aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorMikko Herranen <mh1@iki.fi>2007-11-26 09:24:11 -0500
committerHerbert Xu <herbert@gondor.apana.org.au>2008-01-10 16:16:23 -0500
commit28db8e3e38e593d22e2c69942bb1ca7be2a35f05 (patch)
tree65ef9ee8544001278a71340f44f9a3227b54a4d8 /crypto
parente3a4ea4fd2e5f154ae9233f1ce30e7564e5cbcfc (diff)
[CRYPTO] gcm: New algorithm
Add GCM/GMAC support to cryptoapi. GCM (Galois/Counter Mode) is an AEAD mode of operations for any block cipher with a block size of 16. The typical example is AES-GCM. Signed-off-by: Mikko Herranen <mh1@iki.fi> Reviewed-by: Mika Kukkonen <mika.kukkonen@nsn.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/Kconfig9
-rw-r--r--crypto/Makefile1
-rw-r--r--crypto/gcm.c465
-rw-r--r--crypto/tcrypt.c5
-rw-r--r--crypto/tcrypt.h368
5 files changed, 848 insertions, 0 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 8d6cac97021f..40ae92caa4f6 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -206,6 +206,15 @@ config CRYPTO_CTR
206 CTR: Counter mode 206 CTR: Counter mode
207 This block cipher algorithm is required for IPSec. 207 This block cipher algorithm is required for IPSec.
208 208
209config CRYPTO_GCM
210 tristate "GCM/GMAC support"
211 select CRYPTO_CTR
212 select CRYPTO_AEAD
213 select CRYPTO_GF128MUL
214 help
215 Support for Galois/Counter Mode (GCM) and Galois Message
216 Authentication Code (GMAC). Required for IPSec.
217
209config CRYPTO_CRYPTD 218config CRYPTO_CRYPTD
210 tristate "Software async crypto daemon" 219 tristate "Software async crypto daemon"
211 select CRYPTO_ABLKCIPHER 220 select CRYPTO_ABLKCIPHER
diff --git a/crypto/Makefile b/crypto/Makefile
index 9b1476e5f0da..957343cbc0e2 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -33,6 +33,7 @@ obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o
33obj-$(CONFIG_CRYPTO_LRW) += lrw.o 33obj-$(CONFIG_CRYPTO_LRW) += lrw.o
34obj-$(CONFIG_CRYPTO_XTS) += xts.o 34obj-$(CONFIG_CRYPTO_XTS) += xts.o
35obj-$(CONFIG_CRYPTO_CTR) += ctr.o 35obj-$(CONFIG_CRYPTO_CTR) += ctr.o
36obj-$(CONFIG_CRYPTO_GCM) += gcm.o
36obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o 37obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o
37obj-$(CONFIG_CRYPTO_DES) += des_generic.o 38obj-$(CONFIG_CRYPTO_DES) += des_generic.o
38obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o 39obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o
diff --git a/crypto/gcm.c b/crypto/gcm.c
new file mode 100644
index 000000000000..ad8b8b9aeef2
--- /dev/null
+++ b/crypto/gcm.c
@@ -0,0 +1,465 @@
1/*
2 * GCM: Galois/Counter Mode.
3 *
4 * Copyright (c) 2007 Nokia Siemens Networks - Mikko Herranen <mh1@iki.fi>
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License version 2 as published
8 * by the Free Software Foundation.
