summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/regress/lib/libcrypto/aes/aes_test.c185
1 files changed, 183 insertions, 2 deletions
diff --git a/src/regress/lib/libcrypto/aes/aes_test.c b/src/regress/lib/libcrypto/aes/aes_test.c
index 564fadb01c..8d5947a031 100644
--- a/src/regress/lib/libcrypto/aes/aes_test.c
+++ b/src/regress/lib/libcrypto/aes/aes_test.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: aes_test.c,v 1.4 2025/06/03 08:19:29 kenjiro Exp $ */ 1/* $OpenBSD: aes_test.c,v 1.5 2025/07/05 14:32:47 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2022 Joshua Sing <joshua@hypera.dev> 3 * Copyright (c) 2022 Joshua Sing <joshua@hypera.dev>
4 * 4 *
@@ -524,6 +524,161 @@ static const struct aes_test aes_tests[] = {
524 }, 524 },
525 .out_len = 64, 525 .out_len = 64,
526 }, 526 },
527
528 /* XTS128 - Test vectors from NIST SP 800-38A */
529 {
530 /* XTSGenAES128 1 */
531 .mode = NID_aes_128_xts,
532 .key = {
533 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
534 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
535 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
536 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f,
537 },
538 .iv = {
539 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
540 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5,
541 },
542 .iv_len = 16,
543 .in = {
544 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
545 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
546 },
547 .in_len = 16,
548 .out = {
549 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
550 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63,
551 },
552 .out_len = 16,
553 },
554 {
555 /* XTSGenAES128 385 */
556 .mode = NID_aes_128_xts,
557 .key = {
558 0xb8, 0xdb, 0x0b, 0x9e, 0x63, 0xf5, 0xf0, 0xe6,
559 0x60, 0x97, 0x98, 0xa6, 0xcb, 0x42, 0xbb, 0x5b,
560 0x5d, 0x71, 0x39, 0xbb, 0x95, 0x57, 0x99, 0xf5,
561 0x2a, 0x7c, 0x58, 0x1f, 0x84, 0x63, 0x31, 0x76,
562 },
563 .iv = {
564 0x8d, 0x46, 0xf9, 0x67, 0x01, 0x16, 0x7a, 0x1d,
565 0x77, 0xcd, 0x1e, 0x44, 0xda, 0x92, 0xf3, 0xa8,
566 },
567 .iv_len = 16,
568 .in = {
569 0xb4, 0x64, 0x4d, 0xc1, 0xb3, 0x8d, 0xd5, 0x98,
570 0xca, 0x84, 0x0a, 0x82, 0xd4, 0xd9, 0xc0, 0x65,
571 0x67, 0x23, 0xb1, 0x58, 0x01, 0xaa, 0x18, 0xe6,
572 0x6e,
573 },
574 .in_len = 25,
575 .out = {
576 0x09, 0x28, 0x8c, 0xf5, 0x1f, 0x1e, 0xb4, 0xad,
577 0xb8, 0x54, 0x23, 0xd0, 0xe0, 0xd6, 0xe9, 0x58,
578 0x18, 0x87, 0x06, 0xaf, 0x26, 0x0e, 0x24, 0x67,
579 0x4e,
580 },
581 .out_len = 25,
582 },
583 {
584 /* XTSGenAES128 404 */
585 .mode = NID_aes_128_xts,
586 .key = {
587 0xbe, 0x5c, 0xf1, 0xf9, 0x9d, 0x51, 0x59, 0xf2,
588 0x11, 0xdb, 0xc4, 0xc1, 0x47, 0xf7, 0x9c, 0x55,
589 0x6b, 0x2d, 0xa5, 0xc6, 0x91, 0xde, 0xed, 0x74,
590 0x0d, 0x01, 0x57, 0xea, 0xb8, 0xc9, 0xc8, 0x9a,
591 },
592 .iv = {
593 0x89, 0x24, 0x86, 0x24, 0xb6, 0x96, 0xcf, 0x9c,
594 0xb1, 0xb5, 0x77, 0x9c, 0xdc, 0xbc, 0xfe, 0x1c,
595 },
596 .iv_len = 16,
597 .in = {
598 0x3b, 0x80, 0xf8, 0x22, 0xc4, 0xee, 0xe1, 0x31,
