Home | History | Annotate | Download | only in gcm 
      1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
      2  *
      3  * LibTomCrypt is a library that provides various cryptographic
      4  * algorithms in a highly modular and flexible manner.
      5  *
      6  * The library is free for all purposes without any express
      7  * guarantee it works.
      8  *
      9  * Tom St Denis, tomstdenis (at) gmail.com, http://libtomcrypt.com
     10  */
     11 
     12 /**
     13    @file gcm_test.c
     14    GCM implementation, testing, by Tom St Denis
     15 */
     16 #include "tomcrypt.h"
     17 
     18 #ifdef GCM_MODE
     19 
     20 /**
     21   Test the GCM code
     22   @return CRYPT_OK on success
     23  */
     24 int gcm_test(void)
     25 {
     26 #ifndef LTC_TEST
     27    return CRYPT_NOP;
     28 #else
     29    static const struct {
     30        unsigned char K[32];
     31        int           keylen;
     32        unsigned char P[128];
     33        unsigned long ptlen;
     34        unsigned char A[128];
     35        unsigned long alen;
     36        unsigned char IV[128];
     37        unsigned long IVlen;
     38        unsigned char C[128];
     39        unsigned char T[16];
     40    } tests[] = {
     41 
     42 /* test case #1 */
     43 {
     44   /* key */
     45   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     46     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
     47   16,
     48 
     49   /* plaintext */
     50   { 0 },
     51   0,
     52 
     53   /* AAD data */
     54   { 0 },
     55   0,
     56 
     57   /* IV */
     58   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     59     0x00, 0x00, 0x00, 0x00 },
     60   12,
     61 
     62   /* ciphertext  */
     63   { 0 },
     64 
     65   /* tag */
     66   { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
     67     0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a }
     68 },
     69 
     70 /* test case #2 */
     71 {
     72   /* key */
     73   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     74     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
     75   16,
     76 
     77   /* PT */
     78   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     79     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
     80   16,
     81 
     82   /* ADATA */
     83   { 0 },
     84   0,
     85 
     86   /* IV */
     87   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     88     0x00, 0x00, 0x00, 0x00 },
     89   12,
     90 
     91   /* CT */
     92   { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
     93     0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 },
     94 
     95   /* TAG */
     96   { 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
     97     0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf }
     98 },
     99 
    100 /* test case #3 */
    101 {
    102    /* key */
    103    { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
    104      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
    105    16,
    106 
    107    /* PT */
    108    { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
    109      0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
    110      0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
    111      0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
    112      0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
    113      0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
    114      0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
    115      0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55, },
    116   64,
    117 
    118   /* ADATA */
    119   { 0 },
    120   0,
    121 
    122   /* IV */
    123   { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
    124     0xde, 0xca, 0xf8, 0x88,  },
    125   12,
    126 
    127   /* CT */
    128   { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
    129     0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
    130     0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
    131     0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
    132     0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
    133     0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
    134     0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
    135     0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85, },
    136 
    137   /* TAG */
    138   { 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
    139     0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4, }
    140 },
    141 
    142 /* test case #4 */
    143 {
    144    /* key */
    145    { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
    146      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
    147    16,
    148 
    149    /* PT */
    150    { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
    151      0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
    152      0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
    153      0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
    154      0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
