OLD | NEW |
(Empty) | |
| 1 /* |
| 2 * aes_gcm_ossl.c |
| 3 * |
| 4 * AES Galois Counter Mode |
| 5 * |
| 6 * John A. Foley |
| 7 * Cisco Systems, Inc. |
| 8 * |
| 9 */ |
| 10 |
| 11 /* |
| 12 * |
| 13 * Copyright (c) 2013, Cisco Systems, Inc. |
| 14 * All rights reserved. |
| 15 * |
| 16 * Redistribution and use in source and binary forms, with or without |
| 17 * modification, are permitted provided that the following conditions |
| 18 * are met: |
| 19 * |
| 20 * Redistributions of source code must retain the above copyright |
| 21 * notice, this list of conditions and the following disclaimer. |
| 22 * |
| 23 * Redistributions in binary form must reproduce the above |
| 24 * copyright notice, this list of conditions and the following |
| 25 * disclaimer in the documentation and/or other materials provided |
| 26 * with the distribution. |
| 27 * |
| 28 * Neither the name of the Cisco Systems, Inc. nor the names of its |
| 29 * contributors may be used to endorse or promote products derived |
| 30 * from this software without specific prior written permission. |
| 31 * |
| 32 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 33 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 34 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| 35 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| 36 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
| 37 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
| 38 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
| 39 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 40 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
| 41 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 42 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 43 * OF THE POSSIBILITY OF SUCH DAMAGE. |
| 44 * |
| 45 */ |
| 46 |
| 47 #ifdef HAVE_CONFIG_H |
| 48 #include <config.h> |
| 49 #endif |
| 50 |
| 51 #include <openssl/evp.h> |
| 52 #include "aes_icm_ossl.h" |
| 53 #include "aes_gcm_ossl.h" |
| 54 #include "alloc.h" |
| 55 #include "crypto_types.h" |
| 56 |
| 57 |
| 58 debug_module_t mod_aes_gcm = { |
| 59 0, /* debugging is off by default */ |
| 60 "aes gcm" /* printable module name */ |
| 61 }; |
| 62 |
| 63 /* |
| 64 * The following are the global singleton instances for the |
| 65 * 128-bit and 256-bit GCM ciphers. |
| 66 */ |
| 67 extern cipher_type_t aes_gcm_128_openssl; |
| 68 extern cipher_type_t aes_gcm_256_openssl; |
| 69 |
| 70 /* |
| 71 * For now we only support 8 and 16 octet tags. The spec allows for |
| 72 * optional 12 byte tag, which may be supported in the future. |
| 73 */ |
| 74 #define GCM_AUTH_TAG_LEN 16 |
| 75 #define GCM_AUTH_TAG_LEN_8 8 |
| 76 |
| 77 |
| 78 /* |
| 79 * This function allocates a new instance of this crypto engine. |
| 80 * The key_len parameter should be one of 28 or 44 for |
| 81 * AES-128-GCM or AES-256-GCM respectively. Note that the |
| 82 * key length includes the 14 byte salt value that is used when |
| 83 * initializing the KDF. |
| 84 */ |
| 85 err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen) |
| 86 { |
| 87 aes_gcm_ctx_t *gcm; |
| 88 int tmp; |
| 89 uint8_t *allptr; |
| 90 |
| 91 debug_print(mod_aes_gcm, "allocating cipher with key length %d", key_len); |
| 92 debug_print(mod_aes_gcm, "allocating cipher with tag length %d", tlen); |
| 93 |
| 94 /* |
