5 #include <gnutls/gnutls.h>
6 #include <gnutls/crypto.h>
8 /* This does check the AES and SHA implementation against test vectors.
9 * This should not run under valgrind in order to use the native
10 * cpu instructions (AES-NI or padlock).
16 const uint8_t *plaintext
;
17 const uint8_t *ciphertext
;
20 struct aes_gcm_vectors_st
24 unsigned int auth_size
;
25 const uint8_t *plaintext
;
26 unsigned int plaintext_size
;
28 const uint8_t *ciphertext
;
32 struct aes_gcm_vectors_st aes_gcm_vectors
[] = {
36 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
42 .iv
= (void*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
44 "\x58\xe2\xfc\xce\xfa\x7e\x30\x61\x36\x7f\x1d\x57\xa4\xe7\x45\x5a"},
48 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
52 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
55 "\x03\x88\xda\xce\x60\xb6\xa3\x92\xf3\x28\xc2\xb9\x71\xb2\xfe\x78",
56 .iv
= (void*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
58 "\xab\x6e\x47\xd4\x2c\xec\x13\xbd\xf5\x3a\x67\xb2\x12\x57\xbd\xdf"},
61 "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08",
63 "\xfe\xed\xfa\xce\xde\xad\xbe\xef\xfe\xed\xfa\xce\xde\xad\xbe\xef\xab\xad\xda\xd2",
66 "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39",
69 "\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91",
70 .iv
= (void*)"\xca\xfe\xba\xbe\xfa\xce\xdb\xad\xde\xca\xf8\x88",
72 "\x5b\xc9\x4f\xbc\x32\x21\xa5\xdb\x94\xfa\xe9\x5a\xe7\x12\x1a\x47"}
76 struct aes_vectors_st aes_vectors
[] = {
80 "\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
81 .plaintext
= (uint8_t *)
82 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
83 .ciphertext
= (uint8_t *)
84 "\x4b\xc3\xf8\x83\x45\x0c\x11\x3c\x64\xca\x42\xe1\x11\x2a\x9e\x87",
88 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
89 .plaintext
= (uint8_t *)
90 "\xf3\x44\x81\xec\x3c\xc6\x27\xba\xcd\x5d\xc3\xfb\x08\xf2\x73\xe6",
91 .ciphertext
= (uint8_t *)
92 "\x03\x36\x76\x3e\x96\x6d\x92\x59\x5a\x56\x7c\xc9\xce\x53\x7f\x5e",
96 "\x10\xa5\x88\x69\xd7\x4b\xe5\xa3\x74\xcf\x86\x7c\xfb\x47\x38\x59",
97 .plaintext
= (uint8_t *)
98 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
99 .ciphertext
= (uint8_t *)
100 "\x6d\x25\x1e\x69\x44\xb0\x51\xe0\x4e\xaa\x6f\xb4\xdb\xf7\x84\x65",
104 "\xca\xea\x65\xcd\xbb\x75\xe9\x16\x9e\xcd\x22\xeb\xe6\xe5\x46\x75",
105 .plaintext
= (uint8_t *)
106 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
107 .ciphertext
= (uint8_t *)
108 "\x6e\x29\x20\x11\x90\x15\x2d\xf4\xee\x05\x81\x39\xde\xf6\x10\xbb",
112 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe",
113 .plaintext
= (uint8_t *)
114 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
115 .ciphertext
= (uint8_t *)
116 "\x9b\xa4\xa9\x14\x3f\x4e\x5d\x40\x48\x52\x1c\x4f\x88\x77\xd8\x8e",
124 gnutls_cipher_hd_t hd
;
129 gnutls_datum_t key
, iv
;
131 fprintf (stdout
, "Tests on AES Encryption: ");
133 for (i
= 0; i
