2 * QEMU Crypto XTS cipher mode
4 * Copyright (c) 2015-2018 Red Hat, Inc.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 * This code is originally derived from public domain / WTFPL code in
20 * LibTomCrypt crytographic library http://libtom.org. The XTS code
21 * was donated by Elliptic Semiconductor Inc (www.ellipticsemi.com)
22 * to the LibTom Projects
26 #include "qemu/osdep.h"
27 #include "crypto/init.h"
28 #include "crypto/xts.h"
29 #include "crypto/aes.h"
34 unsigned char key1
[32];
35 unsigned char key2
[32];
38 unsigned char PTX
[512], CTX
[512];
41 static const QCryptoXTSTestData test_data
[] = {
42 /* #1 32 byte key, 32 byte PTX */
44 "/crypto/xts/t-1-key-32-ptx-32",
46 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
47 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
48 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
49 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
52 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
53 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
54 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
55 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
56 { 0x91, 0x7c, 0xf6, 0x9e, 0xbd, 0x68, 0xb2, 0xec,
57 0x9b, 0x9f, 0xe9, 0xa3, 0xea, 0xdd, 0xa6, 0x92,
58 0xcd, 0x43, 0xd2, 0xf5, 0x95, 0x98, 0xed, 0x85,
59 0x8c, 0x02, 0xc2, 0x65, 0x2f, 0xbf, 0x92, 0x2e },
62 /* #2, 32 byte key, 32 byte PTX */
64 "/crypto/xts/t-2-key-32-ptx-32",
66 { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
67 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 },
68 { 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
69 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 },
72 { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
73 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
74 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
75 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
76 { 0xc4, 0x54, 0x18, 0x5e, 0x6a, 0x16, 0x93, 0x6e,
77 0x39, 0x33, 0x40, 0x38, 0xac, 0xef, 0x83, 0x8b,
78 0xfb, 0x18, 0x6f, 0xff, 0x74, 0x80, 0xad, 0xc4,
79 0x28, 0x93, 0x82, 0xec, 0xd6, 0xd3, 0x94, 0xf0 },
82 /* #5 from xts.7, 32 byte key, 32 byte PTX */
84 "/crypto/xts/t-5-key-32-ptx-32",
86 { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
87 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 },
88 { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8,
89 0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 },
92 { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
93 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
94 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
95 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
96 { 0xb0, 0x1f, 0x86, 0xf8, 0xed, 0xc1, 0x86, 0x37,
97 0x06, 0xfa, 0x8a, 0x42, 0x53, 0xe3, 0x4f, 0x28,
98 0xaf, 0x31, 0x9d, 0xe3, 0x83, 0x34, 0x87, 0x0f,
99 0x4d, 0xd1, 0xf9, 0x4c, 0xbe, 0x98, 0x32, 0xf1 },
102 /* #4, 32 byte key, 512 byte PTX */
104 "/crypto/xts/t-4-key-32-ptx-512",
106 { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45,
107 0x23, 0x53, 0x60, 0x28, 0x74, 0x71, 0x35, 0x26 },
108 { 0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93,
109 0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95 },
113 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
114 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
115 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
116 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
117 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
118 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
119 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
120 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
