[CRYPTO] gcm: Fix ICV handling

The crypto_aead convention for ICVs is to include it directly in the
output.  If we decided to change this in future then we would make
the ICV (if the algorithm has an explicit one) available in the
request itself.

For now no algorithm needs this so this patch changes gcm to conform
to this convention.  It also adjusts the tcrypt aead tests to take
this into account.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Herbert Xu 2007-12-04 19:17:50 +11:00
parent 8df213d9b5
commit 6160b28992
3 changed files with 113 additions and 129 deletions

View File

@ -36,6 +36,7 @@ struct crypto_gcm_ghash_ctx {
struct crypto_gcm_req_priv_ctx { struct crypto_gcm_req_priv_ctx {
u8 auth_tag[16]; u8 auth_tag[16];
u8 iauth_tag[16];
u8 counter[16]; u8 counter[16];
struct crypto_gcm_ghash_ctx ghash; struct crypto_gcm_ghash_ctx ghash;
}; };
@ -89,6 +90,9 @@ static void crypto_gcm_ghash_update_sg(struct crypto_gcm_ghash_ctx *ctx,
u8 *src; u8 *src;
int n; int n;
if (!len)
return;
scatterwalk_start(&walk, sg); scatterwalk_start(&walk, sg);
while (len) { while (len) {
@ -212,6 +216,7 @@ static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key,
static int crypto_gcm_init_crypt(struct ablkcipher_request *ablk_req, static int crypto_gcm_init_crypt(struct ablkcipher_request *ablk_req,
struct aead_request *req, struct aead_request *req,
unsigned int cryptlen,
void (*done)(struct crypto_async_request *, void (*done)(struct crypto_async_request *,
int)) int))
{ {
@ -228,7 +233,7 @@ static int crypto_gcm_init_crypt(struct ablkcipher_request *ablk_req,
ablkcipher_request_set_callback(ablk_req, aead_request_flags(req), ablkcipher_request_set_callback(ablk_req, aead_request_flags(req),
done, req); done, req);
ablkcipher_request_set_crypt(ablk_req, req->src, req->dst, ablkcipher_request_set_crypt(ablk_req, req->src, req->dst,
req->cryptlen, counter); cryptlen, counter);
err = crypto_gcm_encrypt_counter(aead, auth_tag, 0, req->iv); err = crypto_gcm_encrypt_counter(aead, auth_tag, 0, req->iv);
if (err) if (err)
@ -239,18 +244,16 @@ static int crypto_gcm_init_crypt(struct ablkcipher_request *ablk_req,
crypto_gcm_ghash_init(ghash, flags, ctx->gf128); crypto_gcm_ghash_init(ghash, flags, ctx->gf128);
if (req->assoclen) {
crypto_gcm_ghash_update_sg(ghash, req->assoc, req->assoclen); crypto_gcm_ghash_update_sg(ghash, req->assoc, req->assoclen);
crypto_gcm_ghash_flush(ghash); crypto_gcm_ghash_flush(ghash);
}
out: out:
return err; return err;
} }
static void crypto_gcm_encrypt_done(struct crypto_async_request *areq, int err) static int crypto_gcm_hash(struct aead_request *req)
{ {
struct aead_request *req = areq->data; struct crypto_aead *aead = crypto_aead_reqtfm(req);
struct crypto_gcm_req_priv_ctx *pctx = aead_request_ctx(req); struct crypto_gcm_req_priv_ctx *pctx = aead_request_ctx(req);
u8 *auth_tag = pctx->auth_tag; u8 *auth_tag = pctx->auth_tag;
struct crypto_gcm_ghash_ctx *ghash = &pctx->ghash; struct crypto_gcm_ghash_ctx *ghash = &pctx->ghash;
@ -259,18 +262,28 @@ static void crypto_gcm_encrypt_done(struct crypto_async_request *areq, int err)
crypto_gcm_ghash_final_xor(ghash, req->assoclen, req->cryptlen, crypto_gcm_ghash_final_xor(ghash, req->assoclen, req->cryptlen,
