1f33bcbd568134ec4593d0177bed134b140bc4d6
[strongswan.git] / src / libstrongswan / plugins / test_vectors / test_vectors / aes_gcm.c
1 /*
2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the Licenseor (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be usefulbut
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <crypto/crypto_tester.h>
17
18 /**
19 * From McGrew & Viega
20 * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
21 * Formatted to match our API which expects the first four bytes (salt) of the
22 * IV as part of the key and writes/expects the ICV at the end of the cipher
23 * text.
24 * Since our implementations are currently limited to IV lengths of 12 (IV=8,
25 * SALT=4 as per RFC 4106/5282) the test cases 5/6, 11/12 and 17/18 aren't
26 * compatible.
27 */
28 aead_test_vector_t aes_gcm1 = {
29 .alg = ENCR_AES_GCM_ICV16, .key_size = 16, .salt_size = 4,
30 .len = 0, .alen = 0,
31 .key = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
32 "\x00\x00\x00\x00",
33 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
34 .plain = "",
35 .cipher = "\x58\xe2\xfc\xce\xfa\x7e\x30\x61\x36\x7f\x1d\x57\xa4\xe7\x45\x5a",
36 };
37 aead_test_vector_t aes_gcm2 = {
38 .alg = ENCR_AES_GCM_ICV16, .key_size = 16, .salt_size = 4,
39 .len = 16, .alen = 0,
40 .key = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
41 "\x00\x00\x00\x00",
42 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
43 .plain = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
44 .cipher = "\x03\x88\xda\xce\x60\xb6\xa3\x92\xf3\x28\xc2\xb9\x71\xb2\xfe\x78"
45 "\xab\x6e\x47\xd4\x2c\xec\x13\xbd\xf5\x3a\x67\xb2\x12\x57\xbd\xdf",
46 };
47 aead_test_vector_t aes_gcm3_1 = {
48 .alg = ENCR_AES_GCM_ICV8, .key_size = 16, .salt_size = 4,
49 .len = 64, .alen = 0,
50 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
51 "\xca\xfe\xba\xbe",
52 .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
53 .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
54 "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
55 "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
56 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
57 .cipher = "\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
58 "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
59 "\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05"
60 "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x47\x3f\x59\x85"
61 "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6",
62 };
63 aead_test_vector_t aes_gcm3_2 = {
64 .alg = ENCR_AES_GCM_ICV12, .key_size = 16, .salt_size = 4,
65 .len = 64, .alen = 0,
66 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
67 "\xca\xfe\xba\xbe",
68 .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
69 .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
70 "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
71 "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
72 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
73 .cipher = "\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
74 "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
75 "\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05"
76 "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x47\x3f\x59\x85"
77 "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6\x2c\xf3\x5a\xbd",
78 };
79 aead_test_vector_t aes_gcm3_3 = {
80 .alg = ENCR_AES_GCM_ICV16, .key_size = 16, .salt_size = 4,
81 .len = 64, .alen = 0,
82 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
83 "\xca\xfe\xba\xbe",
84 .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
85 .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
86 "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
87 "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
88 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
89 .cipher = "\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
90 "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
91 "\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05"
92 "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x47\x3f\x59\x85"
93 "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6\x2c\xf3\x5a\xbd\x2b\xa6\xfa\xb4",
94 };
95 aead_test_vector_t aes_gcm4 = {
96 .alg = ENCR_AES_GCM_ICV16, .key_size = 16, .salt_size = 4,
97 .len = 60, .alen = 20,
98 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
99 "\xca\xfe\xba\xbe",
100 .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
101 .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
102 "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
103 "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
104 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39",
105 .adata = "\xfe\xed\xfa\xce\xde\xad\xbe\xef\xfe\xed\xfa\xce\xde\xad\xbe\xef"
106 "\xab\xad\xda\xd2",
107 .cipher = "\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
108 "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
109 "\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05"
110 "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x5b\xc9\x4f\xbc"
111 "\x32\x21\xa5\xdb\x94\xfa\xe9\x5a\xe7\x12\x1a\x47",
112 };
113 aead_test_vector_t aes_gcm7 = {
114 .alg = ENCR_AES_GCM_ICV16, .key_size = 24, .salt_size = 4,
115 .len = 0, .alen = 0,
116 .key = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
117 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
118 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
119 .plain = "",
120 .cipher = "\xcd\x33\xb2\x8a\xc7\x73\xf7\x4b\xa0\x0e\xd1\xf3\x12\x57\x24\x35",
121 };
122 aead_test_vector_t aes_gcm8 = {
