iPXE
gcm_test.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2022 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  */
23 
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25 
26 /** @file
27  *
28  * Galois/Counter Mode (GCM) tests
29  *
30  * These test vectors are provided by NIST as part of the GCM proposed
31  * specification document (which, unlike the final published
32  * specification document, includes test vectors with intermediate
33  * values):
34  *
35  * https://csrc.nist.rip/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf
36  *
37  */
38 
39 /* Forcibly enable assertions */
40 #undef NDEBUG
41 
42 #include <string.h>
43 #include <ipxe/gcm.h>
44 #include <ipxe/aes.h>
45 #include <ipxe/test.h>
46 #include "cipher_test.h"
47 
48 /** 128-bit zero key */
49 #define GCM_KEY_128_ZERO \
50  KEY ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
51  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 )
52 
53 /** 128-bit key */
54 #define GCM_KEY_128 \
55  KEY ( 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, \
56  0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 )
57 
58 /** 192-bit zero key */
59 #define GCM_KEY_192_ZERO \
60  KEY ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
61  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
62  0x00, 0x00, 0x00, 0x00, 0x00, 0x00 )
63 
64 /** 192-bit key */
65 #define GCM_KEY_192 \
66  KEY ( 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, \
67  0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, \
68  0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c )
69 
70 /** 256-bit zero key */
71 #define GCM_KEY_256_ZERO \
72  KEY ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
73  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
74  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
75  0x00, 0x00, 0x00, 0x00, 0x00 )
76 
77 /** 256-bit key */
78 #define GCM_KEY_256 \
79  KEY ( 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, \
80  0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, \
81  0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, \
82  0x94, 0x67, 0x30, 0x83, 0x08 )
83 
84 /** 64-bit IV */
85 #define GCM_IV_64 \
86  IV ( 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad )
87 
88 /** 96-bit zero IV */
89 #define GCM_IV_96_ZERO \
90  IV ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
91  0x00, 0x00, 0x00 )
92 
93 /** 96-bit IV */
94 #define GCM_IV_96 \
95  IV ( 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, \
96  0xca, 0xf8, 0x88 )
97 
98 /** 480-bit IV */
99 #define GCM_IV_480 \
100  IV ( 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, 0x55, \
101  0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, 0x6a, 0x7a, \
102  0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, 0xe4, 0xc3, 0x03, \
103  0xd2, 0xa3, 0x18, 0xa7, 0x28, 0xc3, 0xc0, 0xc9, 0x51, \
104  0x56, 0x80, 0x95, 0x39, 0xfc, 0xf0, 0xe2, 0x42, 0x9a, \
105  0x6b, 0x52, 0x54, 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, \
106  0x6a, 0x57, 0xa6, 0x37, 0xb3, 0x9b )
107 
108 /** Empty additional data */
109 #define GCM_ADDITIONAL_EMPTY ADDITIONAL()
110 
111 /** 160-bit additional data */
112 #define GCM_ADDITIONAL_160 \
113  ADDITIONAL ( 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, \
114  0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, \
115  0xab, 0xad, 0xda, 0xd2 )
116 
117 /** Empty plaintext */
118 #define GCM_PLAINTEXT_EMPTY PLAINTEXT()
119 
120 /** 128-bit zero plaintext */
121 #define GCM_PLAINTEXT_128_ZERO \
122  PLAINTEXT ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
123  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 )
124 
125 /** 512-bit plaintext */
126 #define GCM_PLAINTEXT_512 \
127  PLAINTEXT ( 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, \
128  0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, \
129  0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, \
130  0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, \
131  0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, \
132  0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, \
133  0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, \
134  0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 )
135 
136 /** 480-bit plaintext */
137 #define GCM_PLAINTEXT_480 \
138  PLAINTEXT ( 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, \
139  0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, \
140  0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, \
141  0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, \
142  0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, \
143  0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, \
144  0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, \
145  0xba, 0x63, 0x7b, 0x39 )
146 
147 /** Test 1 */
150  CIPHERTEXT(),
151  AUTH ( 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, 0x36,
152  0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a ) );
153 
154 /** Test 2 */
157  CIPHERTEXT ( 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
158  0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 ),
159  AUTH ( 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd, 0xf5,
160  0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf ) );
161 
162 /** Test 3 */
165  CIPHERTEXT ( 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
166  0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
167  0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
168  0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
169  0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
170  0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
171  0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
172  0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 ),
173  AUTH ( 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6, 0x2c,
174  0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 ) );
175 
176 /** Test 4 */
179  CIPHERTEXT ( 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
