777
/* Test a single encryption and decryption with each key size. */
781
RIJNDAEL_context ctx;
784
/* The test vectors are from the AES supplied ones; more or less
785
* randomly taken from ecb_tbl.txt (I=42,81,14)
787
static byte plaintext[16] = {
788
0x01,0x4B,0xAF,0x22,0x78,0xA6,0x9D,0x33,
789
0x1D,0x51,0x80,0x10,0x36,0x43,0xE9,0x9A
791
static byte key[16] = {
792
0xE8,0xE9,0xEA,0xEB,0xED,0xEE,0xEF,0xF0,
793
0xF2,0xF3,0xF4,0xF5,0xF7,0xF8,0xF9,0xFA
795
static const byte ciphertext[16] = {
796
0x67,0x43,0xC3,0xD1,0x51,0x9A,0xB4,0xF2,
797
0xCD,0x9A,0x78,0xAB,0x09,0xA5,0x11,0xBD
800
static byte plaintext_192[16] = {
801
0x76,0x77,0x74,0x75,0xF1,0xF2,0xF3,0xF4,
802
0xF8,0xF9,0xE6,0xE7,0x77,0x70,0x71,0x72
804
static byte key_192[24] = {
805
0x04,0x05,0x06,0x07,0x09,0x0A,0x0B,0x0C,
806
0x0E,0x0F,0x10,0x11,0x13,0x14,0x15,0x16,
807
0x18,0x19,0x1A,0x1B,0x1D,0x1E,0x1F,0x20
809
static const byte ciphertext_192[16] = {
810
0x5D,0x1E,0xF2,0x0D,0xCE,0xD6,0xBC,0xBC,
811
0x12,0x13,0x1A,0xC7,0xC5,0x47,0x88,0xAA
806
/* Run the self-tests for AES 128. Returns NULL on success. */
808
selftest_basic_128 (void)
810
RIJNDAEL_context ctx;
811
unsigned char scratch[16];
813
/* The test vectors are from the AES supplied ones; more or less
814
randomly taken from ecb_tbl.txt (I=42,81,14) */
815
static const unsigned char plaintext_128[16] =
817
0x01,0x4B,0xAF,0x22,0x78,0xA6,0x9D,0x33,
818
0x1D,0x51,0x80,0x10,0x36,0x43,0xE9,0x9A
820
static const unsigned char key_128[16] =
822
0xE8,0xE9,0xEA,0xEB,0xED,0xEE,0xEF,0xF0,
823
0xF2,0xF3,0xF4,0xF5,0xF7,0xF8,0xF9,0xFA
825
static const unsigned char ciphertext_128[16] =
827
0x67,0x43,0xC3,0xD1,0x51,0x9A,0xB4,0xF2,
828
0xCD,0x9A,0x78,0xAB,0x09,0xA5,0x11,0xBD
831
rijndael_setkey (&ctx, key_128, sizeof (key_128));
832
rijndael_encrypt (&ctx, scratch, plaintext_128);
833
if (memcmp (scratch, ciphertext_128, sizeof (ciphertext_128)))
834
return "AES-128 test encryption failed.";
835
rijndael_decrypt (&ctx, scratch, scratch);
836
if (memcmp (scratch, plaintext_128, sizeof (plaintext_128)))
837
return "AES-128 test decryption failed.";
842
/* Run the self-tests for AES 192. Returns NULL on success. */
844
selftest_basic_192 (void)
846
RIJNDAEL_context ctx;
847
unsigned char scratch[16];
849
static unsigned char plaintext_192[16] =
851
0x76,0x77,0x74,0x75,0xF1,0xF2,0xF3,0xF4,
852
0xF8,0xF9,0xE6,0xE7,0x77,0x70,0x71,0x72
854
static unsigned char key_192[24] =
856
0x04,0x05,0x06,0x07,0x09,0x0A,0x0B,0x0C,
857
0x0E,0x0F,0x10,0x11,0x13,0x14,0x15,0x16,
858
0x18,0x19,0x1A,0x1B,0x1D,0x1E,0x1F,0x20
860
static const unsigned char ciphertext_192[16] =
862
0x5D,0x1E,0xF2,0x0D,0xCE,0xD6,0xBC,0xBC,
863
0x12,0x13,0x1A,0xC7,0xC5,0x47,0x88,0xAA
814
static byte plaintext_256[16] = {
815
0x06,0x9A,0x00,0x7F,0xC7,0x6A,0x45,0x9F,
816
0x98,0xBA,0xF9,0x17,0xFE,0xDF,0x95,0x21
818
static byte key_256[32] = {
819
0x08,0x09,0x0A,0x0B,0x0D,0x0E,0x0F,0x10,
820
0x12,0x13,0x14,0x15,0x17,0x18,0x19,0x1A,
821
0x1C,0x1D,0x1E,0x1F,0x21,0x22,0x23,0x24,
822
0x26,0x27,0x28,0x29,0x2B,0x2C,0x2D,0x2E
824
static const byte ciphertext_256[16] = {
825
0x08,0x0E,0x95,0x17,0xEB,0x16,0x77,0x71,
826
0x9A,0xCF,0x72,0x80,0x86,0x04,0x0A,0xE3
829
rijndael_setkey (&ctx, key, sizeof(key));
830
rijndael_encrypt (&ctx, scratch, plaintext);
831
if (memcmp (scratch, ciphertext, sizeof (ciphertext)))
832
return "Rijndael-128 test encryption failed.";
833
rijndael_decrypt (&ctx, scratch, scratch);
834
if (memcmp (scratch, plaintext, sizeof (plaintext)))
835
return "Rijndael-128 test decryption failed.";
837
866
rijndael_setkey (&ctx, key_192, sizeof(key_192));
838
867
rijndael_encrypt (&ctx, scratch, plaintext_192);
839
868
if (memcmp (scratch, ciphertext_192, sizeof (ciphertext_192)))
840
return "Rijndael-192 test encryption failed.";
869