9 */
10
11#include <crypto/algapi.h>
12#include <crypto/gf128mul.h>
13#include <linux/err.h>
14#include <linux/init.h>
15#include <linux/kernel.h>
16#include <linux/module.h>
17#include <linux/slab.h>
18
19#include "scatterwalk.h"
20
21struct gcm_instance_ctx {
22 struct crypto_spawn ctr;
23};
24
25struct crypto_gcm_ctx {
26 struct crypto_ablkcipher *ctr;
27 struct gf128mul_4k *gf128;
28};
29
30struct crypto_gcm_ghash_ctx {
31 u32 bytes;
32 u32 flags;
33 struct gf128mul_4k *gf128;
34 u8 buffer[16];
35};
36
37struct crypto_gcm_req_priv_ctx {
38 u8 auth_tag[16];
39 u8 counter[16];
40 struct crypto_gcm_ghash_ctx ghash;
41};
42
43static void crypto_gcm_ghash_init(struct crypto_gcm_ghash_ctx *ctx, u32 flags,
44 struct gf128mul_4k *gf128)
45{
46 ctx->bytes = 0;
47 ctx->flags = flags;
48 ctx->gf128 = gf128;
49 memset(ctx->buffer, 0, 16);
50}
51
52static void crypto_gcm_ghash_update(struct crypto_gcm_ghash_ctx *ctx,
53 const u8 *src, unsigned int srclen)
54{
55 u8 *dst = ctx->buffer;
56
57 if (ctx->bytes) {
58 int n = min(srclen, ctx->bytes);
59 u8 *pos = dst + (16 - ctx->bytes);
60
61 ctx->bytes -= n;
62 srclen -= n;
63
64 while (n--)
65 *pos++ ^= *src++;
66
67 if (!ctx->bytes)
68 gf128mul_4k_lle((be128 *)dst, ctx->gf128);
69 }
70
71 while (srclen >= 16) {
72 crypto_xor(dst, src, 16);
73 gf128mul_4k_lle((be128 *)dst, ctx->gf128);
74 src += 16;
75 srclen -= 16;
76 }
77
78 if (srclen) {
79 ctx->bytes = 16 - srclen;
80 while (srclen--)
81 *dst++ ^= *src++;
82 }
83}
84
85static void crypto_gcm_ghash_update_sg(struct crypto_gcm_ghash_ctx *ctx,
86 struct scatterlist *sg, int len)
87{
88 struct scatter_walk walk;
89 u8 *src;
90 int n;
91
92 scatterwalk_start(&walk, sg);
93
94 while (len) {
95 n = scatterwalk_clamp(&walk, len);
96
97 if (!n) {
98 scatterwalk_start(&walk, sg_next(walk.sg));
99 n = scatterwalk_clamp(&walk, len);
100 }
101
102 src = scatterwalk_map(&walk, 0);
103
104 crypto_gcm_ghash_update(ctx, src, n);
105 len -= n;
106
107 scatterwalk_unmap(src, 0);
108 scatterwalk_advance(&walk, n);
109 scatterwalk_done(&walk, 0, len);
110 if (len)
111 crypto_yield(ctx->flags);
112 }
113}
114
115static void crypto_gcm_ghash_flush(struct crypto_gcm_ghash_ctx *ctx)
116{
117 u8 *dst = ctx->buffer;
118
119 if (ctx->bytes) {
120 u8 *tmp = dst + (16 - ctx->bytes);
121
122 while (ctx->bytes--)
123 *tmp++ ^= 0;
124
125 gf128mul_4k_lle((be128 *)dst, ctx->gf128);
126 }
127
128 ctx->bytes = 0;
129}
130
131static void crypto_gcm_ghash_final_xor(struct crypto_gcm_ghash_ctx *ctx,
132 unsigned int authlen,
133 unsigned int cryptlen, u8 *dst)
134{
135 u8 *buf = ctx->buffer;
136 u128 lengths;
137
138 lengths.a = cpu_to_be64(authlen * 8);
139 lengths.b = cpu_to_be64(cryptlen * 8);
140
141 crypto_gcm_ghash_flush(ctx);
142 crypto_xor(buf, (u8 *)&lengths, 16);
143 gf128mul_4k_lle((be128 *)buf, ctx->gf128);
144 crypto_xor(dst, buf, 16);
145}
146
147static inline void crypto_gcm_set_counter(u8 *counterblock, u32 value)
148{
149 *((u32 *)&counterblock[12]) = cpu_to_be32(value);
150}
151
152static int crypto_gcm_encrypt_counter(struct crypto_aead *aead, u8 *block,
153 u32 value, const u8 *iv)