180  0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
181  0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
182  0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
183  0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
184  0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
185  0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
186  0x3d, 0x58, 0xe0, 0x91 ),
187  AUTH ( 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, 0x94,
188  0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 ) );
189 
190 /** Test 5 */
193  CIPHERTEXT ( 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
194  0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
195  0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
196  0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
197  0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
198  0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
199  0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
200  0xc2, 0x3f, 0x45, 0x98 ),
201  AUTH ( 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85, 0x56,
202  0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb ) );
203 
204 /** Test 6 */
207  CIPHERTEXT ( 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
208  0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
209  0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
210  0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
211  0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
212  0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
213  0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
214  0x4c, 0x34, 0xae, 0xe5 ),
215  AUTH ( 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa, 0x46,
216  0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50 ) );
217 
218 /** Test 7 */
221  CIPHERTEXT(),
222  AUTH ( 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b, 0xa0,
223  0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 ) );
224 
225 /** Test 8 */
228  CIPHERTEXT ( 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
229  0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 ),
230  AUTH ( 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab, 0x8e,
231  0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb ) );
232 
233 /** Test 9 */
236  CIPHERTEXT ( 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
237  0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
238  0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
239  0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
240  0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
241  0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
242  0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
243  0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 ),
244  AUTH ( 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf, 0xb1,
245  0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 ) );
246 
247 /** Test 10 */
248 CIPHER_TEST ( gcm_test_10, &aes_gcm_algorithm, GCM_KEY_192,
250  CIPHERTEXT ( 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
251  0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
252  0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
253  0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
254  0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
255  0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
256  0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
257  0xcc, 0xda, 0x27, 0x10 ),
258  AUTH ( 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f, 0x37,
259  0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c ) );
260 
261 /** Test 11 */
262 CIPHER_TEST ( gcm_test_11, &aes_gcm_algorithm, GCM_KEY_192,
264  CIPHERTEXT ( 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
265  0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
266  0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
267  0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
268  0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
269  0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
270  0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
271  0xa0, 0xf0, 0x62, 0xf7 ),
272  AUTH ( 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24, 0x09,
273  0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8 ) );
274 
275 /** Test 12 */
276 CIPHER_TEST ( gcm_test_12, &aes_gcm_algorithm, GCM_KEY_192,
278  CIPHERTEXT ( 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
279  0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
280  0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
281  0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
282  0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
283  0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
284  0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
285  0xe9, 0xb7, 0x37, 0x3b ),
286  AUTH ( 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb, 0xb8,
287  0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 ) );
288 
289 /** Test 13 */
292  CIPHERTEXT(),
293  AUTH ( 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9, 0xa9,
294  0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b ) );
295 
296 /** Test 14 */
299  CIPHERTEXT ( 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
300  0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 ),
301  AUTH ( 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26,
302  0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 ) );
303 
304 /** Test 15 */
305 CIPHER_TEST ( gcm_test_15, &aes_gcm_algorithm, GCM_KEY_256,
307  CIPHERTEXT ( 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
308  0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
309  0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
310  0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
311  0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
312  0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
313  0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
314  0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad ),
