OLD | NEW |
| (Empty) |
1 /* | |
2 * aes_gcm_ossl.c | |
3 * | |
4 * AES Galois Counter Mode | |
5 * | |
6 * John A. Foley | |
7 * Cisco Systems, Inc. | |
8 * | |
9 */ | |
10 | |
11 /* | |
12 * | |
13 * Copyright (c) 2013, Cisco Systems, Inc. | |
14 * All rights reserved. | |
15 * | |
16 * Redistribution and use in source and binary forms, with or without | |
17 * modification, are permitted provided that the following conditions | |
18 * are met: | |
19 * | |
20 * Redistributions of source code must retain the above copyright | |
21 * notice, this list of conditions and the following disclaimer. | |
22 * | |
23 * Redistributions in binary form must reproduce the above | |
24 * copyright notice, this list of conditions and the following | |
25 * disclaimer in the documentation and/or other materials provided | |
26 * with the distribution. | |
27 * | |
28 * Neither the name of the Cisco Systems, Inc. nor the names of its | |
29 * contributors may be used to endorse or promote products derived | |
30 * from this software without specific prior written permission. | |
31 * | |
32 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
33 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
34 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | |
35 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE | |
36 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
37 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
38 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
39 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
40 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
41 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
42 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
43 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
44 * | |
45 */ | |
46 | |
47 #ifdef HAVE_CONFIG_H | |
48 #include <config.h> | |
49 #endif | |
50 | |
51 #include <openssl/evp.h> | |
52 #include "aes_icm_ossl.h" | |
53 #include "aes_gcm_ossl.h" | |
54 #include "alloc.h" | |
55 #include "crypto_types.h" | |
56 | |
57 | |
58 debug_module_t mod_aes_gcm = { | |
59 0, /* debugging is off by default */ | |
60 "aes gcm" /* printable module name */ | |
61 }; | |
62 | |
63 /* | |
64 * The following are the global singleton instances for the | |
65 * 128-bit and 256-bit GCM ciphers. | |
66 */ | |
67 extern cipher_type_t aes_gcm_128_openssl; | |
68 extern cipher_type_t aes_gcm_256_openssl; | |
69 | |
70 /* | |
71 * For now we only support 8 and 16 octet tags. The spec allows for | |
72 * optional 12 byte tag, which may be supported in the future. | |
73 */ | |
74 #define GCM_AUTH_TAG_LEN 16 | |
75 #define GCM_AUTH_TAG_LEN_8 8 | |
76 | |
77 | |
78 /* | |
79 * This function allocates a new instance of this crypto engine. | |
80 * The key_len parameter should be one of 28 or 44 for | |
81 * AES-128-GCM or AES-256-GCM respectively. Note that the | |
82 * key length includes the 14 byte salt value that is used when | |
83 * initializing the KDF. | |
84 */ | |
85 err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen) | |
86 { | |
87 aes_gcm_ctx_t *gcm; | |
88 int tmp; | |
89 uint8_t *allptr; | |
90 | |
91 debug_print(mod_aes_gcm, "allocating cipher with key length %d", key_len); | |
92 debug_print(mod_aes_gcm, "allocating cipher with tag length %d", tlen); | |
93 | |
94 /* | |
95 * Verify the key_len is valid for one of: AES-128/256 | |
96 */ | |
97 if (key_len != AES_128_GCM_KEYSIZE_WSALT && | |
98 key_len != AES_256_GCM_KEYSIZE_WSALT) { | |
99 return (err_status_bad_param); | |
100 } | |
101 | |
102 if (tlen != GCM_AUTH_TAG_LEN && | |
103 tlen != GCM_AUTH_TAG_LEN_8) { | |
104 return (err_status_bad_param); | |
105 } | |
106 | |
107 /* allocate memory a cipher of type aes_gcm */ | |
108 tmp = sizeof(cipher_t) + sizeof(aes_gcm_ctx_t); | |
109 allptr = crypto_alloc(tmp); | |
110 if (allptr == NULL) { | |
111 return (err_status_alloc_fail); | |
112 } | |
113 | |
114 /* set pointers */ | |
115 *c = (cipher_t*)allptr; | |
116 (*c)->state = allptr + sizeof(cipher_t); | |