154{
155 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(aead);
156 struct crypto_ablkcipher *ctr = ctx->ctr;
157 struct ablkcipher_request req;
158 struct scatterlist sg;
159 u8 counterblock[16];
160
161 if (iv == NULL)
162 memset(counterblock, 0, 12);
163 else
164 memcpy(counterblock, iv, 12);
165
166 crypto_gcm_set_counter(counterblock, value);
167
168 sg_init_one(&sg, block, 16);
169 ablkcipher_request_set_tfm(&req, ctr);
170 ablkcipher_request_set_crypt(&req, &sg, &sg, 16, counterblock);
171 ablkcipher_request_set_callback(&req, 0, NULL, NULL);
172 memset(block, 0, 16);
173 return crypto_ablkcipher_encrypt(&req);
174}
175
176static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key,
177 unsigned int keylen)
178{
179 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(aead);
180 struct crypto_ablkcipher *ctr = ctx->ctr;
181 int alignmask = crypto_ablkcipher_alignmask(ctr);
182 u8 alignbuf[16+alignmask];
183 u8 *hash = (u8 *)ALIGN((unsigned long)alignbuf, alignmask+1);
184 int err = 0;
185
186 crypto_ablkcipher_clear_flags(ctr, CRYPTO_TFM_REQ_MASK);
187 crypto_ablkcipher_set_flags(ctr, crypto_aead_get_flags(aead) &
188 CRYPTO_TFM_REQ_MASK);
189
190 err = crypto_ablkcipher_setkey(ctr, key, keylen);
191 if (err)
192 goto out;
193
194 crypto_aead_set_flags(aead, crypto_ablkcipher_get_flags(ctr) &
195 CRYPTO_TFM_RES_MASK);
196
197 err = crypto_gcm_encrypt_counter(aead, hash, -1, NULL);
198 if (err)
199 goto out;
200
201 if (ctx->gf128 != NULL)
202 gf128mul_free_4k(ctx->gf128);
203
204 ctx->gf128 = gf128mul_init_4k_lle((be128 *)hash);
205
206 if (ctx->gf128 == NULL)
207 err = -ENOMEM;
208
209 out:
210 return err;
211}
212
213static int crypto_gcm_init_crypt(struct ablkcipher_request *ablk_req,
214 struct aead_request *req,
215 void (*done)(struct crypto_async_request *,
216 int))
217{
218 struct crypto_aead *aead = crypto_aead_reqtfm(req);
219 struct crypto_gcm_ctx *ctx = crypto_aead_ctx(aead);
220 struct crypto_gcm_req_priv_ctx *pctx = aead_request_ctx(req);
221 u32 flags = req->base.tfm->crt_flags;
222 u8 *auth_tag = pctx->auth_tag;
223 u8 *counter = pctx->counter;
224 struct crypto_gcm_ghash_ctx *ghash = &pctx->ghash;
225 int err = 0;
226
227 ablkcipher_request_set_tfm(ablk_req, ctx->ctr);
228 ablkcipher_request_set_callback(ablk_req, aead_request_flags(req),
229 done, req);
230 ablkcipher_request_set_crypt(ablk_req, req->src, req->dst,
231 req->cryptlen, counter);
232
233 err = crypto_gcm_encrypt_counter(aead, auth_tag, 0, req->iv);
234 if (err)
235 goto out;
236
237 memcpy(counter, req->iv, 12);
238 crypto_gcm_set_counter(counter, 1);
239
240 crypto_gcm_ghash_init(ghash, flags, ctx->gf128);
241
242 if (req->assoclen) {
243 crypto_gcm_ghash_update_sg(ghash, req->assoc, req->assoclen);
244 crypto_gcm_ghash_flush(ghash);
245 }
246
247 out:
248 return err;
249}
250
251static void crypto_gcm_encrypt_done(struct crypto_async_request *areq, int err)
252{
253 struct aead_request *req = areq->data;
254 struct crypto_gcm_req_priv_ctx *pctx = aead_request_ctx(req);
255 u8 *auth_tag = pctx->auth_tag;