    155      0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
    156      0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
    157      0xba, 0x63, 0x7b, 0x39,  },
    158    60,
    159 
    160    /* ADATA */
    161    { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
    162      0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
    163      0xab, 0xad, 0xda, 0xd2,  },
    164    20,
    165 
    166    /* IV */
    167    { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
    168      0xde, 0xca, 0xf8, 0x88,  },
    169    12,
    170 
    171    /* CT */
    172    { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
    173      0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
    174      0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
    175      0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
    176      0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
    177      0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
    178      0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
    179      0x3d, 0x58, 0xe0, 0x91,  },
    180 
    181    /* TAG */
    182    { 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
    183      0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47, }
    184 
    185 },
    186 
    187 /* test case #5 */
    188 {
    189    /* key */
    190    { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
    191      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
    192    16,
    193 
    194    /* PT */
    195    { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
    196      0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
    197      0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
    198      0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
    199      0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
    200      0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
    201      0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
    202      0xba, 0x63, 0x7b, 0x39,  },
    203    60,
    204 
    205    /* ADATA */
    206    { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
    207      0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
    208      0xab, 0xad, 0xda, 0xd2,  },
    209    20,
    210 
    211    /* IV */
    212    { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, },
    213    8,
    214 
    215    /* CT */
    216    { 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
    217      0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
    218      0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
    219      0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
    220      0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
    221      0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
    222      0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
    223      0xc2, 0x3f, 0x45, 0x98,  },
    224 
    225    /* TAG */
    226    { 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
    227      0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb, }
    228 },
    229 
    230 /* test case #6 */
    231 {
    232    /* key */
    233    { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
    234      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
    235    16,
    236 
    237    /* PT */
    238    { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
    239      0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
    240      0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
    241      0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
    242      0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
    243      0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
    244      0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
    245      0xba, 0x63, 0x7b, 0x39,  },
    246    60,
    247 
    248    /* ADATA */
    249    { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
    250      0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
    251      0xab, 0xad, 0xda, 0xd2,  },
    252    20,
    253 
    254    /* IV */
    255    { 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
    256      0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
    257      0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
    258      0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
    259      0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
    260      0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
    261      0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
    262      0xa6, 0x37, 0xb3, 0x9b,  },
    263    60,
    264 
    265    /* CT */
    266    { 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
    267      0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
    268      0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
    269      0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
    270      0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
    271      0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
    272      0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
    273      0x4c, 0x34, 0xae, 0xe5,  },