auth_tag); auth_tag);
scatterwalk_map_and_copy(auth_tag, req->dst, req->cryptlen,
crypto_aead_authsize(aead), 1);
return 0;
}
static void crypto_gcm_encrypt_done(struct crypto_async_request *areq, int err)
{
struct aead_request *req = areq->data;
if (!err)
err = crypto_gcm_hash(req);
aead_request_complete(req, err); aead_request_complete(req, err);
} }
static int crypto_gcm_encrypt(struct aead_request *req) static int crypto_gcm_encrypt(struct aead_request *req)
{ {
struct ablkcipher_request abreq; struct ablkcipher_request abreq;
struct crypto_gcm_req_priv_ctx *pctx = aead_request_ctx(req);
u8 *auth_tag = pctx->auth_tag;
struct crypto_gcm_ghash_ctx *ghash = &pctx->ghash;
int err = 0; int err = 0;
err = crypto_gcm_init_crypt(&abreq, req, crypto_gcm_encrypt_done); err = crypto_gcm_init_crypt(&abreq, req, req->cryptlen,
crypto_gcm_encrypt_done);
if (err) if (err)
return err; return err;
@ -278,14 +291,9 @@ static int crypto_gcm_encrypt(struct aead_request *req)
err = crypto_ablkcipher_encrypt(&abreq); err = crypto_ablkcipher_encrypt(&abreq);
if (err) if (err)
return err; return err;
crypto_gcm_ghash_update_sg(ghash, req->dst, req->cryptlen);
} }
crypto_gcm_ghash_final_xor(ghash, req->assoclen, req->cryptlen, return crypto_gcm_hash(req);
auth_tag);
return err;
} }
static void crypto_gcm_decrypt_done(struct crypto_async_request *areq, int err) static void crypto_gcm_decrypt_done(struct crypto_async_request *areq, int err)
@ -296,25 +304,29 @@ static void crypto_gcm_decrypt_done(struct crypto_async_request *areq, int err)
static int crypto_gcm_decrypt(struct aead_request *req) static int crypto_gcm_decrypt(struct aead_request *req)
{ {
struct ablkcipher_request abreq; struct ablkcipher_request abreq;
struct crypto_aead *aead = crypto_aead_reqtfm(req);
struct crypto_gcm_req_priv_ctx *pctx = aead_request_ctx(req); struct crypto_gcm_req_priv_ctx *pctx = aead_request_ctx(req);
u8 *auth_tag = pctx->auth_tag; u8 *auth_tag = pctx->auth_tag;
u8 *iauth_tag = pctx->iauth_tag;
struct crypto_gcm_ghash_ctx *ghash = &pctx->ghash; struct crypto_gcm_ghash_ctx *ghash = &pctx->ghash;
u8 tag[16]; unsigned int cryptlen = req->cryptlen;
unsigned int authsize = crypto_aead_authsize(aead);
int err; int err;
if (!req->cryptlen) if (cryptlen < authsize)
return -EINVAL; return -EINVAL;
cryptlen -= authsize;
memcpy(tag, auth_tag, 16); err = crypto_gcm_init_crypt(&abreq, req, cryptlen,
err = crypto_gcm_init_crypt(&abreq, req, crypto_gcm_decrypt_done); crypto_gcm_decrypt_done);
if (err) if (err)
return err; return err;
crypto_gcm_ghash_update_sg(ghash, req->src, req->cryptlen); crypto_gcm_ghash_update_sg(ghash, req->src, cryptlen);
crypto_gcm_ghash_final_xor(ghash, req->assoclen, req->cryptlen, crypto_gcm_ghash_final_xor(ghash, req->assoclen, cryptlen, auth_tag);
auth_tag);
if (memcmp(tag, auth_tag, 16)) scatterwalk_map_and_copy(iauth_tag, req->src, cryptlen, authsize, 0);
if (memcmp(iauth_tag, auth_tag, authsize))
return -EINVAL; return -EINVAL;
return crypto_ablkcipher_decrypt(&abreq); return crypto_ablkcipher_decrypt(&abreq);

View File

@ -235,6 +235,7 @@ static void test_aead(char *algo, int enc, struct aead_testvec *template,
struct scatterlist asg[8]; struct scatterlist asg[8];
