iPXE
gcm_test.c
Go to the documentation of this file.
1/*
2 * Copyright (C) 2022 Michael Brown <mbrown@fensystems.co.uk>.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 of the
7 * License, or any later version.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17 * 02110-1301, USA.
18 *
19 * You can also choose to distribute this program under the terms of
20 * the Unmodified Binary Distribution Licence (as given in the file
21 * COPYING.UBDL), provided that you have satisfied its requirements.
22 */
23
24FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25
26/** @file
27 *
28 * Galois/Counter Mode (GCM) tests
29 *
30 * These test vectors are provided by NIST as part of the GCM proposed
31 * specification document (which, unlike the final published
32 * specification document, includes test vectors with intermediate
33 * values):
34 *
35 * https://csrc.nist.rip/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf
36 *
37 */
38
39/* Forcibly enable assertions */
40#undef NDEBUG
41
42#include <string.h>
43#include <ipxe/gcm.h>
44#include <ipxe/aes.h>
45#include <ipxe/test.h>
46#include "cipher_test.h"
47
48/** 128-bit zero key */
49#define GCM_KEY_128_ZERO \
50 KEY ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
51 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 )
52
53/** 128-bit key */
54#define GCM_KEY_128 \
55 KEY ( 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, \
56 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 )
57
58/** 192-bit zero key */
59#define GCM_KEY_192_ZERO \
60 KEY ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
61 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
62 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 )
63
64/** 192-bit key */
65#define GCM_KEY_192 \
66 KEY ( 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, \
67 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, \
68 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c )
69
70/** 256-bit zero key */
71#define GCM_KEY_256_ZERO \
72 KEY ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
73 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
74 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
75 0x00, 0x00, 0x00, 0x00, 0x00 )
76
77/** 256-bit key */
78#define GCM_KEY_256 \
79 KEY ( 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, \
80 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, \
81 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, \
82 0x94, 0x67, 0x30, 0x83, 0x08 )
83
84/** 64-bit IV */
85#define GCM_IV_64 \
86 IV ( 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad )
87
88/** 96-bit zero IV */
89#define GCM_IV_96_ZERO \
90 IV ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
91 0x00, 0x00, 0x00 )
92
93/** 96-bit IV */
94#define GCM_IV_96 \
95 IV ( 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, \
96 0xca, 0xf8, 0x88 )
97
98/** 480-bit IV */
99#define GCM_IV_480 \
100 IV ( 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, 0x55, \
101 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, 0x6a, 0x7a, \
102 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, 0xe4, 0xc3, 0x03, \
103 0xd2, 0xa3, 0x18, 0xa7, 0x28, 0xc3, 0xc0, 0xc9, 0x51, \
104 0x56, 0x80, 0x95, 0x39, 0xfc, 0xf0, 0xe2, 0x42, 0x9a, \
105 0x6b, 0x52, 0x54, 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, \
106 0x6a, 0x57, 0xa6, 0x37, 0xb3, 0x9b )
107
108/** Empty additional data */
109#define GCM_ADDITIONAL_EMPTY ADDITIONAL()
110
111/** 160-bit additional data */
112#define GCM_ADDITIONAL_160 \
113 ADDITIONAL ( 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, \
114 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, \
115 0xab, 0xad, 0xda, 0xd2 )
116
117/** Empty plaintext */
118#define GCM_PLAINTEXT_EMPTY PLAINTEXT()
119
120/** 128-bit zero plaintext */
121#define GCM_PLAINTEXT_128_ZERO \
122 PLAINTEXT ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
123 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 )
124
125/** 512-bit plaintext */
126#define GCM_PLAINTEXT_512 \
127 PLAINTEXT ( 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, \
128 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, \
129 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, \
130 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, \
131 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, \
132 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, \
133 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, \
134 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 )
135
136/** 480-bit plaintext */
137#define GCM_PLAINTEXT_480 \
138 PLAINTEXT ( 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, \
139 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, \
140 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, \
141 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, \
142 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, \
143 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, \
144 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, \
145 0xba, 0x63, 0x7b, 0x39 )
146
147/** Test 1 */
148CIPHER_TEST ( gcm_test_1, &aes_gcm_algorithm, GCM_KEY_128_ZERO,
149 GCM_IV_96_ZERO, GCM_ADDITIONAL_EMPTY, GCM_PLAINTEXT_EMPTY,
150 CIPHERTEXT(),
151 AUTH ( 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, 0x36,
152 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a ) );
153
154/** Test 2 */
155CIPHER_TEST ( gcm_test_2, &aes_gcm_algorithm, GCM_KEY_128_ZERO,
156 GCM_IV_96_ZERO, GCM_ADDITIONAL_EMPTY, GCM_PLAINTEXT_128_ZERO,
157 CIPHERTEXT ( 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
158 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 ),
159 AUTH ( 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd, 0xf5,
160 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf ) );