256 struct crypto_gcm_ghash_ctx *ghash = &pctx->ghash;
257
258 crypto_gcm_ghash_update_sg(ghash, req->dst, req->cryptlen);
259 crypto_gcm_ghash_final_xor(ghash, req->assoclen, req->cryptlen,
260 auth_tag);
261
262 aead_request_complete(req, err);
263}
264
265static int crypto_gcm_encrypt(struct aead_request *req)
266{
267 struct ablkcipher_request abreq;
268 struct crypto_gcm_req_priv_ctx *pctx = aead_request_ctx(req);
269 u8 *auth_tag = pctx->auth_tag;
270 struct crypto_gcm_ghash_ctx *ghash = &pctx->ghash;
271 int err = 0;
272
273 err = crypto_gcm_init_crypt(&abreq, req, crypto_gcm_encrypt_done);
274 if (err)
275 return err;
276
277 if (req->cryptlen) {
278 err = crypto_ablkcipher_encrypt(&abreq);
279 if (err)
280 return err;
281
282 crypto_gcm_ghash_update_sg(ghash, req->dst, req->cryptlen);
283 }
284
285 crypto_gcm_ghash_final_xor(ghash, req->assoclen, req->cryptlen,
286 auth_tag);
287
288 return err;
289}
290
291static void crypto_gcm_decrypt_done(struct crypto_async_request *areq, int err)
292{
293 aead_request_complete(areq->data, err);
294}
295
296static int crypto_gcm_decrypt(struct aead_request *req)
297{
298 struct ablkcipher_request abreq;
299 struct crypto_gcm_req_priv_ctx *pctx = aead_request_ctx(req);
300 u8 *auth_tag = pctx->auth_tag;
301 struct crypto_gcm_ghash_ctx *ghash = &pctx->ghash;
302 u8 tag[16];
303 int err;
304
305 if (!req->cryptlen)
306 return -EINVAL;
307
308 memcpy(tag, auth_tag, 16);
309 err = crypto_gcm_init_crypt(&abreq, req, crypto_gcm_decrypt_done);
310 if (err)
311 return err;
312
313 crypto_gcm_ghash_update_sg(ghash, req->src, req->cryptlen);
314 crypto_gcm_ghash_final_xor(ghash, req->assoclen, req->cryptlen,
315 auth_tag);
316
317 if (memcmp(tag, auth_tag, 16))
318 return -EINVAL;
319
320 return crypto_ablkcipher_decrypt(&abreq);
321}
322
323static int crypto_gcm_init_tfm(struct crypto_tfm *tfm)
324{
325 struct crypto_instance *inst = (void *)tfm->__crt_alg;
326 struct gcm_instance_ctx *ictx = crypto_instance_ctx(inst);
327 struct crypto_gcm_ctx *ctx = crypto_tfm_ctx(tfm);
328 struct crypto_ablkcipher *ctr;
329 unsigned long align;
330 int err;
331
332 ctr = crypto_spawn_ablkcipher(&ictx->ctr);
333 err = PTR_ERR(ctr);
334 if (IS_ERR(ctr))
335 return err;
336
337 ctx->ctr = ctr;
338 ctx->gf128 = NULL;
339
340 align = max_t(unsigned long, crypto_ablkcipher_alignmask(ctr),
341 __alignof__(u32) - 1);
342 align &= ~(crypto_tfm_ctx_alignment() - 1);
343 tfm->crt_aead.reqsize = align + sizeof(struct crypto_gcm_req_priv_ctx);
344
345 return 0;
346}
347
348static void crypto_gcm_exit_tfm(struct crypto_tfm *tfm)
349{
350 struct crypto_gcm_ctx *ctx = crypto_tfm_ctx(tfm);
351
352 if (ctx->gf128 != NULL)
353 gf128mul_free_4k(ctx->gf128);
354
355 crypto_free_ablkcipher(ctx->ctr);
356}
357
358static struct crypto_instance *crypto_gcm_alloc(struct rtattr **tb)
359{
360 struct crypto_instance *inst;
361 struct crypto_alg *ctr;
362 struct crypto_alg *cipher;
363 struct gcm_instance_ctx *ctx;
364 int err;
365 char ctr_name[CRYPTO_MAX_ALG_NAME];
366
367 err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_AEAD);
368 if (err)
369 return ERR_PTR(err);