const char *e; const char *e;
struct tcrypt_result result; struct tcrypt_result result;
unsigned int authsize;
if (enc == ENCRYPT) if (enc == ENCRYPT)
e = "encryption"; e = "encryption";
@ -265,6 +266,8 @@ static void test_aead(char *algo, int enc, struct aead_testvec *template,
return; return;
} }
authsize = crypto_aead_authsize(tfm);
req = aead_request_alloc(tfm, GFP_KERNEL); req = aead_request_alloc(tfm, GFP_KERNEL);
if (!req) { if (!req) {
printk(KERN_INFO "failed to allocate request for %s\n", algo); printk(KERN_INFO "failed to allocate request for %s\n", algo);
@ -296,7 +299,7 @@ static void test_aead(char *algo, int enc, struct aead_testvec *template,
} }
sg_init_one(&sg[0], aead_tv[i].input, sg_init_one(&sg[0], aead_tv[i].input,
aead_tv[i].ilen); aead_tv[i].ilen + (enc ? authsize : 0));
sg_init_one(&asg[0], aead_tv[i].assoc, sg_init_one(&asg[0], aead_tv[i].assoc,
aead_tv[i].alen); aead_tv[i].alen);
@ -307,13 +310,9 @@ static void test_aead(char *algo, int enc, struct aead_testvec *template,
aead_request_set_assoc(req, asg, aead_tv[i].alen); aead_request_set_assoc(req, asg, aead_tv[i].alen);
if (enc) { ret = enc ?
ret = crypto_aead_encrypt(req); crypto_aead_encrypt(req) :
} else { crypto_aead_decrypt(req);
memcpy(req->__ctx, aead_tv[i].tag,
aead_tv[i].tlen);
ret = crypto_aead_decrypt(req);
}
switch (ret) { switch (ret) {
case 0: case 0:
@ -335,16 +334,10 @@ static void test_aead(char *algo, int enc, struct aead_testvec *template,
q = kmap(sg_page(&sg[0])) + sg[0].offset; q = kmap(sg_page(&sg[0])) + sg[0].offset;
hexdump(q, aead_tv[i].rlen); hexdump(q, aead_tv[i].rlen);
printk(KERN_INFO "auth tag: ");
hexdump((unsigned char *)req->__ctx, aead_tv[i].tlen);
printk(KERN_INFO "enc/dec: %s\n", printk(KERN_INFO "enc/dec: %s\n",
memcmp(q, aead_tv[i].result, memcmp(q, aead_tv[i].result,
aead_tv[i].rlen) ? "fail" : "pass"); aead_tv[i].rlen) ? "fail" : "pass");
printk(KERN_INFO "auth tag: %s\n",
memcmp(req->__ctx, aead_tv[i].tag,
aead_tv[i].tlen) ? "fail" : "pass");
} }
} }
@ -381,6 +374,9 @@ static void test_aead(char *algo, int enc, struct aead_testvec *template,
aead_tv[i].tap[k]); aead_tv[i].tap[k]);
} }
if (enc)
sg[k - 1].length += authsize;
sg_init_table(asg, aead_tv[i].anp); sg_init_table(asg, aead_tv[i].anp);
for (k = 0, temp = 0; k < aead_tv[i].anp; k++) { for (k = 0, temp = 0; k < aead_tv[i].anp; k++) {
memcpy(&axbuf[IDX[k]], memcpy(&axbuf[IDX[k]],
@ -397,13 +393,9 @@ static void test_aead(char *algo, int enc, struct aead_testvec *template,
aead_request_set_assoc(req, asg, aead_tv[i].alen); aead_request_set_assoc(req, asg, aead_tv[i].alen);
if (enc) { ret = enc ?
ret = crypto_aead_encrypt(req); crypto_aead_encrypt(req) :
} else { crypto_aead_decrypt(req);
memcpy(req->__ctx, aead_tv[i].tag,
aead_tv[i].tlen);
ret = crypto_aead_decrypt(req);
}
switch (ret) { switch (ret) {
case 0: case 0:
@ -429,17 +421,13 @@ static void test_aead(char *algo, int enc, struct aead_testvec *template,
hexdump(q, aead_tv[i].tap[k]); hexdump(q, aead_tv[i].tap[k]);
printk(KERN_INFO "%s\n", printk(KERN_INFO "%s\n",
memcmp(q, aead_tv[i].result + temp, memcmp(q, aead_tv[i].result + temp,
aead_tv[i].tap[k]) ? aead_tv[i].tap[k] -
(k < aead_tv[i].np - 1 || enc ?
