FD.io VPP  v21.06-3-gbb25fbf28
Vector Packet Processing
aes_gcm.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2019 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 /* Test vectors published in GCM Specification */
17 
18 #include <vppinfra/clib.h>
19 #include <vnet/crypto/crypto.h>
20 #include <unittest/crypto/crypto.h>
21 
22 static u8 tc1_key128[16] = { 0, };
23 
24 static u8 tc1_iv[12] = { 0, };
25 
26 static u8 tc1_tag128[] = {
27  0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
28  0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a
29 };
30 
31 static u8 tc1_key256[32] = { 0, };
32 
33 static u8 tc1_tag256[] = {
34  0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
35  0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b,
36 };
37 
38 static u8 tc2_ciphertext256[] = {
39  0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
40  0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18
41 };
42 
43 static u8 tc2_tag256[] = {
44  0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
45  0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19
46 };
47 
48 static u8 tc2_plaintext[16] = { 0, };
49 
50 static u8 tc2_tag[] = {
51  0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
52  0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf
53 };
54 
55 static u8 tc2_ciphertext[] = {
56  0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
57  0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78
58 };
59 
60 static u8 tc3_key128[] = {
61  0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
62  0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
63 };
64 
65 static u8 tc3_iv[] = {
66  0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
67  0xde, 0xca, 0xf8, 0x88
68 };
69 
70 static u8 tc3_plaintext[] = {
71  0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
72  0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
73  0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
74  0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
75  0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
76  0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
77  0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
78  0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
79 };
80 
81 static u8 tc3_ciphertext128[] = {
82  0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
83  0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
84  0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
85  0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
86  0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
87  0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
88  0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
89  0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85
90 };
91 
92 static u8 tc3_tag128[] = {
93  0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
94  0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4
95 };
96 
97 static u8 tc3_key256[] = {
98  0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
99  0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
100  0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
101  0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
102 };
103 
104 static u8 tc3_ciphertext256[] = {
105  0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
106  0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
107  0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
108  0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
109  0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
110  0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
111  0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
112  0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
113 };
114 
115 static u8 tc3_tag256[] = {
116  0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
117  0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c
118 };
119 
120 static u8 tc4_plaintext[] = {
121  0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
122  0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
123  0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
