2 * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/crypto.h>
11 #include <openssl/aes.h>
12 #include <openssl/rand.h>
19 #define BIG_TEST_SIZE 10240
21 #if BIG_TEST_SIZE < TEST_SIZE
22 #error BIG_TEST_SIZE is smaller than TEST_SIZE
25 static unsigned char rkey[16];
26 static unsigned char rkey2[16];
27 static unsigned char plaintext[BIG_TEST_SIZE];
28 static unsigned char saved_iv[AES_BLOCK_SIZE * 4];
30 static void hexdump(FILE *f, const char *title, const unsigned char *s, int l)
34 fprintf(f, "%s", title);
37 fprintf(f, "\n%04x", n);
38 fprintf(f, " %02x", s[n]);
43 #define MAX_VECTOR_SIZE 64
46 const unsigned char key[16];
47 const unsigned char iv[32];
48 const unsigned char in[MAX_VECTOR_SIZE];
49 const unsigned char out[MAX_VECTOR_SIZE];
54 static struct ige_test const ige_test_vectors[] = {
55 {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
56 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key */
57 {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
58 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
59 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
60 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* iv */
61 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
62 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
63 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
64 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */
65 {0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52,
66 0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45,
67 0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3,
68 0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb}, /* out */
69 32, AES_ENCRYPT}, /* test vector 0 */
71 {{0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
72 0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65}, /* key */
73 {0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f,
74 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45,
75 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f,
76 0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53}, /* iv */
77 {0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73,
78 0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65,
79 0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74,
80 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a}, /* in */
81 {0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13,
82 0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a,
83 0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34,
84 0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b}, /* out */
85 32, AES_DECRYPT}, /* test vector 1 */
89 const unsigned char key1[32];
90 const unsigned char key2[32];
91 const unsigned char iv[64];
92 const unsigned char in[MAX_VECTOR_SIZE];
93 const unsigned char out[MAX_VECTOR_SIZE];
99 static struct bi_ige_test const bi_ige_test_vectors[] = {
100 {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
101 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key1 */
102 {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
103 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* key2 */
104 {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
105 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
106 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
107 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
108 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
109 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
110 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
111 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f}, /* iv */
112 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
113 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
114 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
115 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */
116 {0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56,
117 0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc,
118 0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16,
119 0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12}, /* out */
120 16, 32, AES_ENCRYPT}, /* test vector 0 */
121 {{0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c,
122 0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a,
123 0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75,
124 0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37}, /* key1 */
125 {0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13,
126 0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74,
127 0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21,
128 0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4}, /* key2 */
129 {0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9,
130 0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70,
131 0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42,
132 0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67,