< sizeof (aes_vectors
) / sizeof (aes_vectors
[0]); i
++)
135 memset (_iv
, 0, sizeof (_iv
));
136 memset (tmp
, 0, sizeof (tmp
));
137 key
.data
= (void *) aes_vectors
[i
].key
;
144 gnutls_cipher_init (&hd
, GNUTLS_CIPHER_AES_128_CBC
, &key
,
148 fprintf (stderr
, "%d: AES test %d failed\n", __LINE__
, i
);
152 ret
= gnutls_cipher_encrypt2 (hd
, aes_vectors
[i
].plaintext
, 16,
156 fprintf (stderr
, "%d: AES test %d failed\n", __LINE__
, i
);
160 gnutls_cipher_deinit (hd
);
162 if (memcmp (tmp
, aes_vectors
[i
].ciphertext
, 16) != 0)
164 fprintf (stderr
, "AES test vector %d failed!\n", i
);
166 fprintf (stderr
, "Cipher[%d]: ", 16);
167 for (j
= 0; j
< 16; j
++)
168 fprintf (stderr
, "%.2x:", (int) tmp
[j
]);
169 fprintf (stderr
, "\n");
171 fprintf (stderr
, "Expected[%d]: ", 16);
172 for (j
= 0; j
< 16; j
++)
173 fprintf (stderr
, "%.2x:",
174 (int) aes_vectors
[i
].ciphertext
[j
]);
175 fprintf (stderr
, "\n");
179 fprintf (stdout
, "ok\n");
181 fprintf (stdout
, "Tests on AES Decryption: ");
183 for (i
= 0; i
< sizeof (aes_vectors
) / sizeof (aes_vectors
[0]); i
++)
186 memset (_iv
, 0, sizeof (_iv
));
187 memset (tmp
, 0x33, sizeof (tmp
));
189 key
.data
= (void *) aes_vectors
[i
].key
;
196 gnutls_cipher_init (&hd
, GNUTLS_CIPHER_AES_128_CBC
, &key
,
200 fprintf (stderr
, "%d: AES test %d failed\n", __LINE__
, i
);
204 ret
= gnutls_cipher_decrypt2 (hd
, aes_vectors
[i
].ciphertext
, 16,
208 fprintf (stderr
, "%d: AES test %d failed\n", __LINE__
, i
);
212 gnutls_cipher_deinit (hd
);
214 if (memcmp (tmp
, aes_vectors
[i
].plaintext
, 16) != 0)
216 fprintf (stderr
, "AES test vector %d failed!\n", i
);
218 fprintf (stderr
, "Plain[%d]: ", 16);
219 for (j
= 0; j
< 16; j
++)
220 fprintf (stderr
, "%.2x:", (int) tmp
[j
]);
221 fprintf (stderr
, "\n");
223 fprintf (stderr
, "Expected[%d]: ", 16);
224 for (j
= 0; j
< 16; j
++)
225 fprintf (stderr
, "%.2x:",
226 (int) aes_vectors
[i
].plaintext
[j
]);
227 fprintf (stderr
, "\n");
232 fprintf (stdout
, "ok\n");
233 fprintf (stdout
, "\n");
235 fprintf (stdout
, "Tests on AES-GCM: ");
237 for (i
= 0; i
< sizeof (aes_gcm_vectors
) / sizeof (aes_gcm_vectors
[0]);
240 memset (tmp
, 0, sizeof (tmp
));
241 key
.data
= (void *) aes_gcm_vectors
[i
].key
;
244 iv
.data
= (void *) aes_gcm_vectors
[i
].iv
;
248 gnutls_cipher_init (&hd
, GNUTLS_CIPHER_AES_128_GCM
, &key
,
252 fprintf (stderr
, "%d: AES-GCM test %d failed\n", __LINE__
,
257 if (aes_gcm_vectors
[i
].auth_size
> 0)
260 gnutls_cipher_add_auth (hd
, aes_gcm_vectors
[i
].auth
,
261 aes_gcm_vectors
[i
].auth_size
);
265 fprintf (stderr
, "%d: AES-GCM test %d failed\n",
271 if (aes_gcm_vectors
[i
].plaintext_size
> 0)
274 gnutls_cipher_encrypt2 (hd
,
275 aes_gcm_vectors
[i
].plaintext
,
281 fprintf (stderr
, "%d: AES-GCM test %d failed: %s\n",
282 __LINE__
, i
, gnutls_strerror(ret
));
288 if (aes_gcm_vectors
[i
].plaintext_size
> 0)
290 (tmp