124  0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
125  0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
126  0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
127  0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
128  0xba, 0x63, 0x7b, 0x39,
129 };
130 
131 static u8 tc4_aad[] = {
132  0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
133  0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
134  0xab, 0xad, 0xda, 0xd2
135 };
136 
137 static u8 tc4_ciphertext128[] = {
138  0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
139  0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
140  0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
141  0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
142  0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
143  0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
144  0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
145  0x3d, 0x58, 0xe0, 0x91
146 };
147 
148 static u8 tc4_tag[] = {
149  0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
150  0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47
151 };
152 
153 static u8 tc4_ciphertext256[] = {
154  0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
155  0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
156  0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
157  0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
158  0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
159  0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
160  0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
161  0xbc, 0xc9, 0xf6, 0x62
162 };
163 
164 static u8 tc4_tag256[] = {
165  0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
166  0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
167 };
168 
169 /* *INDENT-OFF* */
170 UNITTEST_REGISTER_CRYPTO_TEST (aes_gcm128_tc1) = {
171  .name = "128-GCM Spec. TC1",
172  .alg = VNET_CRYPTO_ALG_AES_128_GCM,
173  .iv = TEST_DATA (tc1_iv),
174  .key = TEST_DATA (tc1_key128),
175  .tag = TEST_DATA (tc1_tag128),
176 };
177 
178 UNITTEST_REGISTER_CRYPTO_TEST (aes_gcm256_tc1) = {
179  .name = "256-GCM Spec. TC1",
180  .alg = VNET_CRYPTO_ALG_AES_256_GCM,
181  .key = TEST_DATA (tc1_key256),
182  .iv = TEST_DATA (tc1_iv),
183  .tag = TEST_DATA (tc1_tag256),
184 };
185 
186 UNITTEST_REGISTER_CRYPTO_TEST (aes_gcm128_tc2) = {
187  .name = "128-GCM Spec. TC2",
188  .alg = VNET_CRYPTO_ALG_AES_128_GCM,
189  .iv = TEST_DATA (tc1_iv),
190  .key = TEST_DATA (tc1_key128),
191  .plaintext = TEST_DATA (tc2_plaintext),
192  .ciphertext = TEST_DATA (tc2_ciphertext),
193  .tag = TEST_DATA (tc2_tag),
194 };
195 
196 UNITTEST_REGISTER_CRYPTO_TEST (aes_gcm256_tc2) = {
197  .name = "256-GCM Spec. TC2",
198  .alg = VNET_CRYPTO_ALG_AES_256_GCM,
199  .iv = TEST_DATA (tc1_iv),
200  .key = TEST_DATA (tc1_key256),
201  .plaintext = TEST_DATA(tc2_plaintext),
202  .ciphertext = TEST_DATA(tc2_ciphertext256),
203  .tag = TEST_DATA (tc2_tag256),
204 };
205 
206 UNITTEST_REGISTER_CRYPTO_TEST (aes_gcm128_tc3) = {
207  .name = "128-GCM Spec. TC3",
208  .alg = VNET_CRYPTO_ALG_AES_128_GCM,
209  .iv = TEST_DATA (tc3_iv),
210  .key = TEST_DATA (tc3_key128),
211  .plaintext = TEST_DATA (tc3_plaintext),
212  .ciphertext = TEST_DATA (tc3_ciphertext128),
213  .tag = TEST_DATA (tc3_tag128),
214 };
215 
216 UNITTEST_REGISTER_CRYPTO_TEST (aes_gcm256_tc3) = {
217  .name = "256-GCM Spec. TC3",
218  .alg = VNET_CRYPTO_ALG_AES_256_GCM,
219  .iv = TEST_DATA (tc3_iv),
220  .key = TEST_DATA (tc3_key256),
221  .plaintext = TEST_DATA(tc3_plaintext),
222  .ciphertext = TEST_DATA(tc3_ciphertext256),
223  .tag = TEST_DATA (tc3_tag256),
224 };
225 
226 UNITTEST_REGISTER_CRYPTO_TEST (aes_gcm128_tc4) = {
227  .name = "128-GCM Spec. TC4",
228  .alg = VNET_CRYPTO_ALG_AES_128_GCM,
229  .iv = TEST_DATA (tc3_iv),
230  .key = TEST_DATA (tc3_key128),
231  .plaintext = TEST_DATA (tc4_plaintext),
232  .ciphertext = TEST_DATA (tc4_ciphertext128),
233  .aad = TEST_DATA (tc4_aad),
234  .tag = TEST_DATA (tc4_tag),
235 };
236 
237 UNITTEST_REGISTER_CRYPTO_TEST (aes_gcm256_tc4) = {
238  .name = "256-GCM Spec. TC4",
239  .alg = VNET_CRYPTO_ALG_AES_256_GCM,
240  .iv = TEST_DATA (tc3_iv),