599 0x3f, 0x79, 0xca, 0x3d, 0xb1, 0x34, 0xd9, 0xca,
600 0x8b, 0x09, 0xa3, 0x53, 0x4d, 0x4e, 0x18, 0xe6,
601 0x43, 0x9e, 0x1c, 0xdb, 0x86, 0x18, 0x2a, 0x4f,
602 },
603 .in_len = 32,
604 .out = {
605 0x4b, 0x6a, 0xf4, 0x3a, 0x88, 0xb6, 0x33, 0xeb,
606 0xd1, 0xe1, 0x27, 0xc1, 0xec, 0x90, 0xcc, 0x47,
607 0xa2, 0xf1, 0x6e, 0x3b, 0xc7, 0x9f, 0x88, 0x45,
608 0xe3, 0xbd, 0x00, 0x25, 0xda, 0x87, 0x26, 0x45,
609 },
610 .out_len = 32,
611 },
612 {
613 /* XTSGenAES256 1 */
614 .mode = NID_aes_256_xts,
615 .key = {
616 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
617 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
618 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
619 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
620 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
621 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
622 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58,
623 0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08,
624 },
625 .iv = {
626 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2,
627 0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64,
628 },
629 .iv_len = 16,
630 .in = {
631 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1,
632 0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64,
633 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
634 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e,
635 },
636 .in_len = 32,
637 .out = {
638 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5,
639 0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13,
640 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
641 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb,
642 },
643 .out_len = 32,
644 },
645 {
646 /* XTSGenAES256 172 */
647 .mode = NID_aes_256_xts,
648 .key= {
649 0x5c, 0x7f, 0x7a, 0x36, 0x08, 0x01, 0x78, 0x43,
650 0x00, 0x83, 0xff, 0x54, 0x92, 0xef, 0x77, 0x26,
651 0x0f, 0x68, 0x0a, 0x15, 0xa7, 0x66, 0x24, 0xb8,
652 0x9e, 0x85, 0x4c, 0x94, 0xf0, 0x48, 0x8a, 0x9e,
653 0x7d, 0xaa, 0x4f, 0x33, 0x01, 0x1f, 0x91, 0xdf,
654 0x5e, 0x33, 0x80, 0x53, 0xf4, 0x6c, 0xee, 0x65,
655 0x0f, 0xb0, 0xee, 0x69, 0xf8, 0xc2, 0x15, 0x75,
656 0x5a, 0x4a, 0x63, 0xcd, 0x42, 0x28, 0xc2, 0x19,
657 },
658 .iv = {
659 0xa4, 0x01, 0xd7, 0x3c, 0x88, 0x75, 0xe7, 0x59,
660 0xaa, 0x3e, 0xef, 0x53, 0xe0, 0xfb, 0x62, 0x63,
661 },
662 .iv_len = 16,
663 .in = {
664 0xb1, 0xe6, 0x29, 0xa6, 0x2a, 0x03, 0xca, 0x96,
665 0x9b, 0x16, 0x91, 0x52, 0x02, 0xbc, 0xaa, 0x09,
666 0xe7, 0x8a, 0xe1, 0x85, 0x1b, 0xc8, 0x85, 0x81,
667 0x16, 0x49, 0x68, 0xa5, 0x65, 0x6c, 0x82, 0xc0,
668 0xe5, 0xc4, 0x03, 0xba, 0x54, 0xb9, 0xb5, 0xed,
669 0x9b, 0xab, 0xe8, 0xb0, 0x75, 0x1d, 0x1b, 0x34,
670 },
671 .in_len = 48,
672 .out = {
673 0xf5, 0xbc, 0xa6, 0x0f, 0xb9, 0x35, 0x2b, 0x1d,
674 0xe0, 0x4d, 0x71, 0x29, 0x40, 0x56, 0x26, 0xb3,
675 0xa4, 0x74, 0xa2, 0x64, 0xfb, 0xac, 0x2d, 0x6b,
676 0xe1, 0x19, 0xe1, 0xd5, 0x7a, 0xa9, 0x98, 0xd0,
677 0xe0, 0xe4, 0xd9, 0xf9, 0xc9, 0x76, 0x21, 0x0d,