121 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
122 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
123 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
124 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
125 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
126 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
127 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
128 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
129 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
130 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
131 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
132 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
133 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
134 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
135 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
136 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
137 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
138 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
139 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
140 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
141 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
142 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
143 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
144 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
145 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
146 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
147 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
148 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
149 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
150 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
151 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
152 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
153 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
154 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
155 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
156 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
157 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
158 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
159 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
160 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
161 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
162 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
163 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
164 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
165 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
166 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
167 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
168 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
169 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
170 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
171 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
172 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
173 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
174 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
175 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
176 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
179 0x27, 0xa7, 0x47, 0x9b, 0xef, 0xa1, 0xd4, 0x76,
180 0x48, 0x9f, 0x30, 0x8c, 0xd4, 0xcf, 0xa6, 0xe2,
181 0xa9, 0x6e, 0x4b, 0xbe, 0x32, 0x08, 0xff, 0x25,
182 0x28, 0x7d, 0xd3, 0x81, 0x96, 0x16, 0xe8, 0x9c,
183 0xc7, 0x8c, 0xf7, 0xf5, 0xe5, 0x43, 0x44, 0x5f,
184 0x83, 0x33, 0xd8, 0xfa, 0x7f, 0x56, 0x00, 0x00,
185 0x05, 0x27, 0x9f, 0xa5, 0xd8, 0xb5, 0xe4, 0xad,
186 0x40, 0xe7, 0x36, 0xdd, 0xb4, 0xd3, 0x54, 0x12,