370
371 cipher = crypto_attr_alg(tb[1], CRYPTO_ALG_TYPE_CIPHER,
372 CRYPTO_ALG_TYPE_MASK);
373
374 inst = ERR_PTR(PTR_ERR(cipher));
375 if (IS_ERR(cipher))
376 return inst;
377
378 inst = ERR_PTR(ENAMETOOLONG);
379 if (snprintf(
380 ctr_name, CRYPTO_MAX_ALG_NAME,
381 "ctr(%s,0,16,4)", cipher->cra_name) >= CRYPTO_MAX_ALG_NAME)
382 return inst;
383
384 ctr = crypto_alg_mod_lookup(ctr_name, CRYPTO_ALG_TYPE_BLKCIPHER,
385 CRYPTO_ALG_TYPE_MASK);
386
387 if (IS_ERR(ctr))
388 return ERR_PTR(PTR_ERR(ctr));
389
390 if (cipher->cra_blocksize != 16)
391 goto out_put_ctr;
392
393 inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
394 err = -ENOMEM;
395 if (!inst)
396 goto out_put_ctr;
397
398 err = -ENAMETOOLONG;
399 if (snprintf(inst->alg.cra_name, CRYPTO_MAX_ALG_NAME,
400 "gcm(%s)", cipher->cra_name) >= CRYPTO_MAX_ALG_NAME ||
401 snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
402 "gcm(%s)", cipher->cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
403 goto err_free_inst;
404
405
406 ctx = crypto_instance_ctx(inst);
407 err = crypto_init_spawn(&ctx->ctr, ctr, inst, CRYPTO_ALG_TYPE_MASK);
408 if (err)
409 goto err_free_inst;
410
411 inst->alg.cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC;
412 inst->alg.cra_priority = ctr->cra_priority;
413 inst->alg.cra_blocksize = 16;
414 inst->alg.cra_alignmask = __alignof__(u32) - 1;
415 inst->alg.cra_type = &crypto_aead_type;
416 inst->alg.cra_aead.ivsize = 12;
417 inst->alg.cra_aead.authsize = 16;
418 inst->alg.cra_ctxsize = sizeof(struct crypto_gcm_ctx);
419 inst->alg.cra_init = crypto_gcm_init_tfm;
420 inst->alg.cra_exit = crypto_gcm_exit_tfm;
421 inst->alg.cra_aead.setkey = crypto_gcm_setkey;
422 inst->alg.cra_aead.encrypt = crypto_gcm_encrypt;
423 inst->alg.cra_aead.decrypt = crypto_gcm_decrypt;
424
425out:
426 crypto_mod_put(ctr);
427 return inst;
428err_free_inst:
429 kfree(inst);
430out_put_ctr:
431 inst = ERR_PTR(err);
432 goto out;
433}
434
435static void crypto_gcm_free(struct crypto_instance *inst)
436{
437 struct gcm_instance_ctx *ctx = crypto_instance_ctx(inst);
438
439 crypto_drop_spawn(&ctx->ctr);
440 kfree(inst);
441}
442
443static struct crypto_template crypto_gcm_tmpl = {
444 .name = "gcm",
445 .alloc = crypto_gcm_alloc,
446 .free = crypto_gcm_free,
447 .module = THIS_MODULE,
448};
449
450static int __init crypto_gcm_module_init(void)
451{
452 return crypto_register_template(&crypto_gcm_tmpl);
453}
454
455static void __exit crypto_gcm_module_exit(void)
456{
457 crypto_unregister_template(&crypto_gcm_tmpl);
458}
459
460module_init(crypto_gcm_module_init);
461module_exit(crypto_gcm_module_exit);
462
463MODULE_LICENSE("GPL");
464MODULE_DESCRIPTION("Galois/Counter Mode");
465MODULE_AUTHOR("Mikko Herranen <mh1@iki.fi>");
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index b343d81d20c9..1e12b86bc951 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -13,6 +13,7 @@
13 * Software Foundation; either version 2 of the License, or (at your option) 13 * Software Foundation; either version 2 of the License, or (at your option)
14 * any later version. 14 * any later version.