    274 
    275    /* TAG */
    276    { 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
    277      0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50, }
    278 },
    279 
    280 /* test case #46 from BG (catches the LTC bug of v1.15) */
    281 {
    282    /* key */
    283    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    284      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
    285    16,
    286 
    287    /* PT */
    288    { 0xa2, 0xaa, 0xb3, 0xad, 0x8b, 0x17, 0xac, 0xdd,
    289      0xa2, 0x88, 0x42, 0x6c, 0xd7, 0xc4, 0x29, 0xb7,
    290      0xca, 0x86, 0xb7, 0xac, 0xa0, 0x58, 0x09, 0xc7,
    291      0x0c, 0xe8, 0x2d, 0xb2, 0x57, 0x11, 0xcb, 0x53,
    292      0x02, 0xeb, 0x27, 0x43, 0xb0, 0x36, 0xf3, 0xd7,
    293      0x50, 0xd6, 0xcf, 0x0d, 0xc0, 0xac, 0xb9, 0x29,
    294      0x50, 0xd5, 0x46, 0xdb, 0x30, 0x8f, 0x93, 0xb4,
    295      0xff, 0x24, 0x4a, 0xfa, 0x9d, 0xc7, 0x2b, 0xcd,
    296      0x75, 0x8d, 0x2c },
    297    67,
    298 
    299    /* ADATA */
    300    { 0x68, 0x8e, 0x1a, 0xa9, 0x84, 0xde, 0x92, 0x6d,
    301      0xc7, 0xb4, 0xc4, 0x7f, 0x44 },
    302    13,
    303 
    304    /* IV */
    305    { 0xb7, 0x21, 0x38, 0xb5, 0xa0, 0x5f, 0xf5, 0x07,
    306      0x0e, 0x8c, 0xd9, 0x41, 0x83, 0xf7, 0x61, 0xd8 },
    307    16,
    308 
    309    /* CT */
    310    { 0xcb, 0xc8, 0xd2, 0xf1, 0x54, 0x81, 0xa4, 0xcc,
    311      0x7d, 0xd1, 0xe1, 0x9a, 0xaa, 0x83, 0xde, 0x56,
    312      0x78, 0x48, 0x3e, 0xc3, 0x59, 0xae, 0x7d, 0xec,
    313      0x2a, 0xb8, 0xd5, 0x34, 0xe0, 0x90, 0x6f, 0x4b,
    314      0x46, 0x63, 0xfa, 0xff, 0x58, 0xa8, 0xb2, 0xd7,
    315      0x33, 0xb8, 0x45, 0xee, 0xf7, 0xc9, 0xb3, 0x31,
    316      0xe9, 0xe1, 0x0e, 0xb2, 0x61, 0x2c, 0x99, 0x5f,
    317      0xeb, 0x1a, 0xc1, 0x5a, 0x62, 0x86, 0xcc, 0xe8,
    318      0xb2, 0x97, 0xa8 },
    319 
    320    /* TAG */
    321    { 0x8d, 0x2d, 0x2a, 0x93, 0x72, 0x62, 0x6f, 0x6b,
    322      0xee, 0x85, 0x80, 0x27, 0x6a, 0x63, 0x66, 0xbf }
    323 }
    324 
    325 /* rest of test cases are the same except AES key size changes... ignored... */
    326 };
    327    int           idx, err;
    328    unsigned long x, y;
    329    unsigned char out[2][128], T[2][16];
    330 
    331    /* find aes */
    332    idx = find_cipher("aes");
    333    if (idx == -1) {
    334       idx = find_cipher("rijndael");
    335       if (idx == -1) {
    336          return CRYPT_NOP;
    337       }
    338    }
    339 
    340    for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
    341        y = sizeof(T[0]);
    342        if ((err = gcm_memory(idx, tests[x].K, tests[x].keylen,
    343                              tests[x].IV, tests[x].IVlen,
    344                              tests[x].A, tests[x].alen,
    345                              (unsigned char*)tests[x].P, tests[x].ptlen,
    346                              out[0], T[0], &y, GCM_ENCRYPT)) != CRYPT_OK) {
    347           return err;
    348        }
    349 
    350        if (XMEMCMP(out[0], tests[x].C, tests[x].ptlen)) {
    351 #if 0
    352           printf("\nCiphertext wrong %lu\n", x);
    353           for (y = 0; y < tests[x].ptlen; y++) {
    354               printf("%02x", out[0][y] & 255);
    355           }
    356           printf("\n");
    357 #endif
    358           return CRYPT_FAIL_TESTVECTOR;
    359        }
    360 
    361        if (XMEMCMP(T[0], tests[x].T, 16)) {
    362 #if 0
    363           printf("\nTag on plaintext wrong %lu\n", x);
    364           for (y = 0; y < 16; y++) {
    365               printf("%02x", T[0][y] & 255);
    366           }
    367           printf("\n");
    368 #endif
    369           return CRYPT_FAIL_TESTVECTOR;
    370        }
    371 
    372        y = sizeof(T[1]);
    373        if ((err = gcm_memory(idx, tests[x].K, tests[x].keylen,
    374                              tests[x].IV, tests[x].IVlen,
    375                              tests[x].A, tests[x].alen,
    376                              out[1], tests[x].ptlen,
    377                              out[0], T[1], &y, GCM_DECRYPT)) != CRYPT_OK) {
    378           return err;
    379        }
    380 
    381        if (XMEMCMP(out[1], tests[x].P, tests[x].ptlen)) {
    382 #if 0
    383           printf("\nplaintext wrong %lu\n", x);
    384           for (y = 0; y < tests[x].ptlen; y++) {
    385               printf("%02x", out[0][y] & 255);
    386           }
    387           printf("\n");
    388 #endif
    389           return CRYPT_FAIL_TESTVECTOR;
    390        }
    391 
    392        if (XMEMCMP(T[1], tests[x].T, 16)) {
    393 #if 0
    394           printf("\nTag on ciphertext wrong %lu\n", x);
    395           for (y = 0; y < 16; y++) {
    396               printf("%02x", T[1][y] & 255);
    397           }
    398           printf("\n");
    399 #endif
    400           return CRYPT_FAIL_TESTVECTOR;
    401        }
    402 
    403    }
    404    return CRYPT_OK;
    405 #endif
    406 }
    407 
    408 #endif
    409 
    410 
    411 /* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_test.c,v $ */
    412 /* $Revision: 1.20 $ */
    413 /* $Date: 2006/12/03 17:25:44 $ */
    414