summaryrefslogtreecommitdiff
path: root/src/lib/libssl/test/igetest.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/test/igetest.c')
-rw-r--r--src/lib/libssl/test/igetest.c503
1 files changed, 503 insertions, 0 deletions
diff --git a/src/lib/libssl/test/igetest.c b/src/lib/libssl/test/igetest.c
new file mode 100644
index 0000000000..1ba900244d
--- /dev/null
+++ b/src/lib/libssl/test/igetest.c
@@ -0,0 +1,503 @@
1/* test/igetest.c -*- mode:C; c-file-style: "eay" -*- */
2/* ====================================================================
3 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 */
51
52#include <openssl/aes.h>
53#include <openssl/rand.h>
54#include <stdio.h>
55#include <string.h>
56#include <assert.h>
57
58#define TEST_SIZE 128
59#define BIG_TEST_SIZE 10240
60
61static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
62 {
63 int n=0;
64
65 fprintf(f,"%s",title);
66 for( ; n < l ; ++n)
67 {
68 if((n%16) == 0)
69 fprintf(f,"\n%04x",n);
70 fprintf(f," %02x",s[n]);
71 }
72 fprintf(f,"\n");
73 }
74
75#define MAX_VECTOR_SIZE 64
76
77struct ige_test
78 {
79 const unsigned char key[16];
80 const unsigned char iv[32];
81 const unsigned char in[MAX_VECTOR_SIZE];
82 const unsigned char out[MAX_VECTOR_SIZE];
83 const size_t length;
84 const int encrypt;
85 };
86
87static struct ige_test const ige_test_vectors[] = {
88{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
89 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key */
90 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
91 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
92 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
93 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* iv */
94 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
95 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
96 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
97 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */
98 { 0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52,
99 0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45,
100 0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3,
101 0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb }, /* out */
102 32, AES_ENCRYPT }, /* test vector 0 */
103
104{ { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
105 0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65 }, /* key */
106 { 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f,
107 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45,
108 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f,
109 0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53 }, /* iv */
110 { 0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73,
111 0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65,
112 0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74,
113 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a }, /* in */
114 { 0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13,
115 0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a,
116 0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34,
117 0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b }, /* out */
118 32, AES_DECRYPT }, /* test vector 1 */
119};
120
121struct bi_ige_test
122 {
123 const unsigned char key1[32];
124 const unsigned char key2[32];
125 const unsigned char iv[64];
126 const unsigned char in[MAX_VECTOR_SIZE];
127 const unsigned char out[MAX_VECTOR_SIZE];
128 const size_t keysize;
129 const size_t length;
130 const int encrypt;
131 };
132
133static struct bi_ige_test const bi_ige_test_vectors[] = {
134{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
135 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key1 */
136 { 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
137 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* key2 */
138 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
139 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
140 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
141 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
142 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
143 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
144 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
145 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f }, /* iv */
146 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
147 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
148 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
149 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */
150 { 0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56,
151 0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc,
152 0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16,
153 0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12 }, /* out */
154 16, 32, AES_ENCRYPT }, /* test vector 0 */
155{ { 0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c,
156 0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a,
157 0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75,
158 0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37 }, /* key1 */
159 { 0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13,
160 0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74,
161 0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21,
162 0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4 }, /* key2 */
163 { 0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9,
164 0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70,
165 0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42,