315  AUTH ( 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd, 0xec,
316  0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c ) );
317 
318 /** Test 16 */
319 CIPHER_TEST ( gcm_test_16, &aes_gcm_algorithm, GCM_KEY_256,
321  CIPHERTEXT ( 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
322  0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
323  0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
324  0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
325  0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
326  0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
327  0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
328  0xbc, 0xc9, 0xf6, 0x62 ),
329  AUTH ( 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd,
330  0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b ) );
331 
332 /** Test 17 */
333 CIPHER_TEST ( gcm_test_17, &aes_gcm_algorithm, GCM_KEY_256,
335  CIPHERTEXT ( 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
336  0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
337  0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
338  0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
339  0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
340  0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
341  0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
342  0xf4, 0x7c, 0x9b, 0x1f ),
343  AUTH ( 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e,
344  0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2 ) );
345 
346 /** Test 18 */
347 CIPHER_TEST ( gcm_test_18, &aes_gcm_algorithm, GCM_KEY_256,
349  CIPHERTEXT ( 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
350  0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
351  0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
352  0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
353  0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
354  0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
355  0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
356  0x44, 0xae, 0x7e, 0x3f ),
357  AUTH ( 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0, 0xc8,
358  0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a ) );
359 
360 /**
361  * Perform Galois/Counter Mode self-test
362  *
363  */
364 static void gcm_test_exec ( void ) {
365  struct cipher_algorithm *gcm = &aes_gcm_algorithm;
366  unsigned int keylen;
367 
368  /* Correctness tests */
369  cipher_ok ( &gcm_test_1 );
370  cipher_ok ( &gcm_test_2 );
371  cipher_ok ( &gcm_test_3 );
372  cipher_ok ( &gcm_test_4 );
373  cipher_ok ( &gcm_test_5 );
374  cipher_ok ( &gcm_test_6 );
375  cipher_ok ( &gcm_test_7 );
376  cipher_ok ( &gcm_test_8 );
377  cipher_ok ( &gcm_test_9 );
378  cipher_ok ( &gcm_test_10 );
379  cipher_ok ( &gcm_test_11 );
380  cipher_ok ( &gcm_test_12 );
381  cipher_ok ( &gcm_test_13 );
382  cipher_ok ( &gcm_test_14 );
383  cipher_ok ( &gcm_test_15 );
384  cipher_ok ( &gcm_test_16 );
385  cipher_ok ( &gcm_test_17 );
386  cipher_ok ( &gcm_test_18 );
387 
388  /* Speed tests */
389  for ( keylen = 128 ; keylen <= 256 ; keylen += 64 ) {
390  DBG ( "AES-%d-GCM encryption required %ld cycles per byte\n",
391  keylen, cipher_cost_encrypt ( gcm, ( keylen / 8 ) ) );
392  DBG ( "AES-%d-GCM decryption required %ld cycles per byte\n",
393  keylen, cipher_cost_decrypt ( gcm, ( keylen / 8 ) ) );
394  }
395 }
396 
397 /** Galois/Counter Mode self-test */
398 struct self_test gcm_test __self_test = {
399  .name = "gcm",
400  .exec = gcm_test_exec,
401 };
#define AUTH(...)
Define inline authentication tag.
Definition: cipher_test.h:60
struct cipher_algorithm aes_gcm_algorithm
#define CIPHERTEXT(...)
Define inline ciphertext data.
Definition: cipher_test.h:57
#define GCM_IV_480
480-bit IV
Definition: gcm_test.c:99
#define GCM_KEY_256
256-bit key
Definition: gcm_test.c:78
CIPHER_TEST(gcm_test_1, &aes_gcm_algorithm, GCM_KEY_128_ZERO, GCM_IV_96_ZERO, GCM_ADDITIONAL_EMPTY, GCM_PLAINTEXT_EMPTY, CIPHERTEXT(), AUTH(0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a))
Test 1.
#define GCM_KEY_128
128-bit key
Definition: gcm_test.c:54
Self-test infrastructure.
const char * name
Test set name.
Definition: test.h:17
A self-test set.
Definition: test.h:15
unsigned long cipher_cost_decrypt(struct cipher_algorithm *cipher, size_t key_len)
Calculate cipher decryption cost.
Definition: cipher_test.c:258
#define GCM_KEY_192_ZERO
192-bit zero key
Definition: gcm_test.c:59
#define GCM_PLAINTEXT_512
512-bit plaintext
Definition: gcm_test.c:126
#define GCM_KEY_192
192-bit key
Definition: gcm_test.c:65
#define GCM_PLAINTEXT_EMPTY
Empty plaintext.
Definition: gcm_test.c:118
static void const void size_t keylen
Definition: crypto.h:233
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
#define GCM_KEY_128_ZERO
128-bit zero key
Definition: gcm_test.c:49
AES algorithm.
#define GCM_PLAINTEXT_480
480-bit plaintext
Definition: gcm_test.c:137
#define cipher_ok(test)
Report a cipher encryption and decryption test result.
Definition: cipher_test.h:131
struct self_test gcm_test __self_test
Galois/Counter Mode self-test.
Definition: gcm_test.c:398
Cipher self-tests.
#define GCM_KEY_256_ZERO
256-bit zero key
Definition: gcm_test.c:71
Galois/Counter Mode (GCM)
#define GCM_IV_64
64-bit IV
Definition: gcm_test.c:85
A cipher algorithm.
Definition: crypto.h:49
#define DBG(...)
Print a debugging message.
Definition: compiler.h:498
static void gcm_test_exec(void)
Perform Galois/Counter Mode self-test.
Definition: gcm_test.c:364
#define GCM_ADDITIONAL_160
160-bit additional data
Definition: gcm_test.c:112
#define GCM_IV_96
96-bit IV
Definition: gcm_test.c:94
unsigned long cipher_cost_encrypt(struct cipher_algorithm *cipher, size_t key_len)
Calculate cipher encryption cost.
Definition: cipher_test.c:246
#define GCM_IV_96_ZERO
96-bit zero IV
Definition: gcm_test.c:89
#define GCM_PLAINTEXT_128_ZERO
128-bit zero plaintext
Definition: gcm_test.c:121
String functions.
#define GCM_ADDITIONAL_EMPTY
Empty additional data.
Definition: gcm_test.c:109