1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
6 * The library is free for all purposes without any express
12 GCM implementation, testing, by Tom St Denis
20 @return CRYPT_OK on success
34 unsigned char IV[128];
43 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
44 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
56 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
57 0x00, 0x00, 0x00, 0x00 },
64 { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
65 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a }
71 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
72 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
76 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
77 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
85 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
86 0x00, 0x00, 0x00, 0x00 },
90 { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
91 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 },
94 { 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
95 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf }
101 { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
102 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
106 { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
107 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
108 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
109 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
110 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
111 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
112 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
113 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55, },
121 { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
122 0xde, 0xca, 0xf8, 0x88, },
126 { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
127 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
128 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
129 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
130 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
131 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
132 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
133 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85, },
136 { 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
137 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4, }
143 { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
144 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
148 { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
149 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
150 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
151 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
152 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
153 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
154 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
155 0xba, 0x63, 0x7b, 0x39, },
159 { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
160 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
161 0xab, 0xad, 0xda, 0xd2, },
165 { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
166 0xde, 0xca, 0xf8, 0x88, },
170 { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
171 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
172 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
173 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
174 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
175 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
176 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
177 0x3d, 0x58, 0xe0, 0x91, },
180 { 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
181 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47, }
188 { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
189 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
193 { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
194 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
195 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
196 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
197 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
198 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
199 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
200 0xba, 0x63, 0x7b, 0x39, },
204 { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
205 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
206 0xab, 0xad, 0xda, 0xd2, },
210 { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, },
214 { 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
215 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
216 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
217 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
218 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
219 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
220 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
221 0xc2, 0x3f, 0x45, 0x98, },
224 { 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
225 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb, }
231 { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
232 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
236 { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
237 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
238 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
239 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
240 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
241 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
242 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
243 0xba, 0x63, 0x7b, 0x39, },
247 { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
248 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
249 0xab, 0xad, 0xda, 0xd2, },
253 { 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
254 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
255 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
256 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
257 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
258 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
259 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
260 0xa6, 0x37, 0xb3, 0x9b, },
264 { 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
265 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
266 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
267 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
268 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
269 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
270 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
271 0x4c, 0x34, 0xae, 0xe5, },
274 { 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
275 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50, }
278 /* test case #46 from BG (catches the LTC bug of v1.15) */
281 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
282 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
286 { 0xa2, 0xaa, 0xb3, 0xad, 0x8b, 0x17, 0xac, 0xdd,
287 0xa2, 0x88, 0x42, 0x6c, 0xd7, 0xc4, 0x29, 0xb7,
288 0xca, 0x86, 0xb7, 0xac, 0xa0, 0x58, 0x09, 0xc7,
289 0x0c, 0xe8, 0x2d, 0xb2, 0x57, 0x11, 0xcb, 0x53,
290 0x02, 0xeb, 0x27, 0x43, 0xb0, 0x36, 0xf3, 0xd7,
291 0x50, 0xd6, 0xcf, 0x0d, 0xc0, 0xac, 0xb9, 0x29,
292 0x50, 0xd5, 0x46, 0xdb, 0x30, 0x8f, 0x93, 0xb4,
293 0xff, 0x24, 0x4a, 0xfa, 0x9d, 0xc7, 0x2b, 0xcd,
298 { 0x68, 0x8e, 0x1a, 0xa9, 0x84, 0xde, 0x92, 0x6d,
299 0xc7, 0xb4, 0xc4, 0x7f, 0x44 },
303 { 0xb7, 0x21, 0x38, 0xb5, 0xa0, 0x5f, 0xf5, 0x07,
304 0x0e, 0x8c, 0xd9, 0x41, 0x83, 0xf7, 0x61, 0xd8 },
308 { 0xcb, 0xc8, 0xd2, 0xf1, 0x54, 0x81, 0xa4, 0xcc,
309 0x7d, 0xd1, 0xe1, 0x9a, 0xaa, 0x83, 0xde, 0x56,
310 0x78, 0x48, 0x3e, 0xc3, 0x59, 0xae, 0x7d, 0xec,
311 0x2a, 0xb8, 0xd5, 0x34, 0xe0, 0x90, 0x6f, 0x4b,
312 0x46, 0x63, 0xfa, 0xff, 0x58, 0xa8, 0xb2, 0xd7,
313 0x33, 0xb8, 0x45, 0xee, 0xf7, 0xc9, 0xb3, 0x31,
314 0xe9, 0xe1, 0x0e, 0xb2, 0x61, 0x2c, 0x99, 0x5f,
315 0xeb, 0x1a, 0xc1, 0x5a, 0x62, 0x86, 0xcc, 0xe8,
319 { 0x8d, 0x2d, 0x2a, 0x93, 0x72, 0x62, 0x6f, 0x6b,
320 0xee, 0x85, 0x80, 0x27, 0x6a, 0x63, 0x66, 0xbf }
323 /* rest of test cases are the same except AES key size changes... ignored... */
327 unsigned char out[2][128], T[2][16];
331 idx = find_cipher("aes");
333 idx = find_cipher("rijndael");
339 /* Special test case for empty AAD + empty PT */
341 if ((err = gcm_init(&gcm, idx, tests[0].K, tests[0].keylen)) != CRYPT_OK) return err;
342 if ((err = gcm_add_iv(&gcm, tests[0].IV, tests[0].IVlen)) != CRYPT_OK) return err;
343 /* intentionally skip gcm_add_aad + gcm_process */
344 if ((err = gcm_done(&gcm, T[0], &y)) != CRYPT_OK) return err;
345 if (compare_testvector(T[0], y, tests[0].T, 16, "GCM Encrypt Tag-special", 0)) return CRYPT_FAIL_TESTVECTOR;
347 for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
349 if ((err = gcm_memory(idx, tests[x].K, tests[x].keylen,
350 tests[x].IV, tests[x].IVlen,
351 tests[x].A, tests[x].alen,
352 (unsigned char*)tests[x].P, tests[x].ptlen,
353 out[0], T[0], &y, GCM_ENCRYPT)) != CRYPT_OK) {
357 if (compare_testvector(out[0], tests[x].ptlen, tests[x].C, tests[x].ptlen, "GCM CT", x)) {
358 return CRYPT_FAIL_TESTVECTOR;
361 if (compare_testvector(T[0], y, tests[x].T, 16, "GCM Encrypt Tag", x)) {
362 return CRYPT_FAIL_TESTVECTOR;
366 if ((err = gcm_memory(idx, tests[x].K, tests[x].keylen,
367 tests[x].IV, tests[x].IVlen,
368 tests[x].A, tests[x].alen,
369 out[1], tests[x].ptlen,
370 out[0], T[1], &y, GCM_DECRYPT)) != CRYPT_OK) {
374 if (compare_testvector(out[1], tests[x].ptlen, tests[x].P, tests[x].ptlen, "GCM PT", x)) {
375 return CRYPT_FAIL_TESTVECTOR;
378 if (compare_testvector(T[1], y, tests[x].T, 16, "GCM Decrypt Tag", x)) {
379 return CRYPT_FAIL_TESTVECTOR;
390 /* ref: $Format:%D$ */
391 /* git commit: $Format:%H$ */
392 /* commit time: $Format:%ai$ */