15 * 15 *
16 * 2007-11-13 Added GCM tests
16 * 2007-11-13 Added AEAD support 17 * 2007-11-13 Added AEAD support
17 * 2007-11-06 Added SHA-224 and SHA-224-HMAC tests 18 * 2007-11-06 Added SHA-224 and SHA-224-HMAC tests
18 * 2006-12-07 Added SHA384 HMAC and SHA512 HMAC tests 19 * 2006-12-07 Added SHA384 HMAC and SHA512 HMAC tests
@@ -1208,6 +1209,10 @@ static void do_test(void)
1208 AES_CTR_ENC_TEST_VECTORS); 1209 AES_CTR_ENC_TEST_VECTORS);
1209 test_cipher("ctr(aes,4,8,4)", DECRYPT, aes_ctr_dec_tv_template, 1210 test_cipher("ctr(aes,4,8,4)", DECRYPT, aes_ctr_dec_tv_template,
1210 AES_CTR_DEC_TEST_VECTORS); 1211 AES_CTR_DEC_TEST_VECTORS);
1212 test_aead("gcm(aes)", ENCRYPT, aes_gcm_enc_tv_template,
1213 AES_GCM_ENC_TEST_VECTORS);
1214 test_aead("gcm(aes)", DECRYPT, aes_gcm_dec_tv_template,
1215 AES_GCM_DEC_TEST_VECTORS);
1211 1216
1212 //CAST5 1217 //CAST5
1213 test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template, 1218 test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template,
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
index 865196a648a0..2384c41a6a08 100644
--- a/crypto/tcrypt.h
+++ b/crypto/tcrypt.h
@@ -13,6 +13,7 @@
13 * Software Foundation; either version 2 of the License, or (at your option) 13 * Software Foundation; either version 2 of the License, or (at your option)
14 * any later version. 14 * any later version.
15 * 15 *
16 * 2007-11-13 Added GCM tests
16 * 2007-11-13 Added AEAD support 17 * 2007-11-13 Added AEAD support
17 * 2006-12-07 Added SHA384 HMAC and SHA512 HMAC tests 18 * 2006-12-07 Added SHA384 HMAC and SHA512 HMAC tests
18 * 2004-08-09 Cipher speed tests by Reyk Floeter <reyk@vantronix.net> 19 * 2004-08-09 Cipher speed tests by Reyk Floeter <reyk@vantronix.net>
@@ -2312,6 +2313,8 @@ static struct cipher_testvec cast6_dec_tv_template[] = {
2312#define AES_XTS_DEC_TEST_VECTORS 4 2313#define AES_XTS_DEC_TEST_VECTORS 4
2313#define AES_CTR_ENC_TEST_VECTORS 6 2314#define AES_CTR_ENC_TEST_VECTORS 6
2314#define AES_CTR_DEC_TEST_VECTORS 6 2315#define AES_CTR_DEC_TEST_VECTORS 6
2316#define AES_GCM_ENC_TEST_VECTORS 9
2317#define AES_GCM_DEC_TEST_VECTORS 8
2315 2318
2316static struct cipher_testvec aes_enc_tv_template[] = { 2319static struct cipher_testvec aes_enc_tv_template[] = {
2317 { /* From FIPS-197 */ 2320 { /* From FIPS-197 */
@@ -3529,6 +3532,371 @@ static struct cipher_testvec aes_ctr_dec_tv_template[] = {
3529 }, 3532 },
3530}; 3533};
3531 3534
3535static struct aead_testvec aes_gcm_enc_tv_template[] = {
3536 { /* From McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */
3537 .klen = 16,
3538 .tag = { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
3539 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a },
3540 .tlen = 16
3541 }, {
3542 .klen = 16,
3543 .ilen = 16,
3544 .result = { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
3545 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 },
3546 .rlen = 16,
3547 .tag = { 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
3548 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf },
3549 .tlen = 16
3550 }, {
3551 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
3552 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
3553 .klen = 16,
3554 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
3555 0xde, 0xca, 0xf8, 0x88 },
3556 .input = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
3557 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
3558 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
3559 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
3560 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
3561 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
3562 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
3563 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
3564 .ilen = 64,
3565 .result = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
3566 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
3567 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
3568 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
3569 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
3570 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
3571 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
3572 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 },
3573 .rlen = 64,
3574 .tag = { 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
3575 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 },
3576 .tlen = 16
3577 }, {
3578 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
3579 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
3580 .klen = 16,
3581 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
3582 0xde, 0xca, 0xf8, 0x88 },
3583 .input = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
3584 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
3585 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
3586 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
3587 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
3588 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
3589 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
3590 0xba, 0x63, 0x7b, 0x39 },
3591 .ilen = 60,
3592 .assoc = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
3593 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
3594 0xab, 0xad, 0xda, 0xd2 },
3595 .alen = 20,
3596 .result = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
3597 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
3598 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
3599 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
3600 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
3601 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
3602 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
3603 0x3d, 0x58, 0xe0, 0x91 },
3604 .rlen = 60,
3605 .tag = { 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
3606 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 },
3607 .tlen = 16
3608 }, {
3609 .klen = 24,
3610 .tag = { 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
3611 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 },
3612 .tlen = 16
3613 }, {
3614 .klen = 24,
3615 .ilen = 16,
3616 .result = { 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
3617 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 },
3618 .rlen = 16,
3619 .tag = { 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
3620 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb },
3621 .tlen = 16
3622 }, {
3623 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
3624 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
3625 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c },