117 gcm = (aes_gcm_ctx_t *)(*c)->state; | |
118 | |
119 /* increment ref_count */ | |
120 switch (key_len) { | |
121 case AES_128_GCM_KEYSIZE_WSALT: | |
122 (*c)->type = &aes_gcm_128_openssl; | |
123 (*c)->algorithm = AES_128_GCM; | |
124 aes_gcm_128_openssl.ref_count++; | |
125 ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE; | |
126 ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen; | |
127 break; | |
128 case AES_256_GCM_KEYSIZE_WSALT: | |
129 (*c)->type = &aes_gcm_256_openssl; | |
130 (*c)->algorithm = AES_256_GCM; | |
131 aes_gcm_256_openssl.ref_count++; | |
132 ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE; | |
133 ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen; | |
134 break; | |
135 } | |
136 | |
137 /* set key size */ | |
138 (*c)->key_len = key_len; | |
139 EVP_CIPHER_CTX_init(&gcm->ctx); | |
140 | |
141 return (err_status_ok); | |
142 } | |
143 | |
144 | |
145 /* | |
146 * This function deallocates a GCM session | |
147 */ | |
148 err_status_t aes_gcm_openssl_dealloc (cipher_t *c) | |
149 { | |
150 aes_gcm_ctx_t *ctx; | |
151 | |
152 ctx = (aes_gcm_ctx_t*)c->state; | |
153 if (ctx) { | |
154 EVP_CIPHER_CTX_cleanup(&ctx->ctx); | |
155 /* decrement ref_count for the appropriate engine */ | |
156 switch (ctx->key_size) { | |
157 case AES_256_KEYSIZE: | |
158 aes_gcm_256_openssl.ref_count--; | |
159 break; | |
160 case AES_128_KEYSIZE: | |
161 aes_gcm_128_openssl.ref_count--; | |
162 break; | |
163 default: | |
164 return (err_status_dealloc_fail); | |
165 break; | |
166 } | |
167 } | |
168 | |
169 /* zeroize entire state*/ | |
170 octet_string_set_to_zero((uint8_t*)c, sizeof(cipher_t) + sizeof(aes_gcm_ctx_
t)); | |
171 | |
172 /* free memory */ | |
173 crypto_free(c); | |
174 | |
175 return (err_status_ok); | |
176 } | |
177 | |
178 /* | |
179 * aes_gcm_openssl_context_init(...) initializes the aes_gcm_context | |
180 * using the value in key[]. | |
181 * | |
182 * the key is the secret key | |
183 */ | |
184 err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key) | |
185 { | |
186 c->dir = direction_any; | |
187 | |
188 /* copy key to be used later when CiscoSSL crypto context is created */ | |
189 v128_copy_octet_string((v128_t*)&c->key, key); | |
190 | |
191 if (c->key_size == AES_256_KEYSIZE) { | |
192 debug_print(mod_aes_gcm, "Copying last 16 bytes of key: %s", | |
193 v128_hex_string((v128_t*)(key + AES_128_KEYSIZE))); | |
194 v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, | |
195 key + AES_128_KEYSIZE); | |
196 } | |
197 | |
198 debug_print(mod_aes_gcm, "key: %s", v128_hex_string((v128_t*)&c->key)); | |
199 | |
200 EVP_CIPHER_CTX_cleanup(&c->ctx); | |
201 | |
202 return (err_status_ok); | |
203 } | |
204 | |
205 | |
206 /* | |
207 * aes_gcm_openssl_set_iv(c, iv) sets the counter value to the exor of iv with | |
208 * the offset | |
209 */ | |
210 err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv, | |
211 int direction) | |
212 { | |
213 const EVP_CIPHER *evp; | |
214 | |
215 if (direction != direction_encrypt && direction != direction_decrypt) { | |
216 return (err_status_bad_param); | |
217 } | |
218 c->dir = direction; | |
219 | |
220 debug_print(mod_aes_gcm, "setting iv: %s", v128_hex_string(iv)); | |
221 | |
222 switch (c->key_size) { | |
223 case AES_256_KEYSIZE: | |
224 evp = EVP_aes_256_gcm(); | |
225 break; | |
226 case AES_128_KEYSIZE: | |
227 evp = EVP_aes_128_gcm(); | |
228 break; | |
229 default: | |
230 return (err_status_bad_param); | |
231 break; | |
232 } | |
233 | |
234 if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8, | |
235 NULL, (c->dir == direction_encrypt ? 1 : 0))) { | |
236 return (err_status_init_fail); | |
237 } | |
238 | |
239 /* set IV len and the IV value, the followiong 3 calls are required */ | |
240 if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) { | |
241 return (err_status_init_fail); | |
242 } | |
243 if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) { | |
244 return (err_status_init_fail); | |
245 } | |