133 0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a,
134 0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20,
135 0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd,
136 0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3}, /* iv */
137 {0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c,
138 0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0,
139 0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f,
140 0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b,
141 0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52,
142 0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a,
143 0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c,
144 0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */
145 {0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23,
146 0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79,
147 0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf,
148 0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92,
149 0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51,
150 0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67,
151 0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76,
152 0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */
153 32, 64, AES_ENCRYPT}, /* test vector 1 */
157 static int test_ige_vectors(int n)
159 const struct ige_test *const v = &ige_test_vectors[n];
161 unsigned char buf[MAX_VECTOR_SIZE];
162 unsigned char iv[AES_BLOCK_SIZE * 2];
165 if (!TEST_int_le(v->length, MAX_VECTOR_SIZE))
168 if (v->encrypt == AES_ENCRYPT)
169 AES_set_encrypt_key(v->key, 8 * sizeof v->key, &key);
171 AES_set_decrypt_key(v->key, 8 * sizeof v->key, &key);
172 memcpy(iv, v->iv, sizeof iv);
173 AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt);
175 if (!TEST_mem_eq(v->out, v->length, buf, v->length)) {
176 TEST_info("IGE test vector %d failed", n);
177 hexdump(stderr, "key", v->key, sizeof v->key);
178 hexdump(stderr, "iv", v->iv, sizeof v->iv);
179 hexdump(stderr, "in", v->in, v->length);
183 /* try with in == out */
184 memcpy(iv, v->iv, sizeof iv);
185 memcpy(buf, v->in, v->length);
186 AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt);
188 if (!TEST_mem_eq(v->out, v->length, buf, v->length)) {
189 TEST_info("IGE test vector %d failed (with in == out)", n);
190 hexdump(stderr, "key", v->key, sizeof v->key);
191 hexdump(stderr, "iv", v->iv, sizeof v->iv);
192 hexdump(stderr, "in", v->in, v->length);
199 static int test_bi_ige_vectors(int n)
201 const struct bi_ige_test *const v = &bi_ige_test_vectors[n];
204 unsigned char buf[MAX_VECTOR_SIZE];
206 if (!TEST_int_le(v->length, MAX_VECTOR_SIZE))
209 if (v->encrypt == AES_ENCRYPT) {
210 AES_set_encrypt_key(v->key1, 8 * v->keysize, &key1);
211 AES_set_encrypt_key(v->key2, 8 * v->keysize, &key2);
213 AES_set_decrypt_key(v->key1, 8 * v->keysize, &key1);
214 AES_set_decrypt_key(v->key2, 8 * v->keysize, &key2);
217 AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv,
220 if (!TEST_mem_eq(v->out, v->length, buf, v->length)) {
221 hexdump(stderr, "key 1", v->key1, sizeof v->key1);
222 hexdump(stderr, "key 2", v->key2, sizeof v->key2);
223 hexdump(stderr, "iv", v->iv, sizeof v->iv);
224 hexdump(stderr, "in", v->in, v->length);
231 static int test_ige_enc_dec(void)
234 unsigned char iv[AES_BLOCK_SIZE * 4];
235 unsigned char ciphertext[BIG_TEST_SIZE];
236 unsigned char checktext[BIG_TEST_SIZE];
238 memcpy(iv, saved_iv, sizeof iv);
239 AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
240 AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv, AES_ENCRYPT);
242 AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
243 memcpy(iv, saved_iv, sizeof iv);
244 AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT);
246 return TEST_mem_eq(checktext, TEST_SIZE, plaintext, TEST_SIZE);
249 static int test_ige_enc_chaining(void)
252 unsigned char iv[AES_BLOCK_SIZE * 4];
253 unsigned char ciphertext[BIG_TEST_SIZE];
254 unsigned char checktext[BIG_TEST_SIZE];
256 AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
257 memcpy(iv, saved_iv, sizeof iv);
258 AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv,
260 AES_ige_encrypt(plaintext + TEST_SIZE / 2,
261 ciphertext + TEST_SIZE / 2, TEST_SIZE / 2,
262 &key, iv, AES_ENCRYPT);
264 AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
265 memcpy(iv, saved_iv, sizeof iv);
266 AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT);
268 return TEST_mem_eq(checktext, TEST_SIZE, plaintext, TEST_SIZE);
271 static int test_ige_dec_chaining(void)
274 unsigned char iv[AES_BLOCK_SIZE * 4];
275 unsigned char ciphertext[BIG_TEST_SIZE];
276 unsigned char checktext[BIG_TEST_SIZE];
278 AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
279 memcpy(iv, saved_iv, sizeof iv);
280 AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv,
282 AES_ige_encrypt(plaintext + TEST_SIZE / 2,
283 ciphertext + TEST_SIZE / 2, TEST_SIZE / 2,
284 &key, iv, AES_ENCRYPT);