| 95 * Verify the key_len is valid for one of: AES-128/256 |
| 96 */ |
| 97 if (key_len != AES_128_GCM_KEYSIZE_WSALT && |
| 98 key_len != AES_256_GCM_KEYSIZE_WSALT) { |
| 99 return (err_status_bad_param); |
| 100 } |
| 101 |
| 102 if (tlen != GCM_AUTH_TAG_LEN && |
| 103 tlen != GCM_AUTH_TAG_LEN_8) { |
| 104 return (err_status_bad_param); |
| 105 } |
| 106 |
| 107 /* allocate memory a cipher of type aes_gcm */ |
| 108 tmp = sizeof(cipher_t) + sizeof(aes_gcm_ctx_t); |
| 109 allptr = crypto_alloc(tmp); |
| 110 if (allptr == NULL) { |
| 111 return (err_status_alloc_fail); |
| 112 } |
| 113 |
| 114 /* set pointers */ |
| 115 *c = (cipher_t*)allptr; |
| 116 (*c)->state = allptr + sizeof(cipher_t); |
| 117 gcm = (aes_gcm_ctx_t *)(*c)->state; |
| 118 |
| 119 /* increment ref_count */ |
| 120 switch (key_len) { |
| 121 case AES_128_GCM_KEYSIZE_WSALT: |
| 122 (*c)->type = &aes_gcm_128_openssl; |
| 123 (*c)->algorithm = AES_128_GCM; |
| 124 aes_gcm_128_openssl.ref_count++; |
| 125 ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE; |
| 126 ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen; |
| 127 break; |
| 128 case AES_256_GCM_KEYSIZE_WSALT: |
| 129 (*c)->type = &aes_gcm_256_openssl; |
| 130 (*c)->algorithm = AES_256_GCM; |
| 131 aes_gcm_256_openssl.ref_count++; |
| 132 ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE; |
| 133 ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen; |
| 134 break; |
| 135 } |
| 136 |
| 137 /* set key size */ |
| 138 (*c)->key_len = key_len; |
| 139 EVP_CIPHER_CTX_init(&gcm->ctx); |
| 140 |
| 141 return (err_status_ok); |
| 142 } |
| 143 |
| 144 |
| 145 /* |
| 146 * This function deallocates a GCM session |
| 147 */ |
| 148 err_status_t aes_gcm_openssl_dealloc (cipher_t *c) |
| 149 { |
| 150 aes_gcm_ctx_t *ctx; |
| 151 |
| 152 ctx = (aes_gcm_ctx_t*)c->state; |
| 153 if (ctx) { |
| 154 EVP_CIPHER_CTX_cleanup(&ctx->ctx); |
| 155 /* decrement ref_count for the appropriate engine */ |
| 156 switch (ctx->key_size) { |
| 157 case AES_256_KEYSIZE: |
| 158 aes_gcm_256_openssl.ref_count--; |
| 159 break; |
| 160 case AES_128_KEYSIZE: |
| 161 aes_gcm_128_openssl.ref_count--; |
| 162 break; |
| 163 default: |
| 164 return (err_status_dealloc_fail); |
| 165 break; |
| 166 } |
| 167 } |
| 168 |
| 169 /* zeroize entire state*/ |
| 170 octet_string_set_to_zero((uint8_t*)c, sizeof(cipher_t) + sizeof(aes_gcm_ctx_
t)); |
| 171 |
| 172 /* free memory */ |
| 173 crypto_free(c); |
| 174 |
| 175 return (err_status_ok); |
| 176 } |
| 177 |
| 178 /* |
| 179 * aes_gcm_openssl_context_init(...) initializes the aes_gcm_context |
| 180 * using the value in key[]. |
| 181 * |
| 182 * the key is the secret key |
| 183 */ |
| 184 err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key) |
| 185 { |
| 186 c->dir = direction_any; |
| 187 |
| 188 /* copy key to be used later when CiscoSSL crypto context is created */ |
| 189 v128_copy_octet_string((v128_t*)&c->key, key); |
| 190 |
| 191 if (c->key_size == AES_256_KEYSIZE) { |
| 192 debug_print(mod_aes_gcm, "Copying last 16 bytes of key: %s", |
| 193 v128_hex_string((v128_t*)(key + AES_128_KEYSIZE))); |
| 194 v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, |
| 195 key + AES_128_KEYSIZE); |
| 196 } |
| 197 |
| 198 debug_print(mod_aes_gcm, "key: %s", v128_hex_string((v128_t*)&c->key)); |
| 199 |
| 200 EVP_CIPHER_CTX_cleanup(&c->ctx); |