161
162/** Test 3 */
163CIPHER_TEST ( gcm_test_3, &aes_gcm_algorithm, GCM_KEY_128,
164 GCM_IV_96, GCM_ADDITIONAL_EMPTY, GCM_PLAINTEXT_512,
165 CIPHERTEXT ( 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
166 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
167 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
168 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
169 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
170 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
171 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
172 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 ),
173 AUTH ( 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6, 0x2c,
174 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 ) );
175
176/** Test 4 */
177CIPHER_TEST ( gcm_test_4, &aes_gcm_algorithm, GCM_KEY_128,
178 GCM_IV_96, GCM_ADDITIONAL_160, GCM_PLAINTEXT_480,
179 CIPHERTEXT ( 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
180 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
181 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
182 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
183 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
184 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
185 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
186 0x3d, 0x58, 0xe0, 0x91 ),
187 AUTH ( 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, 0x94,
188 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 ) );
189
190/** Test 5 */
191CIPHER_TEST ( gcm_test_5, &aes_gcm_algorithm, GCM_KEY_128,
192 GCM_IV_64, GCM_ADDITIONAL_160, GCM_PLAINTEXT_480,
193 CIPHERTEXT ( 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
194 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
195 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
196 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
197 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
198 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
199 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
200 0xc2, 0x3f, 0x45, 0x98 ),
201 AUTH ( 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85, 0x56,
202 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb ) );
203
204/** Test 6 */
205CIPHER_TEST ( gcm_test_6, &aes_gcm_algorithm, GCM_KEY_128,
206 GCM_IV_480, GCM_ADDITIONAL_160, GCM_PLAINTEXT_480,
207 CIPHERTEXT ( 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
208 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
209 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
210 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
211 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
212 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
213 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
214 0x4c, 0x34, 0xae, 0xe5 ),
215 AUTH ( 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa, 0x46,
216 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50 ) );
217
218/** Test 7 */
219CIPHER_TEST ( gcm_test_7, &aes_gcm_algorithm, GCM_KEY_192_ZERO,
220 GCM_IV_96_ZERO, GCM_ADDITIONAL_EMPTY, GCM_PLAINTEXT_EMPTY,
221 CIPHERTEXT(),
222 AUTH ( 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b, 0xa0,
223 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 ) );
224
225/** Test 8 */
226CIPHER_TEST ( gcm_test_8, &aes_gcm_algorithm, GCM_KEY_192_ZERO,
227 GCM_IV_96_ZERO, GCM_ADDITIONAL_EMPTY, GCM_PLAINTEXT_128_ZERO,
228 CIPHERTEXT ( 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
229 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 ),
230 AUTH ( 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab, 0x8e,
231 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb ) );
232
233/** Test 9 */
234CIPHER_TEST ( gcm_test_9, &aes_gcm_algorithm, GCM_KEY_192,
235 GCM_IV_96, GCM_ADDITIONAL_EMPTY, GCM_PLAINTEXT_512,
236 CIPHERTEXT ( 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
237 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
238 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
239 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
240 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
241 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
242 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
243 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 ),
244 AUTH ( 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf, 0xb1,
245 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 ) );
246
247/** Test 10 */
248CIPHER_TEST ( gcm_test_10, &aes_gcm_algorithm, GCM_KEY_192,
249 GCM_IV_96, GCM_ADDITIONAL_160, GCM_PLAINTEXT_480,
250 CIPHERTEXT ( 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
251 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
252 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
253 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
254 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
255 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
256 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
257 0xcc, 0xda, 0x27, 0x10 ),
258 AUTH ( 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f, 0x37,
259 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c ) );
260
261/** Test 11 */
262CIPHER_TEST ( gcm_test_11, &aes_gcm_algorithm, GCM_KEY_192,
263 GCM_IV_64, GCM_ADDITIONAL_160, GCM_PLAINTEXT_480,
264 CIPHERTEXT ( 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
265 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
266 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
267 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
268 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
269 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
270 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
271 0xa0, 0xf0, 0x62, 0xf7 ),