3626 .klen = 24,
3627 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
3628 0xde, 0xca, 0xf8, 0x88 },
3629 .input = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
3630 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
3631 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
3632 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
3633 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
3634 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
3635 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
3636 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
3637 .ilen = 64,
3638 .result = { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
3639 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
3640 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
3641 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
3642 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
3643 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
3644 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
3645 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 },
3646 .rlen = 64,
3647 .tag = { 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
3648 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 },
3649 .tlen = 16
3650 }, {
3651 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
3652 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
3653 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c },
3654 .klen = 24,
3655 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
3656 0xde, 0xca, 0xf8, 0x88 },
3657 .input = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
3658 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
3659 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
3660 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
3661 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
3662 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
3663 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
3664 0xba, 0x63, 0x7b, 0x39 },
3665 .ilen = 60,
3666 .assoc = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
3667 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
3668 0xab, 0xad, 0xda, 0xd2 },
3669 .alen = 20,
3670 .result = { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
3671 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
3672 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
3673 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
3674 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
3675 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
3676 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
3677 0xcc, 0xda, 0x27, 0x10 },
3678 .rlen = 60,
3679 .tag = { 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
3680 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c },
3681 .tlen = 16,
3682 .np = 2,
3683 .tap = { 32, 28 },
3684 .anp = 2,
3685 .atap = { 8, 12 }
3686 }, {
3687 .klen = 32,
3688 .tag = { 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
3689 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b },
3690 .tlen = 16
3691 }
3692};
3693
3694static struct aead_testvec aes_gcm_dec_tv_template[] = {
3695 { /* From McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */
3696 .klen = 32,
3697 .input = { 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
3698 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 },
3699 .ilen = 16,
3700 .rlen = 16,
3701 .tag = { 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
3702 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 },
3703 .tlen = 16
3704 }, {
3705 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
3706 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
3707 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
3708 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
3709 .klen = 32,
3710 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
3711 0xde, 0xca, 0xf8, 0x88 },
3712 .input = { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
3713 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
3714 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
3715 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
3716 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
3717 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
3718 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
3719 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad },
3720 .ilen = 64,
3721 .result = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
3722 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
3723 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
3724 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
3725 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
3726 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
3727 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
3728 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
3729 .rlen = 64,
3730 .tag = { 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
3731 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c },
3732 .tlen = 16
3733 }, {
3734 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
3735 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
3736 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
3737 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
3738 .klen = 32,
3739 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
3740 0xde, 0xca, 0xf8, 0x88 },
3741 .input = { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
3742 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
3743 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
3744 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
3745 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
3746 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
3747 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
3748 0xbc, 0xc9, 0xf6, 0x62 },
3749 .ilen = 60,
3750 .assoc = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
3751 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
3752 0xab, 0xad, 0xda, 0xd2 },
3753 .alen = 20,
3754 .result = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
3755 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
3756 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
3757 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
3758 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
3759 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
3760 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
3761 0xba, 0x63, 0x7b, 0x39 },
3762 .rlen = 60,
3763 .tag = { 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
3764 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b },