| 201 |
| 202 return (err_status_ok); |
| 203 } |
| 204 |
| 205 |
| 206 /* |
| 207 * aes_gcm_openssl_set_iv(c, iv) sets the counter value to the exor of iv with |
| 208 * the offset |
| 209 */ |
| 210 err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv, |
| 211 int direction) |
| 212 { |
| 213 const EVP_CIPHER *evp; |
| 214 v128_t *nonce = iv; |
| 215 |
| 216 if (direction != direction_encrypt && direction != direction_decrypt) { |
| 217 return (err_status_bad_param); |
| 218 } |
| 219 c->dir = direction; |
| 220 |
| 221 debug_print(mod_aes_gcm, "setting iv: %s", v128_hex_string(nonce)); |
| 222 |
| 223 switch (c->key_size) { |
| 224 case AES_256_KEYSIZE: |
| 225 evp = EVP_aes_256_gcm(); |
| 226 break; |
| 227 case AES_128_KEYSIZE: |
| 228 evp = EVP_aes_128_gcm(); |
| 229 break; |
| 230 default: |
| 231 return (err_status_bad_param); |
| 232 break; |
| 233 } |
| 234 |
| 235 if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8, |
| 236 NULL, (c->dir == direction_encrypt ? 1 : 0))) { |
| 237 return (err_status_init_fail); |
| 238 } |
| 239 |
| 240 /* set IV len and the IV value, the followiong 3 calls are required */ |
| 241 if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) { |
| 242 return (err_status_init_fail); |
| 243 } |
| 244 if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) { |
| 245 return (err_status_init_fail); |
| 246 } |
| 247 if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) { |
| 248 return (err_status_init_fail); |
| 249 } |
| 250 |
| 251 return (err_status_ok); |
| 252 } |
| 253 |
| 254 /* |
| 255 * This function processes the AAD |
| 256 * |
| 257 * Parameters: |
| 258 * c Crypto context |
| 259 * aad Additional data to process for AEAD cipher suites |
| 260 * aad_len length of aad buffer |
| 261 */ |
| 262 err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c, unsigned char *aad, |
| 263 unsigned int aad_len) |
| 264 { |
| 265 int rv; |
| 266 |
| 267 /* |
| 268 * Set dummy tag, OpenSSL requires the Tag to be set before |
| 269 * processing AAD |
| 270 */ |
| 271 EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad); |
| 272 |
| 273 rv = EVP_Cipher(&c->ctx, NULL, aad, aad_len); |
| 274 if (rv != aad_len) { |
| 275 return (err_status_algo_fail); |
| 276 } else { |
| 277 return (err_status_ok); |
| 278 } |
| 279 } |
| 280 |
| 281 /* |
| 282 * This function encrypts a buffer using AES GCM mode |
| 283 * |
| 284 * Parameters: |
| 285 * c Crypto context |
| 286 * buf data to encrypt |
| 287 * enc_len length of encrypt buffer |
| 288 */ |
| 289 err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c, unsigned char *buf, |
| 290 unsigned int *enc_len) |
| 291 { |
| 292 if (c->dir != direction_encrypt && c->dir != direction_decrypt) { |
| 293 return (err_status_bad_param); |
| 294 } |
| 295 |
| 296 /* |
| 297 * Encrypt the data |
| 298 */ |
| 299 EVP_Cipher(&c->ctx, buf, buf, *enc_len); |
| 300 |
| 301 return (err_status_ok); |
| 302 } |
| 303 |
| 304 /* |
| 305 * This function calculates and returns the GCM tag for a given context. |
| 306 * This should be called after encrypting the data. The *len value |
| 307 * is increased by the tag size. The caller must ensure that *buf has |
| 308 * enough room to accept the appended tag. |
| 309 * |
| 310 * Parameters: |
| 311 * c Crypto context |
| 312 * buf data to encrypt |