166 0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67,
167 0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a,
168 0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20,
169 0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd,
170 0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3 }, /* iv */
171 { 0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c,
172 0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0,
173 0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f,
174 0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b,
175 0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52,
176 0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a,
177 0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c,
178 0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */
179 { 0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23,
180 0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79,
181 0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf,
182 0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92,
183 0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51,
184 0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67,
185 0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76,
186 0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */
187 32, 64, AES_ENCRYPT }, /* test vector 1 */
188
189};
190
191static int run_test_vectors(void)
192 {
193 unsigned int n;
194 int errs = 0;
195
196 for(n=0 ; n < sizeof(ige_test_vectors)/sizeof(ige_test_vectors[0]) ; ++n)
197 {
198 const struct ige_test * const v = &ige_test_vectors[n];
199 AES_KEY key;
200 unsigned char buf[MAX_VECTOR_SIZE];
201 unsigned char iv[AES_BLOCK_SIZE*2];
202
203 assert(v->length <= MAX_VECTOR_SIZE);
204
205 if(v->encrypt == AES_ENCRYPT)
206 AES_set_encrypt_key(v->key, 8*sizeof v->key, &key);
207 else
208 AES_set_decrypt_key(v->key, 8*sizeof v->key, &key);
209 memcpy(iv, v->iv, sizeof iv);
210 AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt);
211
212 if(memcmp(v->out, buf, v->length))
213 {
214 printf("IGE test vector %d failed\n", n);
215 hexdump(stdout, "key", v->key, sizeof v->key);
216 hexdump(stdout, "iv", v->iv, sizeof v->iv);
217 hexdump(stdout, "in", v->in, v->length);
218 hexdump(stdout, "expected", v->out, v->length);
219 hexdump(stdout, "got", buf, v->length);
220
221 ++errs;
222 }
223
224 /* try with in == out */
225 memcpy(iv, v->iv, sizeof iv);
226 memcpy(buf, v->in, v->length);
227 AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt);
228
229 if(memcmp(v->out, buf, v->length))
230 {
231 printf("IGE test vector %d failed (with in == out)\n", n);
232 hexdump(stdout, "key", v->key, sizeof v->key);
233 hexdump(stdout, "iv", v->iv, sizeof v->iv);
234 hexdump(stdout, "in", v->in, v->length);
235 hexdump(stdout, "expected", v->out, v->length);
236 hexdump(stdout, "got", buf, v->length);
237
238 ++errs;
239 }
240 }
241
242 for(n=0 ; n < sizeof(bi_ige_test_vectors)/sizeof(bi_ige_test_vectors[0])
243 ; ++n)
244 {
245 const struct bi_ige_test * const v = &bi_ige_test_vectors[n];
246 AES_KEY key1;
247 AES_KEY key2;
248 unsigned char buf[MAX_VECTOR_SIZE];
249
250 assert(v->length <= MAX_VECTOR_SIZE);
251
252 if(v->encrypt == AES_ENCRYPT)
253 {
254 AES_set_encrypt_key(v->key1, 8*v->keysize, &key1);
255 AES_set_encrypt_key(v->key2, 8*v->keysize, &key2);
256 }
257 else
258 {
259 AES_set_decrypt_key(v->key1, 8*v->keysize, &key1);
260 AES_set_decrypt_key(v->key2, 8*v->keysize, &key2);
261 }
262
263 AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv,
264 v->encrypt);
265
266 if(memcmp(v->out, buf, v->length))
267 {
268 printf("Bidirectional IGE test vector %d failed\n", n);
269 hexdump(stdout, "key 1", v->key1, sizeof v->key1);
270 hexdump(stdout, "key 2", v->key2, sizeof v->key2);
271 hexdump(stdout, "iv", v->iv, sizeof v->iv);
272 hexdump(stdout, "in", v->in, v->length);
273 hexdump(stdout, "expected", v->out, v->length);
274 hexdump(stdout, "got", buf, v->length);
275
276 ++errs;
277 }
278 }
279
280 return errs;
281 }
282
283int main(int argc, char **argv)
284 {
285 unsigned char rkey[16];
286 unsigned char rkey2[16];
287 AES_KEY key;
288 AES_KEY key2;
289 unsigned char plaintext[BIG_TEST_SIZE];
290 unsigned char ciphertext[BIG_TEST_SIZE];
291 unsigned char checktext[BIG_TEST_SIZE];
292 unsigned char iv[AES_BLOCK_SIZE*4];
293 unsigned char saved_iv[AES_BLOCK_SIZE*4];
294 int err = 0;
295 unsigned int n;
296 unsigned matches;
297
298 assert(BIG_TEST_SIZE >= TEST_SIZE);
299
300 RAND_pseudo_bytes(rkey, sizeof rkey);
301 RAND_pseudo_bytes(plaintext, sizeof plaintext);
302 RAND_pseudo_bytes(iv, sizeof iv);
303 memcpy(saved_iv, iv, sizeof saved_iv);
304
305 /* Forward IGE only... */
306
307 /* Straight encrypt/decrypt */
308 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
309 AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv,
310 AES_ENCRYPT);
311
312 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
313 memcpy(iv, saved_iv, sizeof iv);
314 AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv,
315 AES_DECRYPT);
316
317 if(memcmp(checktext, plaintext, TEST_SIZE))
318 {
319 printf("Encrypt+decrypt doesn't match\n");
320 hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
321 hexdump(stdout, "Checktext", checktext, TEST_SIZE);
322 ++err;
323 }
324
325 /* Now check encrypt chaining works */
326 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
327 memcpy(iv, saved_iv, sizeof iv);
328 AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE/2, &key, iv,
329 AES_ENCRYPT);