, aes_gcm_vectors
[i
].ciphertext
,
291 aes_gcm_vectors
[i
].plaintext_size
) != 0)
293 fprintf (stderr
, "AES-GCM test vector %d failed!\n",
296 fprintf (stderr
, "Cipher[%d]: ",
297 aes_gcm_vectors
[i
].plaintext_size
);
298 for (j
= 0; j
< aes_gcm_vectors
[i
].plaintext_size
; j
++)
299 fprintf (stderr
, "%.2x:", (int) tmp
[j
]);
300 fprintf (stderr
, "\n");
302 fprintf (stderr
, "Expected[%d]: ",
303 aes_gcm_vectors
[i
].plaintext_size
);
304 for (j
= 0; j
< aes_gcm_vectors
[i
].plaintext_size
; j
++)
305 fprintf (stderr
, "%.2x:",
306 (int) aes_gcm_vectors
[i
].ciphertext
[j
]);
307 fprintf (stderr
, "\n");
311 gnutls_cipher_tag (hd
, tmp
, 16);
312 if (memcmp (tmp
, aes_gcm_vectors
[i
].tag
, 16) != 0)
314 fprintf (stderr
, "AES-GCM test vector %d failed (tag)!\n",
317 fprintf (stderr
, "Tag[%d]: ", 16);
318 for (j
= 0; j
< 16; j
++)
319 fprintf (stderr
, "%.2x:", (int) tmp
[j
]);
320 fprintf (stderr
, "\n");
322 fprintf (stderr
, "Expected[%d]: ", 16);
323 for (j
= 0; j
< 16; j
++)
324 fprintf (stderr
, "%.2x:",
325 (int) aes_gcm_vectors
[i
].tag
[j
]);
326 fprintf (stderr
, "\n");
330 gnutls_cipher_deinit (hd
);
333 fprintf (stdout
, "ok\n");
334 fprintf (stdout
, "\n");
341 struct hash_vectors_st
345 const uint8_t *key
; /* if hmac */
346 unsigned int key_size
;
347 const uint8_t *plaintext
;
348 unsigned int plaintext_size
;
349 const uint8_t *output
;
350 unsigned int output_size
;
355 .algorithm
= GNUTLS_MAC_SHA1
,
358 (uint8_t *) "what do ya want for nothing?",
360 sizeof ("what do ya want for nothing?") - 1,
363 "\x8f\x82\x03\x94\xf9\x53\x35\x18\x20\x45\xda\x24\xf3\x4d\xe5\x2b\xf8\xbc\x34\x32",
368 .algorithm
= GNUTLS_MAC_SHA1
,
372 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
373 .plaintext_size
= sizeof
374 ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
378 "\xbe\xae\xd1\x6d\x65\x8e\xc7\x92\x9e\xdf\xd6\x2b\xfa\xfe\xac\x29\x9f\x0d\x74\x4d",
383 .algorithm
= GNUTLS_MAC_SHA256
,
387 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
388 .plaintext_size
= sizeof
389 ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
393 "\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1",
398 .algorithm
= GNUTLS_MAC_SHA256
,
402 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
403 .plaintext_size
= sizeof
404 ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
408 "\x50\xea\x82\x5d\x96\x84\xf4\x22\x9c\xa2\x9f\x1f\xec\x51\x15\x93\xe2\x81\xe4\x6a\x14\x0d\x81\xe0\x00\x5f\x8f\x68\x86\x69\xa0\x6c",
413 .algorithm
= GNUTLS_MAC_SHA512
,
417 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
418 .plaintext_size
= sizeof
419 ("abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu")
423 "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b\x87\x4b\xe9\x09",
427 .name
= "HMAC-MD5",.algorithm
= GNUTLS_MAC_MD5
,.key
=
428 (uint8_t *) "Jefe",.key_size
= 4,.plaintext
=
429 (uint8_t *) "what do ya want for nothing?",.