123 .alg = ENCR_AES_GCM_ICV16, .key_size = 24, .salt_size = 4,
124 .len = 16, .alen = 0,
125 .key = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
126 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
127 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
128 .plain = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
129 .cipher = "\x98\xe7\x24\x7c\x07\xf0\xfe\x41\x1c\x26\x7e\x43\x84\xb0\xf6\x00"
130 "\x2f\xf5\x8d\x80\x03\x39\x27\xab\x8e\xf4\xd4\x58\x75\x14\xf0\xfb",
131 };
132 aead_test_vector_t aes_gcm9 = {
133 .alg = ENCR_AES_GCM_ICV16, .key_size = 24, .salt_size = 4,
134 .len = 64, .alen = 0,
135 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
136 "\xfe\xff\xe9\x92\x86\x65\x73\x1c\xca\xfe\xba\xbe",
137 .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
138 .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
139 "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
140 "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
141 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
142 .cipher = "\x39\x80\xca\x0b\x3c\x00\xe8\x41\xeb\x06\xfa\xc4\x87\x2a\x27\x57"
143 "\x85\x9e\x1c\xea\xa6\xef\xd9\x84\x62\x85\x93\xb4\x0c\xa1\xe1\x9c"
144 "\x7d\x77\x3d\x00\xc1\x44\xc5\x25\xac\x61\x9d\x18\xc8\x4a\x3f\x47"
145 "\x18\xe2\x44\x8b\x2f\xe3\x24\xd9\xcc\xda\x27\x10\xac\xad\xe2\x56"
146 "\x99\x24\xa7\xc8\x58\x73\x36\xbf\xb1\x18\x02\x4d\xb8\x67\x4a\x14",
147 };
148 aead_test_vector_t aes_gcm10 = {
149 .alg = ENCR_AES_GCM_ICV16, .key_size = 24, .salt_size = 4,
150 .len = 60, .alen = 20,
151 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
152 "\xfe\xff\xe9\x92\x86\x65\x73\x1c\xca\xfe\xba\xbe",
153 .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
154 .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
155 "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
156 "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
157 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39",
158 .adata = "\xfe\xed\xfa\xce\xde\xad\xbe\xef\xfe\xed\xfa\xce\xde\xad\xbe\xef"
159 "\xab\xad\xda\xd2",
160 .cipher = "\x39\x80\xca\x0b\x3c\x00\xe8\x41\xeb\x06\xfa\xc4\x87\x2a\x27\x57"
161 "\x85\x9e\x1c\xea\xa6\xef\xd9\x84\x62\x85\x93\xb4\x0c\xa1\xe1\x9c"
162 "\x7d\x77\x3d\x00\xc1\x44\xc5\x25\xac\x61\x9d\x18\xc8\x4a\x3f\x47"
163 "\x18\xe2\x44\x8b\x2f\xe3\x24\xd9\xcc\xda\x27\x10\x25\x19\x49\x8e"
164 "\x80\xf1\x47\x8f\x37\xba\x55\xbd\x6d\x27\x61\x8c",
165 };
166 aead_test_vector_t aes_gcm13 = {
167 .alg = ENCR_AES_GCM_ICV16, .key_size = 32, .salt_size = 4,
168 .len = 0, .alen = 0,
169 .key = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
170 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
171 "\x00\x00\x00\x00",
172 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
173 .plain = "",
174 .cipher = "\x53\x0f\x8a\xfb\xc7\x45\x36\xb9\xa9\x63\xb4\xf1\xc4\xcb\x73\x8b",
175 };
176 aead_test_vector_t aes_gcm14 = {
177 .alg = ENCR_AES_GCM_ICV16, .key_size = 32, .salt_size = 4,
178 .len = 16, .alen = 0,
179 .key = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
180 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
181 "\x00\x00\x00\x00",
182 .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
183 .plain = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
184 .cipher = "\xce\xa7\x40\x3d\x4d\x60\x6b\x6e\x07\x4e\xc5\xd3\xba\xf3\x9d\x18"
185 "\xd0\xd1\xc8\xa7\x99\x99\x6b\xf0\x26\x5b\x98\xb5\xd4\x8a\xb9\x19",
186 };
187 aead_test_vector_t aes_gcm15 = {
188 .alg = ENCR_AES_GCM_ICV16, .key_size = 32, .salt_size = 4,
189 .len = 64, .alen = 0,
190 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
191 "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
192 "\xca\xfe\xba\xbe",
193 .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
194 .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
195 "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
196 "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
197 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
198 .cipher = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07\xf4\x7f\x37\xa3\x2a\x84\x42\x7d"
199 "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9\x75\x98\xa2\xbd\x25\x55\xd1\xaa"
200 "\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d\xa7\xb0\x8b\x10\x56\x82\x88\x38"
201 "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a\xbc\xc9\xf6\x62\x89\x80\x15\xad"
202 "\xb0\x94\xda\xc5\xd9\x34\x71\xbd\xec\x1a\x50\x22\x70\xe3\xcc\x6c",
203 };
204 aead_test_vector_t aes_gcm16 = {
205 .alg = ENCR_AES_GCM_ICV16, .key_size = 32, .salt_size = 4,
206 .len = 60, .alen = 20,
207 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
208 "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
209 "\xca\xfe\xba\xbe",
210 .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
211 .adata = "\xfe\xed\xfa\xce\xde\xad\xbe\xef\xfe\xed\xfa\xce\xde\xad\xbe\xef"
212 "\xab\xad\xda\xd2",
213 .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
214 "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
215 "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
216 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39",
217 .cipher = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07\xf4\x7f\x37\xa3\x2a\x84\x42\x7d"
218 "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9\x75\x98\xa2\xbd\x25\x55\xd1\xaa"
219 "\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d\xa7\xb0\x8b\x10\x56\x82\x88\x38"
220 "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a\xbc\xc9\xf6\x62\x76\xfc\x6e\xce"
221 "\x0f\x4e\x17\x68\xcd\xdf\x88\x53\xbb\x2d\x55\x1b",
222 };