187 0x32, 0x80, 0x63, 0xfd, 0x2a, 0xab, 0x53, 0xe5,
188 0xea, 0x1e, 0x0a, 0x9f, 0x33, 0x25, 0x00, 0xa5,
189 0xdf, 0x94, 0x87, 0xd0, 0x7a, 0x5c, 0x92, 0xcc,
190 0x51, 0x2c, 0x88, 0x66, 0xc7, 0xe8, 0x60, 0xce,
191 0x93, 0xfd, 0xf1, 0x66, 0xa2, 0x49, 0x12, 0xb4,
192 0x22, 0x97, 0x61, 0x46, 0xae, 0x20, 0xce, 0x84,
193 0x6b, 0xb7, 0xdc, 0x9b, 0xa9, 0x4a, 0x76, 0x7a,
194 0xae, 0xf2, 0x0c, 0x0d, 0x61, 0xad, 0x02, 0x65,
195 0x5e, 0xa9, 0x2d, 0xc4, 0xc4, 0xe4, 0x1a, 0x89,
196 0x52, 0xc6, 0x51, 0xd3, 0x31, 0x74, 0xbe, 0x51,
197 0xa1, 0x0c, 0x42, 0x11, 0x10, 0xe6, 0xd8, 0x15,
198 0x88, 0xed, 0xe8, 0x21, 0x03, 0xa2, 0x52, 0xd8,
199 0xa7, 0x50, 0xe8, 0x76, 0x8d, 0xef, 0xff, 0xed,
200 0x91, 0x22, 0x81, 0x0a, 0xae, 0xb9, 0x9f, 0x91,
201 0x72, 0xaf, 0x82, 0xb6, 0x04, 0xdc, 0x4b, 0x8e,
202 0x51, 0xbc, 0xb0, 0x82, 0x35, 0xa6, 0xf4, 0x34,
203 0x13, 0x32, 0xe4, 0xca, 0x60, 0x48, 0x2a, 0x4b,
204 0xa1, 0xa0, 0x3b, 0x3e, 0x65, 0x00, 0x8f, 0xc5,
205 0xda, 0x76, 0xb7, 0x0b, 0xf1, 0x69, 0x0d, 0xb4,
206 0xea, 0xe2, 0x9c, 0x5f, 0x1b, 0xad, 0xd0, 0x3c,
207 0x5c, 0xcf, 0x2a, 0x55, 0xd7, 0x05, 0xdd, 0xcd,
208 0x86, 0xd4, 0x49, 0x51, 0x1c, 0xeb, 0x7e, 0xc3,
209 0x0b, 0xf1, 0x2b, 0x1f, 0xa3, 0x5b, 0x91, 0x3f,
210 0x9f, 0x74, 0x7a, 0x8a, 0xfd, 0x1b, 0x13, 0x0e,
211 0x94, 0xbf, 0xf9, 0x4e, 0xff, 0xd0, 0x1a, 0x91,
212 0x73, 0x5c, 0xa1, 0x72, 0x6a, 0xcd, 0x0b, 0x19,
213 0x7c, 0x4e, 0x5b, 0x03, 0x39, 0x36, 0x97, 0xe1,
214 0x26, 0x82, 0x6f, 0xb6, 0xbb, 0xde, 0x8e, 0xcc,
215 0x1e, 0x08, 0x29, 0x85, 0x16, 0xe2, 0xc9, 0xed,
216 0x03, 0xff, 0x3c, 0x1b, 0x78, 0x60, 0xf6, 0xde,
217 0x76, 0xd4, 0xce, 0xcd, 0x94, 0xc8, 0x11, 0x98,
218 0x55, 0xef, 0x52, 0x97, 0xca, 0x67, 0xe9, 0xf3,
219 0xe7, 0xff, 0x72, 0xb1, 0xe9, 0x97, 0x85, 0xca,
220 0x0a, 0x7e, 0x77, 0x20, 0xc5, 0xb3, 0x6d, 0xc6,
221 0xd7, 0x2c, 0xac, 0x95, 0x74, 0xc8, 0xcb, 0xbc,
222 0x2f, 0x80, 0x1e, 0x23, 0xe5, 0x6f, 0xd3, 0x44,
223 0xb0, 0x7f, 0x22, 0x15, 0x4b, 0xeb, 0xa0, 0xf0,
224 0x8c, 0xe8, 0x89, 0x1e, 0x64, 0x3e, 0xd9, 0x95,
225 0xc9, 0x4d, 0x9a, 0x69, 0xc9, 0xf1, 0xb5, 0xf4,
226 0x99, 0x02, 0x7a, 0x78, 0x57, 0x2a, 0xee, 0xbd,
227 0x74, 0xd2, 0x0c, 0xc3, 0x98, 0x81, 0xc2, 0x13,
228 0xee, 0x77, 0x0b, 0x10, 0x10, 0xe4, 0xbe, 0xa7,
229 0x18, 0x84, 0x69, 0x77, 0xae, 0x11, 0x9f, 0x7a,
230 0x02, 0x3a, 0xb5, 0x8c, 0xca, 0x0a, 0xd7, 0x52,
231 0xaf, 0xe6, 0x56, 0xbb, 0x3c, 0x17, 0x25, 0x6a,
232 0x9f, 0x6e, 0x9b, 0xf1, 0x9f, 0xdd, 0x5a, 0x38,
233 0xfc, 0x82, 0xbb, 0xe8, 0x72, 0xc5, 0x53, 0x9e,
234 0xdb, 0x60, 0x9e, 0xf4, 0xf7, 0x9c, 0x20, 0x3e,
235 0xbb, 0x14, 0x0f, 0x2e, 0x58, 0x3c, 0xb2, 0xad,
236 0x15, 0xb4, 0xaa, 0x5b, 0x65, 0x50, 0x16, 0xa8,
237 0x44, 0x92, 0x77, 0xdb, 0xd4, 0x77, 0xef, 0x2c,
238 0x8d, 0x6c, 0x01, 0x7d, 0xb7, 0x38, 0xb1, 0x8d,
239 0xeb, 0x4a, 0x42, 0x7d, 0x19, 0x23, 0xce, 0x3f,
240 0xf2, 0x62, 0x73, 0x57, 0x79, 0xa4, 0x18, 0xf2,
241 0x0a, 0x28, 0x2d, 0xf9, 0x20, 0x14, 0x7b, 0xea,
242 0xbe, 0x42, 0x1e, 0xe5, 0x31, 0x9d, 0x05, 0x68,
246 /* #7, 32 byte key, 17 byte PTX */
248 "/crypto/xts/t-7-key-32-ptx-17",
250 { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
251 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 },
252 { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8,
253 0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 },
256 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
257 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 },
258 { 0x6c, 0x16, 0x25, 0xdb, 0x46, 0x71, 0x52, 0x2d,
259 0x3d, 0x75, 0x99, 0x60, 0x1d, 0xe7, 0xca, 0x09, 0xed },
262 /* #15, 32 byte key, 25 byte PTX */
264 "/crypto/xts/t-15-key-32-ptx-25",
266 { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
267 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 },
