2 * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/crypto.h>
11 #include <openssl/aes.h>
12 #include <openssl/rand.h>
19 #define BIG_TEST_SIZE 10240
21 #if BIG_TEST_SIZE < TEST_SIZE
22 #error BIG_TEST_SIZE is smaller than TEST_SIZE
25 static unsigned char rkey[16];
26 static unsigned char rkey2[16];
27 static unsigned char plaintext[BIG_TEST_SIZE];
28 static unsigned char saved_iv[AES_BLOCK_SIZE * 4];
30 static void hexdump(FILE *f, const char *title, const unsigned char *s, int l)
34 fprintf(f, "%s", title);
37 fprintf(f, "\n%04x", n);
38 fprintf(f, " %02x", s[n]);
43 #define MAX_VECTOR_SIZE 64
46 const unsigned char key[16];
47 const unsigned char iv[32];
48 const unsigned char in[MAX_VECTOR_SIZE];
49 const unsigned char out[MAX_VECTOR_SIZE];
54 static struct ige_test const ige_test_vectors[] = {
55 {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
56 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key */
57 {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
58 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
59 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
60 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* iv */
61 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
62 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
63 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
64 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */
65 {0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52,
66 0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45,
67 0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3,
68 0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb}, /* out */
69 32, AES_ENCRYPT}, /* test vector 0 */
71 {{0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
72 0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65}, /* key */
73 {0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f,
74 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45,
75 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f,
76 0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53}, /* iv */
77 {0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73,
78 0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65,
79 0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74,
80 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a}, /* in */
81 {0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13,
82 0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a,
83 0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34,
84 0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b}, /* out */
85 32, AES_DECRYPT}, /* test vector 1 */
89 const unsigned char key1[32];
90 const unsigned char key2[32];
91 const unsigned char iv[64];
92 const unsigned char in[MAX_VECTOR_SIZE];
93 const unsigned char out[MAX_VECTOR_SIZE];
99 static struct bi_ige_test const bi_ige_test_vectors[] = {
100 {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
101 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key1 */
102 {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
103 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* key2 */
104 {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
105 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
106 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
107 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
108 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
109 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
110 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
111 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f}, /* iv */
112 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
113 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
114 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
115 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */
116 {0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56,
117 0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc,
118 0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16,
119 0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12}, /* out */
120 16, 32, AES_ENCRYPT}, /* test vector 0 */
121 {{0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c,
122 0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a,
123 0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75,
124 0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37}, /* key1 */
125 {0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13,
126 0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74,
127 0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21,
128 0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4}, /* key2 */
129 {0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9,
130 0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70,
131 0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42,
132 0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67,