return "AES-192 test encryption failed.";
841
870
rijndael_decrypt (&ctx, scratch, scratch);
842
871
if (memcmp (scratch, plaintext_192, sizeof (plaintext_192)))
843
return "Rijndael-192 test decryption failed.";
872
return "AES-192 test decryption failed.";
878
/* Run the self-tests for AES 256. Returns NULL on success. */
880
selftest_basic_256 (void)
882
RIJNDAEL_context ctx;
883
unsigned char scratch[16];
885
static unsigned char plaintext_256[16] =
887
0x06,0x9A,0x00,0x7F,0xC7,0x6A,0x45,0x9F,
888
0x98,0xBA,0xF9,0x17,0xFE,0xDF,0x95,0x21
890
static unsigned char key_256[32] =
892
0x08,0x09,0x0A,0x0B,0x0D,0x0E,0x0F,0x10,
893
0x12,0x13,0x14,0x15,0x17,0x18,0x19,0x1A,
894
0x1C,0x1D,0x1E,0x1F,0x21,0x22,0x23,0x24,
895
0x26,0x27,0x28,0x29,0x2B,0x2C,0x2D,0x2E
897
static const unsigned char ciphertext_256[16] =
899
0x08,0x0E,0x95,0x17,0xEB,0x16,0x77,0x71,
900
0x9A,0xCF,0x72,0x80,0x86,0x04,0x0A,0xE3
845
903
rijndael_setkey (&ctx, key_256, sizeof(key_256));
846
904
rijndael_encrypt (&ctx, scratch, plaintext_256);
847
905
if (memcmp (scratch, ciphertext_256, sizeof (ciphertext_256)))
848
return "Rijndael-256 test encryption failed.";
906
return "AES-256 test encryption failed.";
849
907
rijndael_decrypt (&ctx, scratch, scratch);
850
908
if (memcmp (scratch, plaintext_256, sizeof (plaintext_256)))
851
return "Rijndael-256 test decryption failed.";
909
return "AES-256 test decryption failed.";
914
/* Run all the self-tests and return NULL on success. This function
915
is used for the on-the-fly self-tests. */
921
if ( (r = selftest_basic_128 ())
922
|| (r = selftest_basic_192 ())
923
|| (r = selftest_basic_256 ()) )
930
/* SP800-38a.pdf for AES-128. */
932
selftest_fips_128_38a (int requested_mode)
937
const unsigned char key[16];
938
const unsigned char iv[16];
941
const unsigned char input[16];
942
const unsigned char output[16];
947
GCRY_CIPHER_MODE_CFB, /* F.3.13, CFB128-AES128 */
948
{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
949
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
950
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
951
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
953
{ { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
954
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a },
955
{ 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20,
956
0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a } },
958
{ { 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
959
0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51 },
960
{ 0xc8, 0xa6, 0x45, 0x37, 0xa0, 0xb3, 0xa9, 0x3f,
961
0xcd, 0xe3, 0xcd, 0xad, 0x9f, 0x1c, 0xe5, 0x8b } },
963
{ { 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
964
0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef },
965
{ 0x26, 0x75, 0x1f, 0x67, 0xa3, 0xcb, 0xb1, 0x40,
966
0xb1, 0x80, 0x8c, 0xf1, 0x87, 0xa4, 0xf4, 0xdf } },
968
{ { 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
969
0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
970
{ 0xc0, 0x4b, 0x05, 0x35, 0x7c, 0x5d, 0x1c, 0x0e,
971
0xea, 0xc4, 0xc6, 0x6f, 0x9f, 0xf7, 0xf2, 0xe6 } }
975
GCRY_CIPHER_MODE_OFB,
976
{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
977
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
978
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
979
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
981
{ { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
982
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a },
983
{ 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20,
984
0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a } },
986
{ { 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
987
0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51 },
988