678 0x93, 0xc4, 0x65, 0xa3, 0xe3, 0x60, 0xcd, 0x92,
679 },
680 .out_len = 48,
681 },
527}; 682};
528 683
529#define N_AES_TESTS (sizeof(aes_tests) / sizeof(aes_tests[0])) 684#define N_AES_TESTS (sizeof(aes_tests) / sizeof(aes_tests[0]))
@@ -751,6 +906,10 @@ aes_evp_test(size_t test_number, const struct aes_test *at, const char *label,
751 if (in_len > at->in_len - i) 906 if (in_len > at->in_len - i)
752 in_len = at->in_len - i; 907 in_len = at->in_len - i;
753 908
909 /* XTS needs to be single shot. */
910 if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_XTS_MODE)
911 in_len = at->in_len;
912
754 if (!EVP_EncryptUpdate(ctx, out + total_len, &out_len, 913 if (!EVP_EncryptUpdate(ctx, out + total_len, &out_len,
755 at->in + i, in_len)) { 914 at->in + i, in_len)) {
756 fprintf(stderr, 915 fprintf(stderr,
@@ -817,6 +976,10 @@ aes_evp_test(size_t test_number, const struct aes_test *at, const char *label,
817 if (in_len > at->out_len - i) 976 if (in_len > at->out_len - i)
818 in_len = at->out_len - i; 977 in_len = at->out_len - i;
819 978
979 /* XTS needs to be single shot. */
980 if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_XTS_MODE)
981 in_len = at->in_len;
982
820 if (!EVP_DecryptUpdate(ctx, out + total_len, &out_len, 983 if (!EVP_DecryptUpdate(ctx, out + total_len, &out_len,
821 at->out + i, in_len)) { 984 at->out + i, in_len)) {
822 fprintf(stderr, 985 fprintf(stderr,
@@ -983,6 +1146,16 @@ aes_cipher_from_nid(int nid, const char **out_label,
983 *out_cipher = EVP_aes_256_ccm(); 1146 *out_cipher = EVP_aes_256_ccm();
984 break; 1147 break;
985 1148
1149 /* XTS */
1150 case NID_aes_128_xts:
1151 *out_label = SN_aes_128_xts;
1152 *out_cipher = EVP_aes_128_xts();
1153 break;
1154 case NID_aes_256_xts:
1155 *out_label = SN_aes_256_xts;
1156 *out_cipher = EVP_aes_256_xts();
1157 break;
1158
986 /* Unknown */ 1159 /* Unknown */
987 default: 1160 default:
988 return 0; 1161 return 0;
@@ -1004,8 +1177,10 @@ aes_test(void)
1004 for (i = 0; i < N_AES_TESTS; i++) { 1177 for (i = 0; i < N_AES_TESTS; i++) {
1005 at = &aes_tests[i]; 1178 at = &aes_tests[i];
1006 key_bits = aes_key_bits_from_nid(at->mode); 1179 key_bits = aes_key_bits_from_nid(at->mode);
1007 if (!aes_cipher_from_nid(at->mode, &label, &cipher)) 1180 if (!aes_cipher_from_nid(at->mode, &label, &cipher)) {
1181 fprintf(stderr, "unknown cipher\n");
1008 goto failed; 1182 goto failed;
1183 }
1009 1184
1010 switch (at->mode) { 1185 switch (at->mode) {
1011 /* ECB */ 1186 /* ECB */
@@ -1054,6 +1229,12 @@ aes_test(void)
1054 /* CCM is EVP-only */ 1229 /* CCM is EVP-only */
1055 break; 1230 break;
1056 1231
1232 /* XTS */
1233 case NID_aes_128_xts:
1234 case NID_aes_256_xts:
1235 /* XTS is EVP-only */
1236 break;
1237
1057 /* Unknown */ 1238 /* Unknown */
1058 default: 1239 default:
1059 fprintf(stderr, "FAIL: unknown mode (%d)\n", 1240 fprintf(stderr, "FAIL: unknown mode (%d)\n",
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-13 04:24:08 +0000