| 313 * len length of encrypt buffer |
| 314 */ |
| 315 err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c, unsigned char *buf, |
| 316 int *len) |
| 317 { |
| 318 /* |
| 319 * Calculate the tag |
| 320 */ |
| 321 EVP_Cipher(&c->ctx, NULL, NULL, 0); |
| 322 |
| 323 /* |
| 324 * Retreive the tag |
| 325 */ |
| 326 EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf); |
| 327 |
| 328 /* |
| 329 * Increase encryption length by desired tag size |
| 330 */ |
| 331 *len = c->tag_len; |
| 332 |
| 333 return (err_status_ok); |
| 334 } |
| 335 |
| 336 |
| 337 /* |
| 338 * This function decrypts a buffer using AES GCM mode |
| 339 * |
| 340 * Parameters: |
| 341 * c Crypto context |
| 342 * buf data to encrypt |
| 343 * enc_len length of encrypt buffer |
| 344 */ |
| 345 err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf, |
| 346 unsigned int *enc_len) |
| 347 { |
| 348 if (c->dir != direction_encrypt && c->dir != direction_decrypt) { |
| 349 return (err_status_bad_param); |
| 350 } |
| 351 |
| 352 /* |
| 353 * Set the tag before decrypting |
| 354 */ |
| 355 EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, |
| 356 buf + (*enc_len - c->tag_len)); |
| 357 EVP_Cipher(&c->ctx, buf, buf, *enc_len - c->tag_len); |
| 358 |
| 359 /* |
| 360 * Check the tag |
| 361 */ |
| 362 if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) { |
| 363 return (err_status_auth_fail); |
| 364 } |
| 365 |
| 366 /* |
| 367 * Reduce the buffer size by the tag length since the tag |
| 368 * is not part of the original payload |
| 369 */ |
| 370 *enc_len -= c->tag_len; |
| 371 |
| 372 return (err_status_ok); |
| 373 } |
| 374 |
| 375 |
| 376 |
| 377 /* |
| 378 * Name of this crypto engine |
| 379 */ |
| 380 char aes_gcm_128_openssl_description[] = "AES-128 GCM using openssl"; |
| 381 char aes_gcm_256_openssl_description[] = "AES-256 GCM using openssl"; |
| 382 |
| 383 |
| 384 /* |
| 385 * KAT values for AES self-test. These |
| 386 * values we're derived from independent test code |
| 387 * using OpenSSL. |
| 388 */ |
| 389 uint8_t aes_gcm_test_case_0_key[AES_128_GCM_KEYSIZE_WSALT] = { |
| 390 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, |
| 391 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, |
| 392 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, |
| 393 0x09, 0x0a, 0x0b, 0x0c, |
| 394 }; |
| 395 |
| 396 uint8_t aes_gcm_test_case_0_iv[12] = { |
| 397 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, |
| 398 0xde, 0xca, 0xf8, 0x88 |
| 399 }; |
| 400 |
| 401 uint8_t aes_gcm_test_case_0_plaintext[60] = { |
| 402 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, |
| 403 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, |
| 404 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, |
| 405 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, |
| 406 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, |
| 407 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, |
| 408 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, |
| 409 0xba, 0x63, 0x7b, 0x39 |
| 410 }; |
| 411 |
| 412 uint8_t aes_gcm_test_case_0_aad[20] = { |
| 413 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, |
| 414 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, |
| 415 0xab, 0xad, 0xda, 0xd2 |
| 416 }; |
| 417 |
| 418 uint8_t aes_gcm_test_case_0_ciphertext[76] = { |