246 if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) { | |
247 return (err_status_init_fail); | |
248 } | |
249 | |
250 return (err_status_ok); | |
251 } | |
252 | |
253 /* | |
254 * This function processes the AAD | |
255 * | |
256 * Parameters: | |
257 * c Crypto context | |
258 * aad Additional data to process for AEAD cipher suites | |
259 * aad_len length of aad buffer | |
260 */ | |
261 err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c, unsigned char *aad, | |
262 unsigned int aad_len) | |
263 { | |
264 int rv; | |
265 | |
266 /* | |
267 * Set dummy tag, OpenSSL requires the Tag to be set before | |
268 * processing AAD | |
269 */ | |
270 unsigned char dummy_tag[GCM_AUTH_TAG_LEN]; | |
271 memset(dummy_tag, 0x0, GCM_AUTH_TAG_LEN); | |
272 EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, &dummy_tag); | |
273 | |
274 rv = EVP_Cipher(&c->ctx, NULL, aad, aad_len); | |
275 if (rv != aad_len) { | |
276 return (err_status_algo_fail); | |
277 } else { | |
278 return (err_status_ok); | |
279 } | |
280 } | |
281 | |
282 /* | |
283 * This function encrypts a buffer using AES GCM mode | |
284 * | |
285 * Parameters: | |
286 * c Crypto context | |
287 * buf data to encrypt | |
288 * enc_len length of encrypt buffer | |
289 */ | |
290 err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c, unsigned char *buf, | |
291 unsigned int *enc_len) | |
292 { | |
293 if (c->dir != direction_encrypt && c->dir != direction_decrypt) { | |
294 return (err_status_bad_param); | |
295 } | |
296 | |
297 /* | |
298 * Encrypt the data | |
299 */ | |
300 EVP_Cipher(&c->ctx, buf, buf, *enc_len); | |
301 | |
302 return (err_status_ok); | |
303 } | |
304 | |
305 /* | |
306 * This function calculates and returns the GCM tag for a given context. | |
307 * This should be called after encrypting the data. The *len value | |
308 * is increased by the tag size. The caller must ensure that *buf has | |
309 * enough room to accept the appended tag. | |
310 * | |
311 * Parameters: | |
312 * c Crypto context | |
313 * buf data to encrypt | |
314 * len length of encrypt buffer | |
315 */ | |
316 err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c, unsigned char *buf, | |
317 int *len) | |
318 { | |
319 /* | |
320 * Calculate the tag | |
321 */ | |
322 EVP_Cipher(&c->ctx, NULL, NULL, 0); | |
323 | |
324 /* | |
325 * Retreive the tag | |
326 */ | |
327 EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf); | |
328 | |
329 /* | |
330 * Increase encryption length by desired tag size | |
331 */ | |
332 *len = c->tag_len; | |
333 | |
334 return (err_status_ok); | |
335 } | |
336 | |
337 | |
338 /* | |
339 * This function decrypts a buffer using AES GCM mode | |
340 * | |
341 * Parameters: | |
342 * c Crypto context | |
343 * buf data to encrypt | |
344 * enc_len length of encrypt buffer | |
345 */ | |
346 err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf, | |
347 unsigned int *enc_len) | |
348 { | |
349 if (c->dir != direction_encrypt && c->dir != direction_decrypt) { | |
350 return (err_status_bad_param); | |
351 } | |
352 | |
353 /* | |
354 * Set the tag before decrypting | |
355 */ | |
356 EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, | |
357 buf + (*enc_len - c->tag_len)); | |
358 EVP_Cipher(&c->ctx, buf, buf, *enc_len - c->tag_len); | |
359 | |
360 /* | |
361 * Check the tag | |
362 */ | |
363 if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) { | |
364 return (err_status_auth_fail); | |
365 } | |
366 | |
367 /* | |
368 * Reduce the buffer size by the tag length since the tag | |
369 * is not part of the original payload | |
370 */ | |
371 *enc_len -= c->tag_len; | |
372 | |
373 return (err_status_ok); | |
374 } | |
375 | |
376 | |
377 | |
378 /* | |
379 * Name of this crypto engine | |
380 */ | |
381 char aes_gcm_128_openssl_description[] = "AES-128 GCM using openssl"; | |
382 char aes_gcm_256_openssl_description[] = "AES-256 GCM using openssl"; | |
383 | |
384 | |
385 /* | |
386 * KAT values for AES self-test. These | |