{ 0x77, 0x89, 0x50, 0x8d, 0x16, 0x91, 0x8f, 0x03,
989
0xf5, 0x3c, 0x52, 0xda, 0xc5, 0x4e, 0xd8, 0x25 } },
991
{ { 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
992
0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef },
993
{ 0x97, 0x40, 0x05, 0x1e, 0x9c, 0x5f, 0xec, 0xf6,
994
0x43, 0x44, 0xf7, 0xa8, 0x22, 0x60, 0xed, 0xcc } },
996
{ { 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
997
0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
998
{ 0x30, 0x4c, 0x65, 0x28, 0xf6, 0x59, 0xc7, 0x78,
999
0x66, 0xa5, 0x10, 0xd9, 0xc1, 0xd6, 0xae, 0x5e } },
1003
unsigned char scratch[16];
1006
gcry_cipher_hd_t hdenc = NULL;
1007
gcry_cipher_hd_t hddec = NULL;
1009
#define Fail(a) do { \
1010
_gcry_cipher_close (hdenc); \
1011
_gcry_cipher_close (hddec); \
1015
gcry_assert (sizeof tv[0].data[0].input == sizeof scratch);
1016
gcry_assert (sizeof tv[0].data[0].output == sizeof scratch);
1018
for (tvi=0; tvi < DIM (tv); tvi++)
1019
if (tv[tvi].mode == requested_mode)
1021
if (tvi == DIM (tv))
1022
Fail ("no test data for this mode");
1024
err = _gcry_cipher_open (&hdenc, GCRY_CIPHER_AES, tv[tvi].mode, 0);
1027
err = _gcry_cipher_open (&hddec, GCRY_CIPHER_AES, tv[tvi].mode, 0);
1030
err = _gcry_cipher_setkey (hdenc, tv[tvi].key, sizeof tv[tvi].key);
1032
err = _gcry_cipher_setkey (hddec, tv[tvi].key, sizeof tv[tvi].key);
1035
err = _gcry_cipher_setiv (hdenc, tv[tvi].iv, sizeof tv[tvi].iv);
1037
err = _gcry_cipher_setiv (hddec, tv[tvi].iv, sizeof tv[tvi].iv);
1040
for (idx=0; idx < DIM (tv[tvi].data); idx++)
1042
err = _gcry_cipher_encrypt (hdenc, scratch, sizeof scratch,
1043
tv[tvi].data[idx].input,
1044
sizeof tv[tvi].data[idx].input);
1046
Fail ("encrypt command");
1047
if (memcmp (scratch, tv[tvi].data[idx].output, sizeof scratch))
1048
Fail ("encrypt mismatch");
1049
err = _gcry_cipher_decrypt (hddec, scratch, sizeof scratch,
1050
tv[tvi].data[idx].output,
1051
sizeof tv[tvi].data[idx].output);
1053
Fail ("decrypt command");
1054
if (memcmp (scratch, tv[tvi].data[idx].input, sizeof scratch))
1055
Fail ("decrypt mismatch");
1059
_gcry_cipher_close (hdenc);
1060
_gcry_cipher_close (hddec);
1065
/* Complete selftest for AES-128 with all modes and driver code. */
1066
static gpg_err_code_t
1067
selftest_fips_128 (int extended, selftest_report_func_t report)
1073
errtxt = selftest_basic_128 ();
1080
errtxt = selftest_fips_128_38a (GCRY_CIPHER_MODE_CFB);
1085
errtxt = selftest_fips_128_38a (GCRY_CIPHER_MODE_OFB);
1090
return 0; /* Succeeded. */
1094
report ("cipher", GCRY_CIPHER_AES128, what, errtxt);
1095
return GPG_ERR_SELFTEST_FAILED;
1098
/* Complete selftest for AES-192. */
1099
static gpg_err_code_t
1100
selftest_fips_192 (int extended, selftest_report_func_t report)
1105
(void)extended; /* No extended tests available. */
1108
errtxt = selftest_basic_192 ();
1113
return 0; /* Succeeded. */
1117
report ("cipher", GCRY_CIPHER_AES192, what, errtxt);
1118
return GPG_ERR_SELFTEST_FAILED;
1122
/* Complete selftest for AES-256. */
1123
static gpg_err_code_t
1124
selftest_fips_256 (int extended, selftest_report_func_t report)
1129
(void)extended; /* No extended tests available. */
1132
errtxt = selftest_basic_256 ();
1136
return 0; /* Succeeded. */
1140
report ("cipher", GCRY_CIPHER_AES256, what, errtxt);
1141
return GPG_ERR_SELFTEST_FAILED;
1146
/* Run a full self-test for ALGO and return 0 on success. */
1147
static gpg_err_code_t
1148
run_selftests (int algo, int extended, selftest_report_func_t report)
1154
case GCRY_CIPHER_AES128:
1155
ec = selftest_fips_128 (extended, report);
1157
case GCRY_CIPHER_AES192:
1158
ec = selftest_fips_192 (extended, report);
1160
case GCRY_CIPHER_AES256:
1161
ec = selftest_fips_256 (extended, report);
1164
ec = GPG_ERR_CIPHER_ALGO;
858
1174
static const char *rijndael_names[] =