272 AUTH ( 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24, 0x09,
273 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8 ) );
274
275/** Test 12 */
276CIPHER_TEST ( gcm_test_12, &aes_gcm_algorithm, GCM_KEY_192,
277 GCM_IV_480, GCM_ADDITIONAL_160, GCM_PLAINTEXT_480,
278 CIPHERTEXT ( 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
279 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
280 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
281 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
282 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
283 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
284 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
285 0xe9, 0xb7, 0x37, 0x3b ),
286 AUTH ( 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb, 0xb8,
287 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 ) );
288
289/** Test 13 */
290CIPHER_TEST ( gcm_test_13, &aes_gcm_algorithm, GCM_KEY_256_ZERO,
291 GCM_IV_96_ZERO, GCM_ADDITIONAL_EMPTY, GCM_PLAINTEXT_EMPTY,
292 CIPHERTEXT(),
293 AUTH ( 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9, 0xa9,
294 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b ) );
295
296/** Test 14 */
297CIPHER_TEST ( gcm_test_14, &aes_gcm_algorithm, GCM_KEY_256_ZERO,
298 GCM_IV_96_ZERO, GCM_ADDITIONAL_EMPTY, GCM_PLAINTEXT_128_ZERO,
299 CIPHERTEXT ( 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
300 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 ),
301 AUTH ( 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26,
302 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 ) );
303
304/** Test 15 */
305CIPHER_TEST ( gcm_test_15, &aes_gcm_algorithm, GCM_KEY_256,
306 GCM_IV_96, GCM_ADDITIONAL_EMPTY, GCM_PLAINTEXT_512,
307 CIPHERTEXT ( 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
308 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
309 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
310 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
311 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
312 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
313 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
314 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad ),
315 AUTH ( 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd, 0xec,
316 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c ) );
317
318/** Test 16 */
319CIPHER_TEST ( gcm_test_16, &aes_gcm_algorithm, GCM_KEY_256,
320 GCM_IV_96, GCM_ADDITIONAL_160, GCM_PLAINTEXT_480,
321 CIPHERTEXT ( 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
322 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
323 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
324 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
325 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
326 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
327 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
328 0xbc, 0xc9, 0xf6, 0x62 ),
329 AUTH ( 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd,
330 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b ) );
331
332/** Test 17 */
333CIPHER_TEST ( gcm_test_17, &aes_gcm_algorithm, GCM_KEY_256,
334 GCM_IV_64, GCM_ADDITIONAL_160, GCM_PLAINTEXT_480,
335 CIPHERTEXT ( 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
336 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
337 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
338 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
339 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
340 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
341 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
342 0xf4, 0x7c, 0x9b, 0x1f ),
343 AUTH ( 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e,
344 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2 ) );
345
346/** Test 18 */
347CIPHER_TEST ( gcm_test_18, &aes_gcm_algorithm, GCM_KEY_256,
348 GCM_IV_480, GCM_ADDITIONAL_160, GCM_PLAINTEXT_480,
349 CIPHERTEXT ( 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
350 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
351 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
352 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
353 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
354 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
355 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
356 0x44, 0xae, 0x7e, 0x3f ),
357 AUTH ( 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0, 0xc8,
358 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a ) );
359
360/**
361 * Perform Galois/Counter Mode self-test
362 *
363 */
364static void gcm_test_exec ( void ) {
365 struct cipher_algorithm *gcm = &aes_gcm_algorithm;
366 unsigned int keylen;
367
368 /* Correctness tests */
369 cipher_ok ( &gcm_test_1 );
370 cipher_ok ( &gcm_test_2 );
371 cipher_ok ( &gcm_test_3 );
372 cipher_ok ( &gcm_test_4 );
373 cipher_ok ( &gcm_test_5 );
374 cipher_ok ( &gcm_test_6 );
375 cipher_ok ( &gcm_test_7 );
376 cipher_ok ( &gcm_test_8 );
377 cipher_ok ( &gcm_test_9 );
378 cipher_ok ( &gcm_test_10 );
379 cipher_ok ( &gcm_test_11 );
380 cipher_ok ( &gcm_test_12 );
381 cipher_ok ( &gcm_test_13 );
382 cipher_ok ( &gcm_test_14 );
383 cipher_ok ( &gcm_test_15 );
384 cipher_ok ( &gcm_test_16 );
385 cipher_ok ( &gcm_test_17 );
386 cipher_ok ( &gcm_test_18 );
387
388 /* Speed tests */
389 for ( keylen = 128 ; keylen <= 256 ; keylen += 64 ) {
390 DBG ( "AES-%d-GCM encryption required %ld cycles per byte\n",
391 keylen, cipher_cost_encrypt ( gcm, ( keylen / 8 ) ) );
392 DBG ( "AES-%d-GCM decryption required %ld cycles per byte\n",
393 keylen, cipher_cost_decrypt ( gcm, ( keylen / 8 ) ) );
394 }
395}
396
397/** Galois/Counter Mode self-test */
398struct self_test gcm_test __self_test = {
399 .name = "gcm",
400 .exec = gcm_test_exec,
401};
aes.h
AES algorithm.