0 : authsize)) ?
"fail" : "pass"); "fail" : "pass");
temp += aead_tv[i].tap[k]; temp += aead_tv[i].tap[k];
} }
printk(KERN_INFO "auth tag: ");
hexdump((unsigned char *)req->__ctx, aead_tv[i].tlen);
printk(KERN_INFO "auth tag: %s\n",
memcmp(req->__ctx, aead_tv[i].tag,
aead_tv[i].tlen) ? "fail" : "pass");
} }
} }

View File

@ -60,7 +60,6 @@ struct aead_testvec {
char input[512]; char input[512];
char assoc[512]; char assoc[512];
char result[512]; char result[512];
char tag[128];
unsigned char tap[MAX_TAP]; unsigned char tap[MAX_TAP];
unsigned char atap[MAX_TAP]; unsigned char atap[MAX_TAP];
int np; int np;
@ -71,7 +70,6 @@ struct aead_testvec {
unsigned short ilen; unsigned short ilen;
unsigned short alen; unsigned short alen;
unsigned short rlen; unsigned short rlen;
unsigned short tlen;
}; };
struct cipher_speed { struct cipher_speed {
@ -4682,18 +4680,17 @@ static struct cipher_testvec aes_ctr_dec_tv_template[] = {
static struct aead_testvec aes_gcm_enc_tv_template[] = { static struct aead_testvec aes_gcm_enc_tv_template[] = {
{ /* From McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */ { /* From McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */
.klen = 16, .klen = 16,
.tag = { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, .result = { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a }, 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a },
.tlen = 16 .rlen = 16,
}, { }, {
.klen = 16, .klen = 16,
.ilen = 16, .ilen = 16,
.result = { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, .result = { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 }, 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78,
.rlen = 16, 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
.tag = { 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf }, 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf },
.tlen = 16 .rlen = 32,
}, { }, {
.key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 }, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
@ -4716,11 +4713,10 @@ static struct aead_testvec aes_gcm_enc_tv_template[] = {
0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 }, 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85,
.rlen = 64, 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
.tag = { 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 }, 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 },
.tlen = 16 .rlen = 80,
}, { }, {
.key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 }, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
@ -4747,25 +4743,23 @@ static struct aead_testvec aes_gcm_enc_tv_template[] = {
0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
0x3d, 0x58, 0xe0, 0x91 }, 0x3d, 0x58, 0xe0, 0x91,
.rlen = 60, 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
.tag = { 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 }, 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 },
.tlen = 16 .rlen = 76,
}, { }, {
.klen = 24, .klen = 24,
.tag = { 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b, .result = { 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 }, 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 },
.tlen = 16 .rlen = 16,
}, { }, {
.klen = 24, .klen = 24,
.ilen = 16, .ilen = 16,
.result = { 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41, .result = { 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 }, 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00,
.rlen = 16, 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
.tag = { 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb }, 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb },
.tlen = 16 .rlen = 32,
}, { }, {
.key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
@ -4789,11 +4783,10 @@ static struct aead_testvec aes_gcm_enc_tv_template[] = {
0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 }, 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56,
.rlen = 64, 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
.tag = { 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 }, 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 },
.tlen = 16 .rlen = 80,
}, { }, {
.key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
@ -4821,20 +4814,19 @@ static struct aead_testvec aes_gcm_enc_tv_template[] = {
0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
0xcc, 0xda, 0x27, 0x10 }, 0xcc, 0xda, 0x27, 0x10,
.rlen = 60, 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
.tag = { 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c }, 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c },
.tlen = 16, .rlen = 76,
.np = 2, .np = 2,
.tap = { 32, 28 }, .tap = { 32, 28 },
.anp = 2, .anp = 2,
.atap = { 8, 12 } .atap = { 8, 12 }
}, { }, {
.klen = 32, .klen = 32,
.tag = { 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9, .result = { 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b }, 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b },
.tlen = 16 .rlen = 16,
} }
}; };
@ -4842,12 +4834,11 @@ static struct aead_testvec aes_gcm_dec_tv_template[] = {
{ /* From McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */ { /* From McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */
.klen = 32, .klen = 32,
.input = { 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, .input = { 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 }, 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18,