387 * values we're derived from independent test code | |
388 * using OpenSSL. | |
389 */ | |
390 uint8_t aes_gcm_test_case_0_key[AES_128_GCM_KEYSIZE_WSALT] = { | |
391 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, | |
392 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, | |
393 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, | |
394 0x09, 0x0a, 0x0b, 0x0c, | |
395 }; | |
396 | |
397 uint8_t aes_gcm_test_case_0_iv[12] = { | |
398 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, | |
399 0xde, 0xca, 0xf8, 0x88 | |
400 }; | |
401 | |
402 uint8_t aes_gcm_test_case_0_plaintext[60] = { | |
403 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, | |
404 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, | |
405 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, | |
406 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, | |
407 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, | |
408 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, | |
409 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, | |
410 0xba, 0x63, 0x7b, 0x39 | |
411 }; | |
412 | |
413 uint8_t aes_gcm_test_case_0_aad[20] = { | |
414 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, | |
415 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, | |
416 0xab, 0xad, 0xda, 0xd2 | |
417 }; | |
418 | |
419 uint8_t aes_gcm_test_case_0_ciphertext[76] = { | |
420 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, | |
421 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, | |
422 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, | |
423 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, | |
424 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, | |
425 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, | |
426 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, | |
427 0x3d, 0x58, 0xe0, 0x91, | |
428 /* the last 16 bytes are the tag */ | |
429 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, | |
430 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47, | |
431 }; | |
432 | |
433 cipher_test_case_t aes_gcm_test_case_0a = { | |
434 AES_128_GCM_KEYSIZE_WSALT, /* octets in key */ | |
435 aes_gcm_test_case_0_key, /* key */ | |
436 aes_gcm_test_case_0_iv, /* packet index */ | |
437 60, /* octets in plaintext */ | |
438 aes_gcm_test_case_0_plaintext, /* plaintext */ | |
439 68, /* octets in ciphertext */ | |
440 aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */ | |
441 20, /* octets in AAD */ | |
442 aes_gcm_test_case_0_aad, /* AAD */ | |
443 GCM_AUTH_TAG_LEN_8, | |
444 NULL /* pointer to next testcase */ | |
445 }; | |
446 | |
447 cipher_test_case_t aes_gcm_test_case_0 = { | |
448 AES_128_GCM_KEYSIZE_WSALT, /* octets in key */ | |
449 aes_gcm_test_case_0_key, /* key */ | |
450 aes_gcm_test_case_0_iv, /* packet index */ | |
451 60, /* octets in plaintext */ | |
452 aes_gcm_test_case_0_plaintext, /* plaintext */ | |
453 76, /* octets in ciphertext */ | |
454 aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */ | |
455 20, /* octets in AAD */ | |
456 aes_gcm_test_case_0_aad, /* AAD */ | |
457 GCM_AUTH_TAG_LEN, | |
458 &aes_gcm_test_case_0a /* pointer to next testcase */ | |
459 }; | |
460 | |
461 uint8_t aes_gcm_test_case_1_key[AES_256_GCM_KEYSIZE_WSALT] = { | |
462 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, | |
463 0xa5, 0x59, 0x09, 0xc5, 0x54, 0x66, 0x93, 0x1c, | |
464 0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2, | |
465 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, | |
466 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, | |
467 0x09, 0x0a, 0x0b, 0x0c, | |
468 | |
469 }; | |
470 | |
471 uint8_t aes_gcm_test_case_1_iv[12] = { | |
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, | |
473 0xde, 0xca, 0xf8, 0x88 | |
474 }; | |
475 | |
476 uint8_t aes_gcm_test_case_1_plaintext[60] = { | |
477 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, | |
478 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, | |
479 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, | |