3765 .tlen = 16,
3766 .np = 2,
3767 .tap = { 48, 12 },
3768 .anp = 3,
3769 .atap = { 8, 8, 4 }
3770 }, {
3771 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
3772 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
3773 .klen = 16,
3774 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
3775 0xde, 0xca, 0xf8, 0x88 },
3776 .input = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
3777 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
3778 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
3779 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
3780 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
3781 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
3782 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
3783 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 },
3784 .ilen = 64,
3785 .result = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
3786 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
3787 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
3788 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
3789 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
3790 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
3791 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
3792 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
3793 .rlen = 64,
3794 .tag = { 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
3795 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 },
3796 .tlen = 16
3797 }, {
3798 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
3799 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
3800 .klen = 16,
3801 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
3802 0xde, 0xca, 0xf8, 0x88 },
3803 .input = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
3804 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
3805 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
3806 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
3807 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
3808 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
3809 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
3810 0x3d, 0x58, 0xe0, 0x91 },
3811 .ilen = 60,
3812 .assoc = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
3813 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
3814 0xab, 0xad, 0xda, 0xd2 },
3815 .alen = 20,
3816 .result = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
3817 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
3818 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
3819 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
3820 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
3821 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
3822 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
3823 0xba, 0x63, 0x7b, 0x39 },
3824 .rlen = 60,
3825 .tag = { 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
3826 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 },
3827 .tlen = 16
3828 }, {
3829 .klen = 24,
3830 .input = { 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
3831 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 },
3832 .ilen = 16,
3833 .rlen = 16,
3834 .tag = { 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
3835 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb },
3836 .tlen = 16
3837 }, {
3838 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
3839 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
3840 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c },
3841 .klen = 24,
3842 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
3843 0xde, 0xca, 0xf8, 0x88 },
3844 .input = { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
3845 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
3846 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
3847 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
3848 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
3849 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
3850 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
3851 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 },
3852 .ilen = 64,
3853 .result = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
3854 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
3855 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
3856 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
3857 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
3858 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
3859 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
3860 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
3861 .rlen = 64,
3862 .tag = { 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
3863 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 },
3864 .tlen = 16
3865 }, {
3866 .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
3867 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
3868 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c },
3869 .klen = 24,
3870 .iv = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
3871 0xde, 0xca, 0xf8, 0x88 },
3872 .input = { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
3873 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
3874 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
3875 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
3876 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
3877 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
3878 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
3879 0xcc, 0xda, 0x27, 0x10 },
3880 .ilen = 60,
3881 .assoc = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
3882 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
3883 0xab, 0xad, 0xda, 0xd2 },
3884 .alen = 20,
3885 .result = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
3886 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
3887 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
3888 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
3889 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
3890 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
3891 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
3892 0xba, 0x63, 0x7b, 0x39 },
3893 .rlen = 60,
3894 .tag = { 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
3895 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c },
3896 .tlen = 16
3897 }
3898};
3899
3532/* Cast5 test vectors from RFC 2144 */ 3900/* Cast5 test vectors from RFC 2144 */
3533#define CAST5_ENC_TEST_VECTORS 3 3901#define CAST5_ENC_TEST_VECTORS 3
3534#define CAST5_DEC_TEST_VECTORS 3 3902#define CAST5_DEC_TEST_VECTORS 3
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-07 17:00:43 -0500