/* test_aes.c * * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ #ifdef HAVE_CONFIG_H #include #endif #if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) #include #endif #include #ifdef NO_INLINE #include #else #define WOLFSSL_MISC_INCLUDED #include #endif #include #include #include #include #include #include /******************************************************************************* * AES ******************************************************************************/ /* * Testing function for wc_AesSetKey(). */ int test_wc_AesSetKey(void) { EXPECT_DECLS; #ifndef NO_AES Aes aes; byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; #ifdef WOLFSSL_AES_192 byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; #endif #ifdef WOLFSSL_AES_256 byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; #endif byte badKey16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 }; byte iv[] = "1234567890abcdef"; XMEMSET(&aes, 0, sizeof(Aes)); ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); #ifdef WOLFSSL_AES_128 ExpectIntEQ(wc_AesSetKey(&aes, key16, (word32)sizeof(key16) / sizeof(byte), iv, AES_ENCRYPTION), 0); #endif #ifdef WOLFSSL_AES_192 ExpectIntEQ(wc_AesSetKey(&aes, key24, (word32)sizeof(key24) / sizeof(byte), iv, AES_ENCRYPTION), 0); #endif #ifdef WOLFSSL_AES_256 ExpectIntEQ(wc_AesSetKey(&aes, key32, (word32)sizeof(key32) / sizeof(byte), iv, AES_ENCRYPTION), 0); #endif /* Pass in bad args. */ ExpectIntEQ(wc_AesSetKey(NULL, key16, (word32)sizeof(key16) / sizeof(byte), iv, AES_ENCRYPTION), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesSetKey(&aes, badKey16, (word32)sizeof(badKey16) / sizeof(byte), iv, AES_ENCRYPTION), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); wc_AesFree(&aes); #endif return EXPECT_RESULT(); } /* END test_wc_AesSetKey */ /* * Testing function for wc_AesSetIV */ int test_wc_AesSetIV(void) { int res = TEST_SKIPPED; #if !defined(NO_AES) && defined(WOLFSSL_AES_128) Aes aes; int ret = 0; byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; byte iv1[] = "1234567890abcdef"; byte iv2[] = "0987654321fedcba"; ret = wc_AesInit(&aes, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte), iv1, AES_ENCRYPTION); if (ret == 0) { ret = wc_AesSetIV(&aes, iv2); } /* Test bad args. */ if (ret == 0) { ret = wc_AesSetIV(NULL, iv1); if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { /* NULL iv should return 0. */ ret = wc_AesSetIV(&aes, NULL); } else { ret = WOLFSSL_FATAL_ERROR; } } wc_AesFree(&aes); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* test_wc_AesSetIV */ /******************************************************************************* * AES-CBC ******************************************************************************/ /* * test function for wc_AesCbcEncrypt(), wc_AesCbcDecrypt(), * and wc_AesCbcDecryptWithKey() */ int test_wc_AesCbcEncryptDecrypt(void) { EXPECT_DECLS; #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)&& \ defined(WOLFSSL_AES_256) Aes aes; byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; byte vector[] = { /* Now is the time for all good men w/o trailing 0 */ 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20, 0x67, 0x6f, 0x6f, 0x64, 0x20, 0x6d, 0x65, 0x6e }; byte iv[] = "1234567890abcdef"; byte enc[sizeof(vector)]; byte dec[sizeof(vector)]; byte dec2[sizeof(vector)]; /* Init stack variables. */ XMEMSET(&aes, 0, sizeof(Aes)); XMEMSET(enc, 0, sizeof(enc)); XMEMSET(dec, 0, sizeof(vector)); XMEMSET(dec2, 0, sizeof(vector)); ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_AesSetKey(&aes, key32, WC_AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION), 0); ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector)), 0); /* Re init for decrypt and set flag. */ ExpectIntEQ(wc_AesSetKey(&aes, key32, WC_AES_BLOCK_SIZE * 2, iv, AES_DECRYPTION), 0); ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, sizeof(vector)), 0); ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0); ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, WC_AES_BLOCK_SIZE, key32, sizeof(key32)/sizeof(byte), iv), 0); ExpectIntEQ(XMEMCMP(vector, dec2, WC_AES_BLOCK_SIZE), 0); /* Pass in bad args */ ExpectIntEQ(wc_AesCbcEncrypt(NULL, enc, vector, sizeof(vector)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCbcEncrypt(&aes, NULL, vector, sizeof(vector)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, NULL, sizeof(vector)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1), WC_NO_ERR_TRACE(BAD_LENGTH_E)); #endif #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ (HAVE_FIPS_VERSION == 2) && defined(WOLFSSL_AESNI) fprintf(stderr, "Zero length inputs not supported with AESNI in FIPS " "mode (v2), skip test"); #else /* Test passing in size of 0 */ XMEMSET(enc, 0, sizeof(enc)); ExpectIntEQ(wc_AesCbcEncrypt(&aes, enc, vector, 0), 0); /* Check enc was not modified */ { int i; for (i = 0; i < (int)sizeof(enc); i++) ExpectIntEQ(enc[i], 0); } #endif ExpectIntEQ(wc_AesCbcDecrypt(NULL, dec, enc, WC_AES_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCbcDecrypt(&aes, NULL, enc, WC_AES_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, NULL, WC_AES_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, WC_AES_BLOCK_SIZE * 2 - 1), WC_NO_ERR_TRACE(BAD_LENGTH_E)); #else ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, WC_AES_BLOCK_SIZE * 2 - 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); #endif /* Test passing in size of 0 */ XMEMSET(dec, 0, sizeof(dec)); ExpectIntEQ(wc_AesCbcDecrypt(&aes, dec, enc, 0), 0); /* Check dec was not modified */ { int i; for (i = 0; i < (int)sizeof(dec); i++) ExpectIntEQ(dec[i], 0); } ExpectIntEQ(wc_AesCbcDecryptWithKey(NULL, enc, WC_AES_BLOCK_SIZE, key32, sizeof(key32)/sizeof(byte), iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, NULL, WC_AES_BLOCK_SIZE, key32, sizeof(key32)/sizeof(byte), iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, WC_AES_BLOCK_SIZE, NULL, sizeof(key32)/sizeof(byte), iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCbcDecryptWithKey(dec2, enc, WC_AES_BLOCK_SIZE, key32, sizeof(key32)/sizeof(byte), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); wc_AesFree(&aes); #endif return EXPECT_RESULT(); } /* END test_wc_AesCbcEncryptDecrypt */ /******************************************************************************* * AES-CTR ******************************************************************************/ /* * Testing wc_AesCtrEncrypt and wc_AesCtrDecrypt */ int test_wc_AesCtrEncryptDecrypt(void) { EXPECT_DECLS; #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256) Aes aesEnc; Aes aesDec; byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; byte vector[] = { /* Now is the time for all w/o trailing 0 */ 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 }; byte iv[] = "1234567890abcdef"; byte enc[WC_AES_BLOCK_SIZE * 2]; byte dec[WC_AES_BLOCK_SIZE * 2]; /* Init stack variables. */ XMEMSET(&aesEnc, 0, sizeof(Aes)); XMEMSET(&aesDec, 0, sizeof(Aes)); XMEMSET(enc, 0, WC_AES_BLOCK_SIZE * 2); XMEMSET(dec, 0, WC_AES_BLOCK_SIZE * 2); ExpectIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_AesSetKey(&aesEnc, key32, WC_AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION), 0); ExpectIntEQ(wc_AesCtrEncrypt(&aesEnc, enc, vector, sizeof(vector)/sizeof(byte)), 0); /* Decrypt with wc_AesCtrEncrypt() */ ExpectIntEQ(wc_AesSetKey(&aesDec, key32, WC_AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION), 0); ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, dec, enc, sizeof(enc)/sizeof(byte)), 0); ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0); /* Test bad args. */ ExpectIntEQ(wc_AesCtrEncrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, NULL, enc, sizeof(enc)/sizeof(byte)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, dec, NULL, sizeof(enc)/sizeof(byte)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); wc_AesFree(&aesEnc); wc_AesFree(&aesDec); #endif return EXPECT_RESULT(); } /* END test_wc_AesCtrEncryptDecrypt */ /******************************************************************************* * AES-GCM ******************************************************************************/ /* * test function for wc_AesGcmSetKey() */ int test_wc_AesGcmSetKey(void) { EXPECT_DECLS; #if !defined(NO_AES) && defined(HAVE_AESGCM) Aes aes; #ifdef WOLFSSL_AES_128 byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; #endif #ifdef WOLFSSL_AES_192 byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; #endif #ifdef WOLFSSL_AES_256 byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; #endif byte badKey16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 }; byte badKey24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36 }; byte badKey32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 }; ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); #ifdef