| 419 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, |
| 420 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, |
| 421 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, |
| 422 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, |
| 423 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, |
| 424 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, |
| 425 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, |
| 426 0x3d, 0x58, 0xe0, 0x91, |
| 427 /* the last 16 bytes are the tag */ |
| 428 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, |
| 429 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47, |
| 430 }; |
| 431 |
| 432 cipher_test_case_t aes_gcm_test_case_0a = { |
| 433 AES_128_GCM_KEYSIZE_WSALT, /* octets in key */ |
| 434 aes_gcm_test_case_0_key, /* key */ |
| 435 aes_gcm_test_case_0_iv, /* packet index */ |
| 436 60, /* octets in plaintext */ |
| 437 aes_gcm_test_case_0_plaintext, /* plaintext */ |
| 438 68, /* octets in ciphertext */ |
| 439 aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */ |
| 440 20, /* octets in AAD */ |
| 441 aes_gcm_test_case_0_aad, /* AAD */ |
| 442 GCM_AUTH_TAG_LEN_8, |
| 443 NULL /* pointer to next testcase */ |
| 444 }; |
| 445 |
| 446 cipher_test_case_t aes_gcm_test_case_0 = { |
| 447 AES_128_GCM_KEYSIZE_WSALT, /* octets in key */ |
| 448 aes_gcm_test_case_0_key, /* key */ |
| 449 aes_gcm_test_case_0_iv, /* packet index */ |
| 450 60, /* octets in plaintext */ |
| 451 aes_gcm_test_case_0_plaintext, /* plaintext */ |
| 452 76, /* octets in ciphertext */ |
| 453 aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */ |
| 454 20, /* octets in AAD */ |
| 455 aes_gcm_test_case_0_aad, /* AAD */ |
| 456 GCM_AUTH_TAG_LEN, |
| 457 &aes_gcm_test_case_0a /* pointer to next testcase */ |
| 458 }; |
| 459 |
| 460 uint8_t aes_gcm_test_case_1_key[AES_256_GCM_KEYSIZE_WSALT] = { |
| 461 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, |
| 462 0xa5, 0x59, 0x09, 0xc5, 0x54, 0x66, 0x93, 0x1c, |
| 463 0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2, |
| 464 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, |
| 465 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, |
| 466 0x09, 0x0a, 0x0b, 0x0c, |
| 467 |
| 468 }; |
| 469 |
| 470 uint8_t aes_gcm_test_case_1_iv[12] = { |
| 471 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, |
| 472 0xde, 0xca, 0xf8, 0x88 |
| 473 }; |
| 474 |
| 475 uint8_t aes_gcm_test_case_1_plaintext[60] = { |
| 476 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, |
| 477 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, |
| 478 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, |
| 479 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, |
| 480 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, |
| 481 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, |
| 482 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, |
| 483 0xba, 0x63, 0x7b, 0x39 |
| 484 }; |
| 485 |
| 486 uint8_t aes_gcm_test_case_1_aad[20] = { |
| 487 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, |
| 488 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, |
| 489 0xab, 0xad, 0xda, 0xd2 |
| 490 }; |
| 491 |
| 492 uint8_t aes_gcm_test_case_1_ciphertext[76] = { |
| 493 0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46, |