431 sizeof ("what do ya want for nothing?") - 1,.output
=
433 "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38",.output_size
438 .name
= "HMAC-SHA2-224",.algorithm
= GNUTLS_MAC_SHA224
,.key
=
440 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.key_size
441 = 20,.plaintext
= (uint8_t *) "Hi There",.plaintext_size
=
442 sizeof ("Hi There") - 1,.output
=
444 "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22",.output_size
448 .name
= "HMAC-SHA2-256",.algorithm
= GNUTLS_MAC_SHA256
,.key
=
450 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.key_size
451 = 20,.plaintext
= (uint8_t *) "Hi There",.plaintext_size
=
452 sizeof ("Hi There") - 1,.output
=
454 "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32\xcf\xf7",.output_size
458 .name
= "HMAC-SHA2-384",.algorithm
= GNUTLS_MAC_SHA384
,.key
=
460 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.key_size
461 = 20,.plaintext
= (uint8_t *) "Hi There",.plaintext_size
=
462 sizeof ("Hi There") - 1,.output
=
464 "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2\xfa\x9c\xb6",.output_size
468 .name
= "HMAC-SHA2-512",.algorithm
= GNUTLS_MAC_SHA512
,.key
=
470 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",.key_size
471 = 20,.plaintext
= (uint8_t *) "Hi There",.plaintext_size
=
472 sizeof ("Hi There") - 1,.output
=
474 "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20\x3a\x12\x68\x54",.output_size
478 #define HASH_DATA_SIZE 64
480 /* SHA1 and other hashes */
484 uint8_t data
[HASH_DATA_SIZE
];
489 fprintf (stdout
, "Tests on Hashes\n");
490 for (i
= 0; i
< sizeof (hash_vectors
) / sizeof (hash_vectors
[0]); i
++)
493 fprintf (stdout
, "\t%s: ", hash_vectors
[i
].name
);
495 if (hash_vectors
[i
].key
!= NULL
)
498 ret
= gnutls_hmac_fast(hash_vectors
[i
].algorithm
, hash_vectors
[i
].key
, hash_vectors
[i
].key_size
,
499 hash_vectors
[i
].plaintext
, hash_vectors
[i
].plaintext_size
, data
);
502 fprintf (stderr
, "Error: %s:%d\n", __func__
,
509 ret
= gnutls_hmac_init( &hd
, hash_vectors
[i
].algorithm
, hash_vectors
[i
].key
, hash_vectors
[i
].key_size
);
512 fprintf (stderr
, "Error: %s:%d\n", __func__
,
517 ret
= gnutls_hmac(hd
, hash_vectors
[i
].plaintext
, hash_vectors
[i
].plaintext_size
-1);
520 fprintf (stderr
, "Error: %s:%d\n", __func__
,
525 ret
= gnutls_hmac(hd
, &hash_vectors
[i
].plaintext
[hash_vectors
[i
].plaintext_size
-1], 1);
528 fprintf (stderr
, "Error: %s:%d\n", __func__
,
533 gnutls_hmac_output(hd
, data
);
534 gnutls_hmac_deinit(hd
, NULL
);
538 gnutls_hmac_get_len (hash_vectors
[i
].algorithm
);
541 fprintf (stderr
, "Error: %s:%d\n", __func__
,
549 ret
= gnutls_hash_init( &hd
, hash_vectors
[i
].algorithm
);
552 fprintf (stderr
, "Error: %s:%d\n", __func__
,
557 ret
= gnutls_hash (hd
,
558 hash_vectors
[i
].plaintext
,
562 fprintf (stderr
, "Error: %s:%d\n", __func__
,
567 ret
= gnutls_hash (hd
,
568 &hash_vectors
[i
].plaintext
[1],
569 hash_vectors
[i
].plaintext_size
-1);
572 fprintf (stderr
, "Error: %s:%d\n", __func__
,
577 gnutls_hash_output(hd
, data
);
578 gnutls_hash_deinit(hd
, NULL
);
581 gnutls_hash_get_len (hash_vectors
[i
].algorithm
);
584 fprintf (stderr
, "Error: %s:%d\n", __func__
,
590 if (data_size
!= hash_vectors
[i
].output_size
||
591 memcmp (data
, hash_vectors
[i
].output
,
592 hash_vectors
[i
].output_size
) != 0)
594 fprintf (stderr
, "HASH test vector %d failed!\n", i
);
596 fprintf (stderr
, "Output[%d]: ", (int) data_size
);
597 for (j
= 0; j
< data_size
; j
++)
598 fprintf (stderr
, "%.2x:", (int) data
[j
]);
599 fprintf (stderr
, "\n");
601 fprintf (stderr
, "Expected[%d]: ",
602 hash_vectors
[i
].output_size
);
603 for (j
= 0; j
< hash_vectors
[i
].output_size
; j
++)
604 fprintf (stderr
, "%.2x:",
605 (int) hash_vectors
[i
].output
[j
]);
606 fprintf (stderr
, "\n");
610 fprintf (stdout
, "ok\n");
613 fprintf (stdout
, "\n");
620 tls_log_func (int level
, const char *str
)
622 fprintf (stderr
, "<%d>| %s", level
, str
);
627 main (int argc
, char **argv
)
629 gnutls_global_set_log_function (tls_log_func
);
631 gnutls_global_set_log_level (4711);
633 gnutls_global_init ();
641 gnutls_global_deinit ();