330 AES_ige_encrypt(plaintext+TEST_SIZE/2,
331 ciphertext+TEST_SIZE/2, TEST_SIZE/2,
332 &key, iv, AES_ENCRYPT);
333
334 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
335 memcpy(iv, saved_iv, sizeof iv);
336 AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv,
337 AES_DECRYPT);
338
339 if(memcmp(checktext, plaintext, TEST_SIZE))
340 {
341 printf("Chained encrypt+decrypt doesn't match\n");
342 hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
343 hexdump(stdout, "Checktext", checktext, TEST_SIZE);
344 ++err;
345 }
346
347 /* And check decrypt chaining */
348 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
349 memcpy(iv, saved_iv, sizeof iv);
350 AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE/2, &key, iv,
351 AES_ENCRYPT);
352 AES_ige_encrypt(plaintext+TEST_SIZE/2,
353 ciphertext+TEST_SIZE/2, TEST_SIZE/2,
354 &key, iv, AES_ENCRYPT);
355
356 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
357 memcpy(iv, saved_iv, sizeof iv);
358 AES_ige_encrypt(ciphertext, checktext, TEST_SIZE/2, &key, iv,
359 AES_DECRYPT);
360 AES_ige_encrypt(ciphertext+TEST_SIZE/2,
361 checktext+TEST_SIZE/2, TEST_SIZE/2, &key, iv,
362 AES_DECRYPT);
363
364 if(memcmp(checktext, plaintext, TEST_SIZE))
365 {
366 printf("Chained encrypt+chained decrypt doesn't match\n");
367 hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
368 hexdump(stdout, "Checktext", checktext, TEST_SIZE);
369 ++err;
370 }
371
372 /* make sure garble extends forwards only */
373 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
374 memcpy(iv, saved_iv, sizeof iv);
375 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
376 AES_ENCRYPT);
377
378 /* corrupt halfway through */
379 ++ciphertext[sizeof ciphertext/2];
380 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
381 memcpy(iv, saved_iv, sizeof iv);
382 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
383 AES_DECRYPT);
384
385 matches=0;
386 for(n=0 ; n < sizeof checktext ; ++n)
387 if(checktext[n] == plaintext[n])
388 ++matches;
389
390 if(matches > sizeof checktext/2+sizeof checktext/100)
391 {
392 printf("More than 51%% matches after garbling\n");
393 ++err;
394 }
395
396 if(matches < sizeof checktext/2)
397 {
398 printf("Garble extends backwards!\n");
399 ++err;
400 }
401
402 /* Bi-directional IGE */
403
404 /* Note that we don't have to recover the IV, because chaining isn't */
405 /* possible with biIGE, so the IV is not updated. */
406
407 RAND_pseudo_bytes(rkey2, sizeof rkey2);
408
409 /* Straight encrypt/decrypt */
410 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
411 AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
412 AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv,
413 AES_ENCRYPT);
414
415 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
416 AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
417 AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv,
418 AES_DECRYPT);
419
420 if(memcmp(checktext, plaintext, TEST_SIZE))
421 {
422 printf("Encrypt+decrypt doesn't match\n");
423 hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
424 hexdump(stdout, "Checktext", checktext, TEST_SIZE);
425 ++err;
426 }
427
428 /* make sure garble extends both ways */
429 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
430 AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
431 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
432 AES_ENCRYPT);
433
434 /* corrupt halfway through */
435 ++ciphertext[sizeof ciphertext/2];
436 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
437 AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
438 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
439 AES_DECRYPT);
440
441 matches=0;
442 for(n=0 ; n < sizeof checktext ; ++n)
443 if(checktext[n] == plaintext[n])
444 ++matches;
445
446 if(matches > sizeof checktext/100)
447 {
448 printf("More than 1%% matches after bidirectional garbling\n");
449 ++err;
450 }
451
452 /* make sure garble extends both ways (2) */
453 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
454 AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
455 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
456 AES_ENCRYPT);
457
458 /* corrupt right at the end */
459 ++ciphertext[sizeof ciphertext-1];
460 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
461 AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
462 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
463 AES_DECRYPT);
464
465 matches=0;
466 for(n=0 ; n < sizeof checktext ; ++n)
467 if(checktext[n] == plaintext[n])
468 ++matches;
469
470 if(matches > sizeof checktext/100)
471 {
472 printf("More than 1%% matches after bidirectional garbling (2)\n");
473 ++err;
474 }
475
476 /* make sure garble extends both ways (3) */
477 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
478 AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
479 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
480 AES_ENCRYPT);
481
482 /* corrupt right at the start */
483 ++ciphertext[0];
484 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
485 AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
486 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
487 AES_DECRYPT);
488
489 matches=0;
490 for(n=0 ; n < sizeof checktext ; ++n)
491 if(checktext[n] == plaintext[n])
492 ++matches;
493
494 if(matches > sizeof checktext/100)
495 {
496 printf("More than 1%% matches after bidirectional garbling (3)\n");
497 ++err;
498 }
499
500 err += run_test_vectors();
501
502 return err;
503 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 13:06:24 +0000