Schristos static int test_bi_ige_garble3(void)
41113d40330Schristos {
41213d40330Schristos AES_KEY key, key2;
41313d40330Schristos unsigned char iv[AES_BLOCK_SIZE * 4];
41413d40330Schristos unsigned char ciphertext[BIG_TEST_SIZE];
41513d40330Schristos unsigned char checktext[BIG_TEST_SIZE];
41613d40330Schristos unsigned int n;
41713d40330Schristos size_t matches;
41813d40330Schristos
41913d40330Schristos memcpy(iv, saved_iv, sizeof(iv));
42053060421Schristos AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
42153060421Schristos AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
42253060421Schristos AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv,
423a89c9211Schristos AES_ENCRYPT);
424a89c9211Schristos
425a89c9211Schristos /* corrupt right at the start */
426a89c9211Schristos ++ciphertext[0];
42753060421Schristos AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
42853060421Schristos AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
42953060421Schristos AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv,
430a89c9211Schristos AES_DECRYPT);
431a89c9211Schristos
432a89c9211Schristos matches = 0;
43353060421Schristos for (n = 0; n < sizeof(checktext); ++n)
434a89c9211Schristos if (checktext[n] == plaintext[n])
435a89c9211Schristos ++matches;
436a89c9211Schristos
43713d40330Schristos /* Fail if there is more than 1% matching bytes */
43813d40330Schristos return TEST_size_t_le(matches, sizeof(checktext) / 100);
439a89c9211Schristos }
440*b0d17251Schristos #endif
441a89c9211Schristos
setup_tests(void)44213d40330Schristos int setup_tests(void)
44313d40330Schristos {
444*b0d17251Schristos #ifndef OPENSSL_NO_DEPRECATED_3_0
44513d40330Schristos RAND_bytes(rkey, sizeof(rkey));
44613d40330Schristos RAND_bytes(rkey2, sizeof(rkey2));
44713d40330Schristos RAND_bytes(plaintext, sizeof(plaintext));
44813d40330Schristos RAND_bytes(saved_iv, sizeof(saved_iv));
449a89c9211Schristos
45013d40330Schristos ADD_TEST(test_ige_enc_dec);
45113d40330Schristos ADD_TEST(test_ige_enc_chaining);
45213d40330Schristos ADD_TEST(test_ige_dec_chaining);
45313d40330Schristos ADD_TEST(test_ige_garble_forwards);
45413d40330Schristos ADD_TEST(test_bi_ige_enc_dec);
45513d40330Schristos ADD_TEST(test_bi_ige_garble1);
45613d40330Schristos ADD_TEST(test_bi_ige_garble2);
45713d40330Schristos ADD_TEST(test_bi_ige_garble3);
45813d40330Schristos ADD_ALL_TESTS(test_ige_vectors, OSSL_NELEM(ige_test_vectors));
45913d40330Schristos ADD_ALL_TESTS(test_bi_ige_vectors, OSSL_NELEM(bi_ige_test_vectors));
460*b0d17251Schristos #endif
46113d40330Schristos return 1;
462a89c9211Schristos }
463