| 494 0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a, |
| 495 0x94, 0x82, 0xca, 0xab, 0x3e, 0x39, 0xd7, 0x86, |
| 496 0x1b, 0xc7, 0x93, 0xed, 0x75, 0x7f, 0x23, 0x5a, |
| 497 0xda, 0xfd, 0xd3, 0xe2, 0x0e, 0x80, 0x87, 0xa9, |
| 498 0x6d, 0xd7, 0xe2, 0x6a, 0x7d, 0x5f, 0xb4, 0x80, |
| 499 0xef, 0xef, 0xc5, 0x29, 0x12, 0xd1, 0xaa, 0x10, |
| 500 0x09, 0xc9, 0x86, 0xc1, |
| 501 /* the last 16 bytes are the tag */ |
| 502 0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f, |
| 503 0x81, 0xcb, 0x8e, 0x5b, 0x46, 0x65, 0x63, 0x1d, |
| 504 }; |
| 505 |
| 506 cipher_test_case_t aes_gcm_test_case_1a = { |
| 507 AES_256_GCM_KEYSIZE_WSALT, /* octets in key */ |
| 508 aes_gcm_test_case_1_key, /* key */ |
| 509 aes_gcm_test_case_1_iv, /* packet index */ |
| 510 60, /* octets in plaintext */ |
| 511 aes_gcm_test_case_1_plaintext, /* plaintext */ |
| 512 68, /* octets in ciphertext */ |
| 513 aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */ |
| 514 20, /* octets in AAD */ |
| 515 aes_gcm_test_case_1_aad, /* AAD */ |
| 516 GCM_AUTH_TAG_LEN_8, |
| 517 NULL /* pointer to next testcase */ |
| 518 }; |
| 519 |
| 520 cipher_test_case_t aes_gcm_test_case_1 = { |
| 521 AES_256_GCM_KEYSIZE_WSALT, /* octets in key */ |
| 522 aes_gcm_test_case_1_key, /* key */ |
| 523 aes_gcm_test_case_1_iv, /* packet index */ |
| 524 60, /* octets in plaintext */ |
| 525 aes_gcm_test_case_1_plaintext, /* plaintext */ |
| 526 76, /* octets in ciphertext */ |
| 527 aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */ |
| 528 20, /* octets in AAD */ |
| 529 aes_gcm_test_case_1_aad, /* AAD */ |
| 530 GCM_AUTH_TAG_LEN, |
| 531 &aes_gcm_test_case_1a /* pointer to next testcase */ |
| 532 }; |
| 533 |
| 534 /* |
| 535 * This is the vector function table for this crypto engine. |
| 536 */ |
| 537 cipher_type_t aes_gcm_128_openssl = { |
| 538 (cipher_alloc_func_t) aes_gcm_openssl_alloc, |
| 539 (cipher_dealloc_func_t) aes_gcm_openssl_dealloc, |
| 540 (cipher_init_func_t) aes_gcm_openssl_context_init, |
| 541 (cipher_set_aad_func_t) aes_gcm_openssl_set_aad, |
| 542 (cipher_encrypt_func_t) aes_gcm_openssl_encrypt, |
| 543 (cipher_decrypt_func_t) aes_gcm_openssl_decrypt, |
| 544 (cipher_set_iv_func_t) aes_gcm_openssl_set_iv, |
| 545 (cipher_get_tag_func_t) aes_gcm_openssl_get_tag, |
| 546 (char*) aes_gcm_128_openssl_description, |
| 547 (int) 0, /* instance count */ |
| 548 (cipher_test_case_t*) &aes_gcm_test_case_0, |
| 549 (debug_module_t*) &mod_aes_gcm, |
| 550 (cipher_type_id_t) AES_128_GCM |
| 551 }; |
| 552 |
| 553 /* |
| 554 * This is the vector function table for this crypto engine. |
| 555 */ |
| 556 cipher_type_t aes_gcm_256_openssl = { |
| 557 (cipher_alloc_func_t) aes_gcm_openssl_alloc, |
| 558 (cipher_dealloc_func_t) aes_gcm_openssl_dealloc, |
| 559 (cipher_init_func_t) aes_gcm_openssl_context_init, |
| 560 (cipher_set_aad_func_t) aes_gcm_openssl_set_aad, |
| 561 (cipher_encrypt_func_t) aes_gcm_openssl_encrypt, |
| 562 (cipher_decrypt_func_t) aes_gcm_openssl_decrypt, |
| 563 (cipher_set_iv_func_t) aes_gcm_openssl_set_iv, |
| 564 (cipher_get_tag_func_t) aes_gcm_openssl_get_tag, |
| 565 (char*) aes_gcm_256_openssl_description, |
| 566 (int) 0, /* instance count */ |
| 567 (cipher_test_case_t*) &aes_gcm_test_case_1, |
| 568 (debug_module_t*) &mod_aes_gcm, |
| 569 (cipher_type_id_t) AES_256_GCM |
| 570 }; |
| 571 |
OLD | NEW |