WOLFSSL_AES_128 ExpectIntEQ(wc_AesGcmSetKey(&aes, key16, sizeof(key16)/sizeof(byte)), 0); #endif #ifdef WOLFSSL_AES_192 ExpectIntEQ(wc_AesGcmSetKey(&aes, key24, sizeof(key24)/sizeof(byte)), 0); #endif #ifdef WOLFSSL_AES_256 ExpectIntEQ(wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)), 0); #endif /* Pass in bad args. */ ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); wc_AesFree(&aes); #endif return EXPECT_RESULT(); } /* END test_wc_AesGcmSetKey */ /* * test function for wc_AesGcmEncrypt and wc_AesGcmDecrypt */ int test_wc_AesGcmEncryptDecrypt(void) { EXPECT_DECLS; /* WOLFSSL_AFALG requires 12 byte IV */ #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \ !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO_AES) Aes aes; byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; byte vector[] = { /* Now is the time for all w/o trailing 0 */ 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 }; const byte a[] = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 }; byte iv[] = "1234567890a"; byte longIV[] = "1234567890abcdefghij"; byte enc[sizeof(vector)]; byte resultT[WC_AES_BLOCK_SIZE]; byte dec[sizeof(vector)]; /* Init stack variables. */ XMEMSET(&aes, 0, sizeof(Aes)); XMEMSET(enc, 0, sizeof(vector)); XMEMSET(dec, 0, sizeof(vector)); XMEMSET(resultT, 0, WC_AES_BLOCK_SIZE); ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)), 0); ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), 0); ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), 0); ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0); /* Test bad args for wc_AesGcmEncrypt and wc_AesGcmDecrypt */ ExpectIntEQ(wc_AesGcmEncrypt(NULL, enc, vector, sizeof(vector), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) - 5, a, sizeof(a)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); #if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST) || \ defined(WOLFSSL_AES_GCM_FIXED_IV_AAD) /* FIPS does not check the lower bound of ivSz */ #else ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, 0, resultT, sizeof(resultT), a, sizeof(a)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); #endif /* This case is now considered good. Long IVs are now allowed. * Except for the original FIPS release, it still has an upper * bound on the IV length. */ #if (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \ !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD) ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV, sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), 0); #else (void)longIV; #endif /* Old FIPS */ /* END wc_AesGcmEncrypt */ #ifdef HAVE_AES_DECRYPT ExpectIntEQ(wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), NULL, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv, sizeof(iv)/sizeof(byte), NULL, sizeof(resultT), a, sizeof(a)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); #if (defined(HAVE_FIPS) && FIPS_VERSION_LE(2,0) && defined(WOLFSSL_ARMASM)) ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)), WC_NO_ERR_TRACE(AES_GCM_AUTH_E)); #else ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); #endif #if ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) && \ !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD) /* FIPS does not check the lower bound of ivSz */ #else ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv, 0, resultT, sizeof(resultT), a, sizeof(a)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); #endif #endif /* HAVE_AES_DECRYPT */ wc_AesFree(&aes); #endif return EXPECT_RESULT(); } /* END test_wc_AesGcmEncryptDecrypt */ /* * test function for mixed (one-shot encryption + stream decryption) AES GCM * using a long IV (older FIPS does NOT support long IVs). Relates to zd15423 */ int test_wc_AesGcmMixedEncDecLongIV(void) { EXPECT_DECLS; #if (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \ !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM) const byte key[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; const byte in[] = { 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 }; const byte aad[] = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 }; Aes aesEnc; Aes aesDec; byte iv[] = "1234567890abcdefghij"; byte out[sizeof(in)]; byte plain[sizeof(in)]; byte tag[WC_AES_BLOCK_SIZE]; XMEMSET(&aesEnc, 0, sizeof(Aes)); XMEMSET(&aesDec, 0, sizeof(Aes)); XMEMSET(out, 0, sizeof(out)); XMEMSET(plain, 0, sizeof(plain)); XMEMSET(tag, 0, sizeof(tag)); /* Perform one-shot encryption using long IV */ ExpectIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_AesGcmSetKey(&aesEnc, key, sizeof(key)), 0); ExpectIntEQ(wc_AesGcmEncrypt(&aesEnc, out, in, sizeof(in), iv, sizeof(iv), tag, sizeof(tag), aad, sizeof(aad)), 0); /* Perform streaming decryption using long IV */ ExpectIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_AesGcmInit(&aesDec, key, sizeof(key), iv, sizeof(iv)), 0); ExpectIntEQ(wc_AesGcmDecryptUpdate(&aesDec, plain, out, sizeof(out), aad, sizeof(aad)), 0); ExpectIntEQ(wc_AesGcmDecryptFinal(&aesDec, tag, sizeof(tag)), 0); ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0); /* Free resources */ wc_AesFree(&aesEnc); wc_AesFree(&aesDec); #endif return EXPECT_RESULT(); } /* END wc_AesGcmMixedEncDecLongIV */ /* * Testing streaming AES-GCM API. */ int test_wc_AesGcmStream(void) { EXPECT_DECLS; #if !defined(NO_AES) && defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) && \ defined(WOLFSSL_AESGCM_STREAM) int i; WC_RNG rng[1]; Aes aesEnc[1]; Aes aesDec[1]; byte tag[WC_AES_BLOCK_SIZE]; byte in[WC_AES_BLOCK_SIZE * 3 + 2] = { 0, }; byte out[WC_AES_BLOCK_SIZE * 3 + 2]; byte plain[WC_AES_BLOCK_SIZE * 3 + 2]; byte aad[WC_AES_BLOCK_SIZE * 3 + 2] = { 0, }; byte key[AES_128_KEY_SIZE] = { 0, }; byte iv[AES_IV_SIZE] = { 1, }; byte ivOut[AES_IV_SIZE]; static const byte expTagAAD1[WC_AES_BLOCK_SIZE] = { 0x6c, 0x35, 0xe6, 0x7f, 0x59, 0x9e, 0xa9, 0x2f, 0x27, 0x2d, 0x5f, 0x8e, 0x7e, 0x42, 0xd3, 0x05 }; static const byte expTagPlain1[WC_AES_BLOCK_SIZE] = { 0x24, 0xba, 0x57, 0x95, 0xd0, 0x27, 0x9e, 0x78, 0x3a, 0x88, 0x4c, 0x0a, 0x5d, 0x50, 0x23, 0xd1 }; static const byte expTag[WC_AES_BLOCK_SIZE] = { 0x22, 0x91, 0x70, 0xad, 0x42, 0xc3, 0xad, 0x96, 0xe0, 0x31, 0x57, 0x60, 0xb7, 0x92, 0xa3, 0x6d }; XMEMSET(&rng, 0, sizeof(WC_RNG)); XMEMSET(&aesEnc, 0, sizeof(Aes)); XMEMSET(&aesDec, 0, sizeof(Aes)); /* Create a random for generating IV/nonce. */ ExpectIntEQ(wc_InitRng(rng), 0); /* Initialize data structures. */ ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); /* BadParameters to streaming init. */ ExpectIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, AES_128_KEY_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, 0, NULL, GCM_NONCE_MID_SZ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Bad parameters to encrypt update. */ ExpectIntEQ(wc_AesGcmEncryptUpdate(NULL, NULL, NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 1, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, in, 1, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, NULL, 1, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Bad parameters to decrypt update. */ ExpectIntEQ(wc_AesGcmDecryptUpdate(NULL, NULL, NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 1, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, in, 1, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, out, NULL, 1, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Bad parameters to encrypt final. */ ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, WC_AES_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, NULL, WC_AES_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Bad parameters to decrypt final. */ ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, WC_AES_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, NULL, WC_AES_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Check calling final before setting key fails. */ ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), WC_NO_ERR_TRACE(MISSING_KEY)); ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), WC_NO_ERR_TRACE(MISSING_KEY)); /* Check calling update before setting key else fails. */ ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), WC_NO_ERR_TRACE(MISSING_KEY)); ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), WC_NO_ERR_TRACE(MISSING_KEY)); /* Set key but not IV. */ ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), NULL, 0), 0); ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), NULL, 0), 0); /* Check calling final before setting IV fails. */ ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), WC_NO_ERR_TRACE(MISSING_IV)); ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), WC_NO_ERR_TRACE(MISSING_IV)); /* Check calling update before setting IV else fails. */ ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), WC_NO_ERR_TRACE(MISSING_IV)); ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), WC_NO_ERR_TRACE(MISSING_IV)); /* Set