133 0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a,
134 0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20,
135 0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd,
136 0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3}, /* iv */
137 {0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c,
138 0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0,
139 0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f,
140 0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b,
141 0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52,
142 0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a,
143 0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c,
144 0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */
145 {0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23,
146 0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79,
147 0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf,
148 0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92,
149 0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51,
150 0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67,
151 0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76,
152 0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */
153 32, 64, AES_ENCRYPT}, /* test vector 1 */
157 static int test_ige_vectors(int n)
159 const struct ige_test *const v = &ige_test_vectors[n];
161 unsigned char buf[MAX_VECTOR_SIZE];
162 unsigned char iv[AES_BLOCK_SIZE * 2];
165 if (!TEST_int_le(v->length, MAX_VECTOR_SIZE))
168 if (v->encrypt == AES_ENCRYPT)
169 AES_set_encrypt_key(v->key, 8 * sizeof v->key, &key);
171 AES_set_decrypt_key(v->key, 8 * sizeof v->key, &key);
172 memcpy(iv, v->iv, sizeof iv);
173 AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt);
175 if (!TEST_mem_eq(v->out, v->length, buf, v->length)) {
176 TEST_info("IGE test vector %d failed", n);
177 hexdump(stderr, "key", v->key, sizeof v->key);
178 hexdump(stderr, "iv", v->iv, sizeof v->iv);
179 hexdump(stderr, "in", v->in, v->length);
183 /* try with in == out */
184 memcpy(iv, v->iv, sizeof iv);
185 memcpy(buf, v->in, v->length);
186 AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt);
188 if (!TEST_mem_eq(v->out, v->length, buf, v->length)) {
189 TEST_info("IGE test vector %d failed (with in == out)", n);
190 hexdump(stderr, "key", v->key, sizeof v->key);
191 hexdump(stderr, "iv", v->iv, sizeof v->iv);
192 hexdump(stderr, "in", v->in, v->length);
199 static int test_bi_ige_vectors(int n)
201 const struct bi_ige_test *const v = &bi_ige_test_vectors[n];
204 unsigned char buf[MAX_VECTOR_SIZE];
206 if (!TEST_int_le(v->length, MAX_VECTOR_SIZE))
209 if (v->encrypt == AES_ENCRYPT) {
210 AES_set_encrypt_key(v->key1, 8 * v->keysize, &key1);
211 AES_set_encrypt_key(v->key2, 8 * v->keysize, &key2);
213 AES_set_decrypt_key(v->key1, 8 * v->keysize, &key1);
214 AES_set_decrypt_key(v->key2, 8 * v->keysize, &key2);
217 AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv,
220 if (!TEST_mem_eq(v->out, v->length, buf, v->length)) {
221 hexdump(stderr, "key 1", v->key1, sizeof v->key1);
222 hexdump(stderr, "key 2", v->key2, sizeof v->key2);
223 hexdump(stderr, "iv", v->iv, sizeof v->iv);
224 hexdump(stderr, "in", v->in, v->length);
231 static int test_ige_enc_dec(void)
234 unsigned char iv[AES_BLOCK_SIZE * 4];
235 unsigned char ciphertext[BIG_TEST_SIZE];
236 unsigned char checktext[BIG_TEST_SIZE];
238 memcpy(iv, saved_iv, sizeof iv);
239 AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
240 AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv, AES_ENCRYPT);
242 AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
243 memcpy(iv, saved_iv, sizeof iv);
244 AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT);
246 return TEST_mem_eq(checktext, TEST_SIZE, plaintext, TEST_SIZE);
249 static int test_ige_enc_chaining(void)
252 unsigned char iv[AES_BLOCK_SIZE * 4];
253 unsigned char ciphertext[BIG_TEST_SIZE];
254 unsigned char checktext[BIG_TEST_SIZE];
256 AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
257 memcpy(iv, saved_iv, sizeof iv);
258 AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv,
260 AES_ige_encrypt(plaintext + TEST_SIZE / 2,
261 ciphertext + TEST_SIZE / 2, TEST_SIZE / 2,
262 &key, iv, AES_ENCRYPT);
264 AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
265 memcpy(iv, saved_iv, sizeof iv);
266 AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT);
268 return TEST_mem_eq(checktext, TEST_SIZE, plaintext, TEST_SIZE);
271 static int test_ige_dec_chaining(void)
274 unsigned char iv[AES_BLOCK_SIZE * 4];
275 unsigned char ciphertext[BIG_TEST_SIZE];
276 unsigned char checktext[BIG_TEST_SIZE];
278 AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
279 memcpy(iv, saved_iv, sizeof iv);
280 AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv,
282 AES_ige_encrypt(plaintext + TEST_SIZE / 2,