268 { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8,
269 0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 },
272 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
273 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
274 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18 },
275 { 0x8f, 0x4d, 0xcb, 0xad, 0x55, 0x55, 0x8d, 0x7b,
276 0x4e, 0x01, 0xd9, 0x37, 0x9c, 0xd4, 0xea, 0x22,
277 0xed, 0xbf, 0x9d, 0xac, 0xe4, 0x5d, 0x6f, 0x6a, 0x73 },
280 /* #21, 32 byte key, 31 byte PTX */
282 "/crypto/xts/t-21-key-32-ptx-31",
284 { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
285 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 },
286 { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8,
287 0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 },
290 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
291 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
292 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
293 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e },
294 { 0xd0, 0x5b, 0xc0, 0x90, 0xa8, 0xe0, 0x4f, 0x1b,
295 0x3d, 0x3e, 0xcd, 0xd5, 0xba, 0xec, 0x0f, 0xd4,
296 0xed, 0xbf, 0x9d, 0xac, 0xe4, 0x5d, 0x6f, 0x6a,
297 0x73, 0x06, 0xe6, 0x4b, 0xe5, 0xdd, 0x82 },
301 #define STORE64L(x, y) \
303 (y)[7] = (unsigned char)(((x) >> 56) & 255); \
304 (y)[6] = (unsigned char)(((x) >> 48) & 255); \
305 (y)[5] = (unsigned char)(((x) >> 40) & 255); \
306 (y)[4] = (unsigned char)(((x) >> 32) & 255); \
307 (y)[3] = (unsigned char)(((x) >> 24) & 255); \
308 (y)[2] = (unsigned char)(((x) >> 16) & 255); \
309 (y)[1] = (unsigned char)(((x) >> 8) & 255); \
310 (y)[0] = (unsigned char)((x) & 255); \
318 static void test_xts_aes_encrypt(const void *ctx
,
323 const struct TestAES
*aesctx
= ctx
;
325 AES_encrypt(src
, dst
, &aesctx
->enc
);
329 static void test_xts_aes_decrypt(const void *ctx
,
334 const struct TestAES
*aesctx
= ctx
;
336 AES_decrypt(src
, dst
, &aesctx
->dec
);
340 static void test_xts(const void *opaque
)
342 const QCryptoXTSTestData
*data
= opaque
;
343 uint8_t out
[512], Torg
[16], T
[16];
345 struct TestAES aesdata
;
346 struct TestAES aestweak
;
348 AES_set_encrypt_key(data
->key1
, data
->keylen
/ 2 * 8, &aesdata
.enc
);
349 AES_set_decrypt_key(data
->key1
, data
->keylen
/ 2 * 8, &aesdata
.dec
);
350 AES_set_encrypt_key(data
->key2
, data
->keylen
/ 2 * 8, &aestweak
.enc
);
351 AES_set_decrypt_key(data
->key2
, data
->keylen
/ 2 * 8, &aestweak
.dec
);
355 memset(Torg
+ 8, 0, 8);
357 memcpy(T
, Torg
, sizeof(T
));
358 xts_encrypt(&aesdata
, &aestweak
,
359 test_xts_aes_encrypt
,
360 test_xts_aes_decrypt
,
361 T
, data
->PTLEN
, out
, data
->PTX
);
363 g_assert(memcmp(out
, data
->CTX
, data
->PTLEN
) == 0);
365 memcpy(T
, Torg
, sizeof(T
));
366 xts_decrypt(&aesdata
, &aestweak
,
367 test_xts_aes_encrypt
,
368 test_xts_aes_decrypt
,
369 T
, data
->PTLEN
, out
, data
->CTX
);
371 g_assert(memcmp(out
, data
->PTX
, data
->PTLEN
) == 0);
375 static void test_xts_split(const void *opaque
)
377 const QCryptoXTSTestData
*data
= opaque
;
378 uint8_t out
[512], Torg
[16], T
[16];
380 unsigned long len
= data
->PTLEN
/ 2;
381 struct TestAES aesdata
;
382 struct TestAES aestweak
;
384 AES_set_encrypt_key(data
->key1
, data
->keylen
/ 2 * 8, &aesdata
.enc
);
385 AES_set_decrypt_key(data
->key1
, data
->keylen
/ 2 * 8, &aesdata
.dec
);
386 AES_set_encrypt_key(data
->key2
, data
->keylen
/ 2 * 8, &aestweak
.enc
);
387 AES_set_decrypt_key(data
->key2
, data
->keylen
/ 2 * 8, &aestweak
.dec
);
391 memset(Torg
+ 8, 0, 8);
393 memcpy(T
, Torg
, sizeof(T
));
394 xts_encrypt(&aesdata
, &aestweak
,
395 test_xts_aes_encrypt
,
396 test_xts_aes_decrypt
,
397 T
, len
, out
, data