286 AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
287 memcpy(iv, saved_iv, sizeof iv);
288 AES_ige_encrypt(ciphertext, checktext, TEST_SIZE / 2, &key, iv,
290 AES_ige_encrypt(ciphertext + TEST_SIZE / 2,
291 checktext + TEST_SIZE / 2, TEST_SIZE / 2, &key, iv,
294 return TEST_mem_eq(checktext, TEST_SIZE, plaintext, TEST_SIZE);
297 static int test_ige_garble_forwards(void)
300 unsigned char iv[AES_BLOCK_SIZE * 4];
301 unsigned char ciphertext[BIG_TEST_SIZE];
302 unsigned char checktext[BIG_TEST_SIZE];
305 const size_t ctsize = sizeof(checktext);
308 AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
309 memcpy(iv, saved_iv, sizeof iv);
310 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
313 /* corrupt halfway through */
314 ++ciphertext[sizeof ciphertext / 2];
315 AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
316 memcpy(iv, saved_iv, sizeof iv);
317 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
321 for (n = 0; n < sizeof checktext; ++n)
322 if (checktext[n] == plaintext[n])
325 /* Fail if there is more than 51% matching bytes */
326 if (!TEST_size_t_le(matches, ctsize / 2 + ctsize / 100))
329 /* Fail if the garble goes backwards */
330 if (!TEST_size_t_gt(matches, ctsize / 2))
335 static int test_bi_ige_enc_dec(void)
338 unsigned char iv[AES_BLOCK_SIZE * 4];
339 unsigned char ciphertext[BIG_TEST_SIZE];
340 unsigned char checktext[BIG_TEST_SIZE];
342 memcpy(iv, saved_iv, sizeof iv);
343 AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
344 AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
345 AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv,
348 AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
349 AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
350 AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv,
353 return TEST_mem_eq(checktext, TEST_SIZE, plaintext, TEST_SIZE);
356 static int test_bi_ige_garble1(void)
359 unsigned char iv[AES_BLOCK_SIZE * 4];
360 unsigned char ciphertext[BIG_TEST_SIZE];
361 unsigned char checktext[BIG_TEST_SIZE];
365 memcpy(iv, saved_iv, sizeof iv);
366 AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
367 AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
368 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
371 /* corrupt halfway through */
372 ++ciphertext[sizeof ciphertext / 2];
373 AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
374 AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
375 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
379 for (n = 0; n < sizeof checktext; ++n)
380 if (checktext[n] == plaintext[n])
383 /* Fail if there is more than 1% matching bytes */
384 return TEST_size_t_le(matches, sizeof checktext / 100);
387 static int test_bi_ige_garble2(void)
390 unsigned char iv[AES_BLOCK_SIZE * 4];
391 unsigned char ciphertext[BIG_TEST_SIZE];
392 unsigned char checktext[BIG_TEST_SIZE];
396 memcpy(iv, saved_iv, sizeof iv);
397 AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
398 AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
399 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
402 /* corrupt right at the end */
403 ++ciphertext[sizeof ciphertext - 1];
404 AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
405 AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
406 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
410 for (n = 0; n < sizeof checktext; ++n)
411 if (checktext[n] == plaintext[n])
414 /* Fail if there is more than 1% matching bytes */
415 return TEST_size_t_le(matches, sizeof checktext / 100);
418 static int test_bi_ige_garble3(void)
421 unsigned char iv[AES_BLOCK_SIZE * 4];
422 unsigned char ciphertext[BIG_TEST_SIZE];
423 unsigned char checktext[BIG_TEST_SIZE];
427 memcpy(iv, saved_iv, sizeof iv);
428 AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
429 AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
430 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
433 /* corrupt right at the start */
435 AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
436 AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
437 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
441 for (n = 0; n < sizeof checktext; ++n)
442 if (checktext[n] == plaintext[n])
445 /* Fail if there is more than 1% matching bytes */
446 return TEST_size_t_le(matches, sizeof checktext / 100);
449 void register_tests(void)
451 RAND_bytes(rkey, sizeof rkey);
452 RAND_bytes(rkey2, sizeof rkey2);
453 RAND_bytes(plaintext, sizeof plaintext);
454 RAND_bytes(saved_iv, sizeof saved_iv);
456 ADD_TEST(test_ige_enc_dec);
457 ADD_TEST(test_ige_enc_chaining);
458 ADD_TEST(test_ige_dec_chaining);
459 ADD_TEST(test_ige_garble_forwards);
460 ADD_TEST(test_bi_ige_enc_dec);
461 ADD_TEST(test_bi_ige_garble1);
462 ADD_TEST(test_bi_ige_garble2);
463 ADD_TEST(test_bi_ige_garble3);
464 ADD_ALL_TESTS(test_ige_vectors, OSSL_NELEM(ige_test_vectors));
465 ADD_ALL_TESTS(test_bi_ige_vectors, OSSL_NELEM(bi_ige_test_vectors));