283 ciphertext + TEST_SIZE / 2, TEST_SIZE / 2,
284 &key, iv, AES_ENCRYPT);
286 AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
287 memcpy(iv, saved_iv, sizeof iv);
288 AES_ige_encrypt(ciphertext, checktext, TEST_SIZE / 2, &key, iv,
290 AES_ige_encrypt(ciphertext + TEST_SIZE / 2,
291 checktext + TEST_SIZE / 2, TEST_SIZE / 2, &key, iv,
294 return TEST_mem_eq(checktext, TEST_SIZE, plaintext, TEST_SIZE);
297 static int test_ige_garble_forwards(void)
300 unsigned char iv[AES_BLOCK_SIZE * 4];
301 unsigned char ciphertext[BIG_TEST_SIZE];
302 unsigned char checktext[BIG_TEST_SIZE];
305 const size_t ctsize = sizeof(checktext);
308 AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
309 memcpy(iv, saved_iv, sizeof iv);
310 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
313 /* corrupt halfway through */
314 ++ciphertext[sizeof ciphertext / 2];
315 AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
316 memcpy(iv, saved_iv, sizeof iv);
317 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
321 for (n = 0; n < sizeof checktext; ++n)
322 if (checktext[n] == plaintext[n])
325 /* Fail if there is more than 51% matching bytes */
326 if (!TEST_size_t_le(matches, ctsize / 2 + ctsize / 100))
329 /* Fail if the garble goes backwards */
330 if (!TEST_size_t_gt(matches, ctsize / 2))
335 static int test_bi_ige_enc_dec(void)
338 unsigned char iv[AES_BLOCK_SIZE * 4];
339 unsigned char ciphertext[BIG_TEST_SIZE];
340 unsigned char checktext[BIG_TEST_SIZE];
342 memcpy(iv, saved_iv, sizeof iv);
343 AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
344 AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
345 AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv,
348 AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
349 AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
350 AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv,
353 return TEST_mem_eq(checktext, TEST_SIZE, plaintext, TEST_SIZE);
356 static int test_bi_ige_garble1(void)
359 unsigned char iv[AES_BLOCK_SIZE * 4];
360 unsigned char ciphertext[BIG_TEST_SIZE];
361 unsigned char checktext[BIG_TEST_SIZE];
365 AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
366 AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
367 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
370 /* corrupt halfway through */
371 ++ciphertext[sizeof ciphertext / 2];
372 AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
373 AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
374 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
378 for (n = 0; n < sizeof checktext; ++n)
379 if (checktext[n] == plaintext[n])
382 /* Fail if there is more than 1% matching bytes */
383 return TEST_size_t_le(matches, sizeof checktext / 100);
386 static int test_bi_ige_garble2(void)
389 unsigned char iv[AES_BLOCK_SIZE * 4];
390 unsigned char ciphertext[BIG_TEST_SIZE];
391 unsigned char checktext[BIG_TEST_SIZE];
395 AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
396 AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
397 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
400 /* corrupt right at the end */
401 ++ciphertext[sizeof ciphertext - 1];
402 AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
403 AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
404 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
408 for (n = 0; n < sizeof checktext; ++n)
409 if (checktext[n] == plaintext[n])
412 /* Fail if there is more than 1% matching bytes */
413 return TEST_size_t_le(matches, sizeof checktext / 100);
416 static int test_bi_ige_garble3(void)
419 unsigned char iv[AES_BLOCK_SIZE * 4];
420 unsigned char ciphertext[BIG_TEST_SIZE];
421 unsigned char checktext[BIG_TEST_SIZE];
425 AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
426 AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
427 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
430 /* corrupt right at the start */
432 AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
433 AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
434 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
438 for (n = 0; n < sizeof checktext; ++n)
439 if (checktext[n] == plaintext[n])
442 /* Fail if there is more than 1% matching bytes */
443 return TEST_size_t_le(matches, sizeof checktext / 100);
446 void register_tests(void)
448 RAND_bytes(rkey, sizeof rkey);
449 RAND_bytes(rkey2, sizeof rkey2);
450 RAND_bytes(plaintext, sizeof plaintext);
451 RAND_bytes(saved_iv, sizeof saved_iv);
453 ADD_TEST(test_ige_enc_dec);
454 ADD_TEST(test_ige_enc_chaining);
455 ADD_TEST(test_ige_dec_chaining);
456 ADD_TEST(test_ige_garble_forwards);
457 ADD_TEST(test_bi_ige_enc_dec);
458 ADD_TEST(test_bi_ige_garble1);
459 ADD_TEST(test_bi_ige_garble2);
460 ADD_TEST(test_bi_ige_garble3);
461 ADD_ALL_TESTS(test_ige_vectors, OSSL_NELEM(ige_test_vectors));
462 ADD_ALL_TESTS(test_bi_ige_vectors, OSSL_NELEM(bi_ige_test_vectors));