480 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, | |
481 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, | |
482 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, | |
483 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, | |
484 0xba, 0x63, 0x7b, 0x39 | |
485 }; | |
486 | |
487 uint8_t aes_gcm_test_case_1_aad[20] = { | |
488 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, | |
489 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, | |
490 0xab, 0xad, 0xda, 0xd2 | |
491 }; | |
492 | |
493 uint8_t aes_gcm_test_case_1_ciphertext[76] = { | |
494 0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46, | |
495 0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a, | |
496 0x94, 0x82, 0xca, 0xab, 0x3e, 0x39, 0xd7, 0x86, | |
497 0x1b, 0xc7, 0x93, 0xed, 0x75, 0x7f, 0x23, 0x5a, | |
498 0xda, 0xfd, 0xd3, 0xe2, 0x0e, 0x80, 0x87, 0xa9, | |
499 0x6d, 0xd7, 0xe2, 0x6a, 0x7d, 0x5f, 0xb4, 0x80, | |
500 0xef, 0xef, 0xc5, 0x29, 0x12, 0xd1, 0xaa, 0x10, | |
501 0x09, 0xc9, 0x86, 0xc1, | |
502 /* the last 16 bytes are the tag */ | |
503 0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f, | |
504 0x81, 0xcb, 0x8e, 0x5b, 0x46, 0x65, 0x63, 0x1d, | |
505 }; | |
506 | |
507 cipher_test_case_t aes_gcm_test_case_1a = { | |
508 AES_256_GCM_KEYSIZE_WSALT, /* octets in key */ | |
509 aes_gcm_test_case_1_key, /* key */ | |
510 aes_gcm_test_case_1_iv, /* packet index */ | |
511 60, /* octets in plaintext */ | |
512 aes_gcm_test_case_1_plaintext, /* plaintext */ | |
513 68, /* octets in ciphertext */ | |
514 aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */ | |
515 20, /* octets in AAD */ | |
516 aes_gcm_test_case_1_aad, /* AAD */ | |
517 GCM_AUTH_TAG_LEN_8, | |
518 NULL /* pointer to next testcase */ | |
519 }; | |
520 | |
521 cipher_test_case_t aes_gcm_test_case_1 = { | |
522 AES_256_GCM_KEYSIZE_WSALT, /* octets in key */ | |
523 aes_gcm_test_case_1_key, /* key */ | |
524 aes_gcm_test_case_1_iv, /* packet index */ | |
525 60, /* octets in plaintext */ | |
526 aes_gcm_test_case_1_plaintext, /* plaintext */ | |
527 76, /* octets in ciphertext */ | |
528 aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */ | |
529 20, /* octets in AAD */ | |
530 aes_gcm_test_case_1_aad, /* AAD */ | |
531 GCM_AUTH_TAG_LEN, | |
532 &aes_gcm_test_case_1a /* pointer to next testcase */ | |
533 }; | |
534 | |
535 /* | |
536 * This is the vector function table for this crypto engine. | |
537 */ | |
538 cipher_type_t aes_gcm_128_openssl = { | |
539 (cipher_alloc_func_t) aes_gcm_openssl_alloc, | |
540 (cipher_dealloc_func_t) aes_gcm_openssl_dealloc, | |
541 (cipher_init_func_t) aes_gcm_openssl_context_init, | |
542 (cipher_set_aad_func_t) aes_gcm_openssl_set_aad, | |
543 (cipher_encrypt_func_t) aes_gcm_openssl_encrypt, | |
544 (cipher_decrypt_func_t) aes_gcm_openssl_decrypt, | |
545 (cipher_set_iv_func_t) aes_gcm_openssl_set_iv, | |
546 (cipher_get_tag_func_t) aes_gcm_openssl_get_tag, | |
547 (char*) aes_gcm_128_openssl_description, | |
548 (int) 0, /* instance count */ | |
549 (cipher_test_case_t*) &aes_gcm_test_case_0, | |
550 (debug_module_t*) &mod_aes_gcm, | |
551 (cipher_type_id_t) AES_128_GCM | |
552 }; | |
553 | |
554 /* | |
555 * This is the vector function table for this crypto engine. | |
556 */ | |
557 cipher_type_t aes_gcm_256_openssl = { | |
558 (cipher_alloc_func_t) aes_gcm_openssl_alloc, | |
559 (cipher_dealloc_func_t) aes_gcm_openssl_dealloc, | |
560 (cipher_init_func_t) aes_gcm_openssl_context_init, | |
561 (cipher_set_aad_func_t) aes_gcm_openssl_set_aad, | |
562 (cipher_encrypt_func_t) aes_gcm_openssl_encrypt, | |
563 (cipher_decrypt_func_t) aes_gcm_openssl_decrypt, | |
564 (cipher_set_iv_func_t) aes_gcm_openssl_set_iv, | |
565 (cipher_get_tag_func_t) aes_gcm_openssl_get_tag, | |
566 (char*) aes_gcm_256_openssl_description, | |
567 (int) 0, /* instance count */ | |
568 (cipher_test_case_t*) &aes_gcm_test_case_1, | |
569 (debug_module_t*) &mod_aes_gcm, | |
570 (cipher_type_id_t) AES_256_GCM | |
571 }; | |
572 | |
OLD | NEW |