.ilen = 16, 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
.rlen = 16,
.tag = { 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 }, 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 },
.tlen = 16 .ilen = 32,
.rlen = 16,
}, { }, {
.key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
@ -4863,8 +4854,10 @@ static struct aead_testvec aes_gcm_dec_tv_template[] = {
0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad }, 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad,
.ilen = 64, 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c },
.ilen = 80,
.result = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, .result = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
@ -4874,9 +4867,6 @@ static struct aead_testvec aes_gcm_dec_tv_template[] = {
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 }, 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
.rlen = 64, .rlen = 64,
.tag = { 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c },
.tlen = 16
}, { }, {
.key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
@ -4892,8 +4882,10 @@ static struct aead_testvec aes_gcm_dec_tv_template[] = {
0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
0xbc, 0xc9, 0xf6, 0x62 }, 0xbc, 0xc9, 0xf6, 0x62,
.ilen = 60, 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b },
.ilen = 76,
.assoc = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, .assoc = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2 }, 0xab, 0xad, 0xda, 0xd2 },
@ -4907,11 +4899,8 @@ static struct aead_testvec aes_gcm_dec_tv_template[] = {
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39 }, 0xba, 0x63, 0x7b, 0x39 },
.rlen = 60, .rlen = 60,
.tag = { 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b },
.tlen = 16,
.np = 2, .np = 2,
.tap = { 48, 12 }, .tap = { 48, 28 },
.anp = 3, .anp = 3,
.atap = { 8, 8, 4 } .atap = { 8, 8, 4 }
}, { }, {
@ -4927,8 +4916,10 @@ static struct aead_testvec aes_gcm_dec_tv_template[] = {
0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 }, 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85,
.ilen = 64, 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 },
.ilen = 80,
.result = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, .result = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
@ -4938,9 +4929,6 @@ static struct aead_testvec aes_gcm_dec_tv_template[] = {
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 }, 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
.rlen = 64, .rlen = 64,
.tag = { 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 },
.tlen = 16
}, { }, {
.key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 }, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
@ -4954,8 +4942,10 @@ static struct aead_testvec aes_gcm_dec_tv_template[] = {
0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
0x3d, 0x58, 0xe0, 0x91 }, 0x3d, 0x58, 0xe0, 0x91,
.ilen = 60, 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 },
.ilen = 76,
.assoc = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, .assoc = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2 }, 0xab, 0xad, 0xda, 0xd2 },
@ -4969,18 +4959,14 @@ static struct aead_testvec aes_gcm_dec_tv_template[] = {
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39 }, 0xba, 0x63, 0x7b, 0x39 },
.rlen = 60, .rlen = 60,
.tag = { 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 },
.tlen = 16
}, { }, {
.klen = 24, .klen = 24,
.input = { 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41, .input = { 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 }, 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00,
.ilen = 16, 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
.rlen = 16,
.tag = { 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb }, 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb },
.tlen = 16 .ilen = 32,
.rlen = 16,
}, { }, {
.key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
@ -4995,8 +4981,10 @@ static struct aead_testvec aes_gcm_dec_tv_template[] = {
0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 }, 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56,
.ilen = 64, 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 },
.ilen = 80,
.result = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, .result = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
@ -5006,9 +4994,6 @@ static struct aead_testvec aes_gcm_dec_tv_template[] = {
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 }, 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
.rlen = 64, .rlen = 64,
.tag = { 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 },
.tlen = 16
}, { }, {
.key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
@ -5023,8 +5008,10 @@ static struct aead_testvec aes_gcm_dec_tv_template[] = {
0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
0xcc, 0xda, 0x27, 0x10 }, 0xcc, 0xda, 0x27, 0x10,
.ilen = 60, 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c },
.ilen = 76,
.assoc = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, .assoc = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2 }, 0xab, 0xad, 0xda, 0xd2 },
@ -5038,9 +5025,6 @@ static struct aead_testvec aes_gcm_dec_tv_template[] = {
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39 }, 0xba, 0x63, 0x7b, 0x39 },
.rlen = 60, .rlen = 60,
.tag = { 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c },
.tlen = 16
} }
}; };