241  .key = TEST_DATA (tc3_key256),
242  .plaintext = TEST_DATA(tc4_plaintext),
243  .ciphertext = TEST_DATA(tc4_ciphertext256),
244  .aad = TEST_DATA(tc4_aad),
245  .tag = TEST_DATA (tc4_tag256),
246 };
247 
248 UNITTEST_REGISTER_CRYPTO_TEST (aes_gcm256_tc4_chain) = {
249  .name = "256-GCM Spec. TC4 [chained]",
250  .alg = VNET_CRYPTO_ALG_AES_256_GCM,
251  .iv = TEST_DATA (tc3_iv),
252  .key = TEST_DATA (tc3_key256),
253  .aad = TEST_DATA(tc4_aad),
254  .tag = TEST_DATA (tc4_tag256),
255  .is_chained = 1,
256  .pt_chunks = {
258  TEST_DATA_CHUNK (tc4_plaintext, 20, 20),
259  TEST_DATA_CHUNK (tc4_plaintext, 40, 20),
260  },
261  .ct_chunks = {
265  },
266 };
267 
268 UNITTEST_REGISTER_CRYPTO_TEST (aes_gcm256_inc_1024) = {
269  .name = "256-GCM (incr 1024 B)",
270  .alg = VNET_CRYPTO_ALG_AES_256_GCM,
271  .plaintext_incremental = 1024,
272  .key.length = 32,
273  .aad.length = 20,
274  .tag.length = 16,
275 };
276 
277 UNITTEST_REGISTER_CRYPTO_TEST (aes_gcm256_inc1) = {
278  .name = "256-GCM (incr 1056 B)",
279  .alg = VNET_CRYPTO_ALG_AES_256_GCM,
280  .plaintext_incremental = 1024 + 32,
281  .key.length = 32,
282  .aad.length = 20,
283  .tag.length = 16,
284 };
285 
286 UNITTEST_REGISTER_CRYPTO_TEST (aes_gcm256_inc2) = {
287  .name = "256-GCM (incr 1042 B)",
288  .alg = VNET_CRYPTO_ALG_AES_256_GCM,
289  .plaintext_incremental = 1024 + 8,
290  .key.length = 32,
291  .aad.length = 20,
292  .tag.length = 16,
293 };
294 
295 UNITTEST_REGISTER_CRYPTO_TEST (aes_gcm256_inc3) = {
296  .name = "256-GCM (incr 1025 B)",
297  .alg = VNET_CRYPTO_ALG_AES_256_GCM,
298  .plaintext_incremental = 1024 + 1,
299  .key.length = 32,
300  .aad.length = 20,
301  .tag.length = 16,
302 };
303 
304 UNITTEST_REGISTER_CRYPTO_TEST (aes_gcm256_inc4) = {
305  .name = "256-GCM (incr 1009 B)",
306  .alg = VNET_CRYPTO_ALG_AES_256_GCM,
307  .plaintext_incremental = 1024 - 15,
308  .key.length = 32,
309  .aad.length = 20,
310  .tag.length = 16,
311 };
312 
313 UNITTEST_REGISTER_CRYPTO_TEST (aes_gcm256_inc5) = {
314  .name = "256-GCM (incr 1008)",
315  .alg = VNET_CRYPTO_ALG_AES_256_GCM,
316  .plaintext_incremental = 1024 - 16,
317  .key.length = 32,
318  .aad.length = 20,
319  .tag.length = 16,
320 };
321 /* *INDENT-ON* */
322 
323 /*
324  * fd.io coding-style-patch-verification: ON
325  *
326  * Local Variables:
327  * eval: (c-set-style "gnu")
328  * End:
329  */
tc4_plaintext
static u8 tc4_plaintext[]
Definition: aes_gcm.c:120
crypto.h
tc1_iv
static u8 tc1_iv[12]
Definition: aes_gcm.c:24
tc3_ciphertext128
static u8 tc3_ciphertext128[]
Definition: aes_gcm.c:81
tc4_ciphertext256
static u8 tc4_ciphertext256[]
Definition: aes_gcm.c:153
clib.h
tc2_ciphertext256
static u8 tc2_ciphertext256[]
Definition: aes_gcm.c:38
tc3_iv
static u8 tc3_iv[]
Definition: aes_gcm.c:65
tc2_tag256
static u8 tc2_tag256[]
Definition: aes_gcm.c:43
tc2_plaintext
static u8 tc2_plaintext[16]
Definition: aes_gcm.c:48
tc2_ciphertext
static u8 tc2_ciphertext[]
Definition: aes_gcm.c:55
tc4_tag256
static u8 tc4_tag256[]
Definition: aes_gcm.c:164
tc1_key128
static u8 tc1_key128[16]
Definition: aes_gcm.c:22
tc1_key256
static u8 tc1_key256[32]
Definition: aes_gcm.c:31
UNITTEST_REGISTER_CRYPTO_TEST
UNITTEST_REGISTER_CRYPTO_TEST(aes_gcm128_tc1)
tc1_tag128
static u8 tc1_tag128[]
Definition: aes_gcm.c:26
tc1_tag256
static u8 tc1_tag256[]
Definition: aes_gcm.c:33
tc3_tag256
static u8 tc3_tag256[]
Definition: aes_gcm.c:115
tc4_aad
static u8 tc4_aad[]
Definition: aes_gcm.c:131
tc3_ciphertext256
static u8 tc3_ciphertext256[]
Definition: aes_gcm.c:104
tc3_key256
static u8 tc3_key256[]
Definition: aes_gcm.c:97
crypto.h
u8
unsigned char u8
Definition: types.h:56
tc3_key128
static u8 tc3_key128[]
Definition: aes_gcm.c:60
TEST_DATA
#define TEST_DATA(n)
Definition: crypto.h:63
tc3_tag128
static u8 tc3_tag128[]
Definition: aes_gcm.c:92
tc3_plaintext
static u8 tc3_plaintext[]
Definition: aes_gcm.c:70
tc4_tag
static u8 tc4_tag[]
Definition: aes_gcm.c:148
tc2_tag
static u8 tc2_tag[]
Definition: aes_gcm.c:50
tc4_ciphertext128
static u8 tc4_ciphertext128[]
Definition: aes_gcm.c:137
TEST_DATA_CHUNK
#define TEST_DATA_CHUNK(s, off, n)
Definition: crypto.h:64