aes_gcm_algorithm
struct cipher_algorithm aes_gcm_algorithm
cipher_cost_decrypt
unsigned long cipher_cost_decrypt(struct cipher_algorithm *cipher, size_t key_len)
Calculate cipher decryption cost.
Definition cipher_test.c:258
cipher_cost_encrypt
unsigned long cipher_cost_encrypt(struct cipher_algorithm *cipher, size_t key_len)
Calculate cipher encryption cost.
Definition cipher_test.c:246
cipher_test.h
Cipher self-tests.
cipher_ok
#define cipher_ok(test)
Report a cipher encryption and decryption test result.
Definition cipher_test.h:131
AUTH
#define AUTH(...)
Define inline authentication tag.
Definition cipher_test.h:60
CIPHER_TEST
#define CIPHER_TEST(name, CIPHER, KEY, IV, ADDITIONAL, PLAINTEXT, CIPHERTEXT, AUTH)
Define a cipher test.
Definition cipher_test.h:75
CIPHERTEXT
#define CIPHERTEXT(...)
Define inline ciphertext data.
Definition cipher_test.h:57
gcm.h
Galois/Counter Mode (GCM)
GCM_ADDITIONAL_EMPTY
#define GCM_ADDITIONAL_EMPTY
Empty additional data.
Definition gcm_test.c:109
GCM_KEY_192
#define GCM_KEY_192
192-bit key
Definition gcm_test.c:65
GCM_KEY_128_ZERO
#define GCM_KEY_128_ZERO
128-bit zero key
Definition gcm_test.c:49
GCM_KEY_128
#define GCM_KEY_128
128-bit key
Definition gcm_test.c:54
GCM_PLAINTEXT_EMPTY
#define GCM_PLAINTEXT_EMPTY
Empty plaintext.
Definition gcm_test.c:118
GCM_ADDITIONAL_160
#define GCM_ADDITIONAL_160
160-bit additional data
Definition gcm_test.c:112
GCM_IV_96_ZERO
#define GCM_IV_96_ZERO
96-bit zero IV
Definition gcm_test.c:89
GCM_KEY_256_ZERO
#define GCM_KEY_256_ZERO
256-bit zero key
Definition gcm_test.c:71
gcm_test_exec
static void gcm_test_exec(void)
Perform Galois/Counter Mode self-test.
Definition gcm_test.c:364
GCM_PLAINTEXT_128_ZERO
#define GCM_PLAINTEXT_128_ZERO
128-bit zero plaintext
Definition gcm_test.c:121
GCM_IV_96
#define GCM_IV_96
96-bit IV
Definition gcm_test.c:94
GCM_KEY_256
#define GCM_KEY_256
256-bit key
Definition gcm_test.c:78
GCM_PLAINTEXT_512
#define GCM_PLAINTEXT_512
512-bit plaintext
Definition gcm_test.c:126
GCM_IV_480
#define GCM_IV_480
480-bit IV
Definition gcm_test.c:99
GCM_PLAINTEXT_480
#define GCM_PLAINTEXT_480
480-bit plaintext
Definition gcm_test.c:137
GCM_KEY_192_ZERO
#define GCM_KEY_192_ZERO
192-bit zero key
Definition gcm_test.c:59
GCM_IV_64
#define GCM_IV_64
64-bit IV
Definition gcm_test.c:85
DBG
#define DBG(...)
Print a debugging message.
Definition compiler.h:498
FILE_LICENCE
#define FILE_LICENCE(_licence)
Declare a particular licence as applying to a file.
Definition compiler.h:896
string.h
String functions.
cipher_algorithm
A cipher algorithm.
Definition crypto.h:51
self_test
A self-test set.
Definition test.h:15
test.h
Self-test infrastructure.
__self_test
#define __self_test
Declare a self-test.
Definition test.h:32
Generated by doxygen 1.14.0