->PTX
);
398 xts_encrypt(&aesdata
, &aestweak
,
399 test_xts_aes_encrypt
,
400 test_xts_aes_decrypt
,
401 T
, len
, &out
[len
], &data
->PTX
[len
]);
403 g_assert(memcmp(out
, data
->CTX
, data
->PTLEN
) == 0);
405 memcpy(T
, Torg
, sizeof(T
));
406 xts_decrypt(&aesdata
, &aestweak
,
407 test_xts_aes_encrypt
,
408 test_xts_aes_decrypt
,
409 T
, len
, out
, data
->CTX
);
410 xts_decrypt(&aesdata
, &aestweak
,
411 test_xts_aes_encrypt
,
412 test_xts_aes_decrypt
,
413 T
, len
, &out
[len
], &data
->CTX
[len
]);
415 g_assert(memcmp(out
, data
->PTX
, data
->PTLEN
) == 0);
419 static void test_xts_unaligned(const void *opaque
)
422 const QCryptoXTSTestData
*data
= opaque
;
423 uint8_t in
[512 + BAD_ALIGN
], out
[512 + BAD_ALIGN
];
424 uint8_t Torg
[16], T
[16 + BAD_ALIGN
];
426 struct TestAES aesdata
;
427 struct TestAES aestweak
;
429 AES_set_encrypt_key(data
->key1
, data
->keylen
/ 2 * 8, &aesdata
.enc
);
430 AES_set_decrypt_key(data
->key1
, data
->keylen
/ 2 * 8, &aesdata
.dec
);
431 AES_set_encrypt_key(data
->key2
, data
->keylen
/ 2 * 8, &aestweak
.enc
);
432 AES_set_decrypt_key(data
->key2
, data
->keylen
/ 2 * 8, &aestweak
.dec
);
436 memset(Torg
+ 8, 0, 8);
439 memcpy(T
+ BAD_ALIGN
, Torg
, 16);
440 memcpy(in
, data
->PTX
, data
->PTLEN
);
441 xts_encrypt(&aesdata
, &aestweak
,
442 test_xts_aes_encrypt
,
443 test_xts_aes_decrypt
,
444 T
+ BAD_ALIGN
, data
->PTLEN
, out
, in
);
446 g_assert(memcmp(out
, data
->CTX
, data
->PTLEN
) == 0);
448 /* plain text not aligned */
450 memcpy(in
+ BAD_ALIGN
, data
->PTX
, data
->PTLEN
);
451 xts_encrypt(&aesdata
, &aestweak
,
452 test_xts_aes_encrypt
,
453 test_xts_aes_decrypt
,
454 T
, data
->PTLEN
, out
, in
+ BAD_ALIGN
);
456 g_assert(memcmp(out
, data
->CTX
, data
->PTLEN
) == 0);
458 /* cipher text not aligned */
460 memcpy(in
, data
->PTX
, data
->PTLEN
);
461 xts_encrypt(&aesdata
, &aestweak
,
462 test_xts_aes_encrypt
,
463 test_xts_aes_decrypt
,
464 T
, data
->PTLEN
, out
+ BAD_ALIGN
, in
);
466 g_assert(memcmp(out
+ BAD_ALIGN
, data
->CTX
, data
->PTLEN
) == 0);
470 memcpy(T
+ BAD_ALIGN
, Torg
, 16);
471 memcpy(in
, data
->CTX
, data
->PTLEN
);
472 xts_decrypt(&aesdata
, &aestweak
,
473 test_xts_aes_encrypt
,
474 test_xts_aes_decrypt
,
475 T
+ BAD_ALIGN
, data
->PTLEN
, out
, in
);
477 g_assert(memcmp(out
, data
->PTX
, data
->PTLEN
) == 0);
479 /* cipher text not aligned */
481 memcpy(in
+ BAD_ALIGN
, data
->CTX
, data
->PTLEN
);
482 xts_decrypt(&aesdata
, &aestweak
,
483 test_xts_aes_encrypt
,
484 test_xts_aes_decrypt
,
485 T
, data
->PTLEN
, out
, in
+ BAD_ALIGN
);
487 g_assert(memcmp(out
, data
->PTX
, data
->PTLEN
) == 0);
489 /* plain text not aligned */
491 memcpy(in
, data
->CTX
, data
->PTLEN
);
492 xts_decrypt(&aesdata
, &aestweak
,
493 test_xts_aes_encrypt
,
494 test_xts_aes_decrypt
,
495 T
, data
->PTLEN
, out
+ BAD_ALIGN
, in
);
497 g_assert(memcmp(out
+ BAD_ALIGN
, data
->PTX
, data
->PTLEN
) == 0);
501 int main(int argc
, char **argv
)
505 g_test_init(&argc
, &argv
, NULL
);
507 g_assert(qcrypto_init(NULL
) == 0);
509 for (i
= 0; i
< G_N_ELEMENTS(test_data
); i
++) {
510 gchar
*path
= g_strdup_printf("%s/basic", test_data
[i
].path
);
511 g_test_add_data_func(path
, &test_data
[i
], test_xts
);
514 /* skip the cases where the length is smaller than 2*blocklen
515 * or the length is not a multiple of 32
517 if ((test_data
[i
].PTLEN
>= 32) && !(test_data
[i
].PTLEN
% 32)) {
518 path
= g_strdup_printf("%s/split", test_data
[i
].path
);
519 g_test_add_data_func(path
, &test_data
[i
], test_xts_split
);
523 path
= g_strdup_printf("%s/unaligned", test_data
[i
].path
);
524 g_test_add_data_func(path
, &test_data
[i
], test_xts_unaligned
);