IV using fixed part IV and external IV APIs. */ ExpectIntEQ(wc_AesGcmSetIV(aesEnc, GCM_NONCE_MID_SZ, iv, AES_IV_FIXED_SZ, rng), 0); ExpectIntEQ(wc_AesGcmEncryptInit_ex(aesEnc, NULL, 0, ivOut, GCM_NONCE_MID_SZ), 0); ExpectIntEQ(wc_AesGcmSetExtIV(aesDec, ivOut, GCM_NONCE_MID_SZ), 0); ExpectIntEQ(wc_AesGcmInit(aesDec, NULL, 0, NULL, 0), 0); /* Encrypt and decrypt data. */ ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, aad, 1), 0); ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, aad, 1), 0); ExpectIntEQ(XMEMCMP(plain, in, 1), 0); /* Finalize and check tag matches. */ ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0); ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0); /* Set key and IV through streaming init API. */ wc_AesFree(aesEnc); wc_AesFree(aesDec); ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); /* Encrypt/decrypt one block and AAD of one block. */ ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, WC_AES_BLOCK_SIZE, aad, WC_AES_BLOCK_SIZE), 0); ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, WC_AES_BLOCK_SIZE, aad, WC_AES_BLOCK_SIZE), 0); ExpectIntEQ(XMEMCMP(plain, in, WC_AES_BLOCK_SIZE), 0); /* Finalize and check tag matches. */ ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0); ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0); /* Set key and IV through streaming init API. */ wc_AesFree(aesEnc); wc_AesFree(aesDec); ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); /* No data to encrypt/decrypt one byte of AAD. */ ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), 0); ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), 0); /* Finalize and check tag matches. */ ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0); ExpectIntEQ(XMEMCMP(tag, expTagAAD1, WC_AES_BLOCK_SIZE), 0); ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0); /* Set key and IV through streaming init API. */ wc_AesFree(aesEnc); wc_AesFree(aesDec); ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); /* Encrypt/decrypt one byte and no AAD. */ ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, NULL, 0), 0); ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, NULL, 0), 0); ExpectIntEQ(XMEMCMP(plain, in, 1), 0); /* Finalize and check tag matches. */ ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0); ExpectIntEQ(XMEMCMP(tag, expTagPlain1, WC_AES_BLOCK_SIZE), 0); ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0); /* Set key and IV through streaming init API. */ wc_AesFree(aesEnc); wc_AesFree(aesDec); ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); /* Encryption AES is one byte at a time */ for (i = 0; i < (int)sizeof(aad); i++) { ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad + i, 1), 0); } for (i = 0; i < (int)sizeof(in); i++) { ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out + i, in + i, 1, NULL, 0), 0); } /* Decryption AES is two bytes at a time */ for (i = 0; i < (int)sizeof(aad); i += 2) { ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad + i, 2), 0); } for (i = 0; i < (int)sizeof(aad); i += 2) { ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain + i, out + i, 2, NULL, 0), 0); } ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0); /* Finalize and check tag matches. */ ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0); ExpectIntEQ(XMEMCMP(tag, expTag, WC_AES_BLOCK_SIZE), 0); ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0); /* Check streaming encryption can be decrypted with one shot. */ wc_AesFree(aesDec); ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); ExpectIntEQ(wc_AesGcmSetKey(aesDec, key, sizeof(key)), 0); ExpectIntEQ(wc_AesGcmDecrypt(aesDec, plain, out, sizeof(in), iv, AES_IV_SIZE, tag, WC_AES_BLOCK_SIZE, aad, sizeof(aad)), 0); ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0); wc_AesFree(aesEnc); wc_AesFree(aesDec); wc_FreeRng(rng); #endif return EXPECT_RESULT(); } /* END test_wc_AesGcmStream */ /******************************************************************************* * GMAC ******************************************************************************/ /* * unit test for wc_GmacSetKey() */ int test_wc_GmacSetKey(void) { EXPECT_DECLS; #if !defined(NO_AES) && defined(HAVE_AESGCM) Gmac gmac; byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; #ifdef WOLFSSL_AES_192 byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; #endif #ifdef WOLFSSL_AES_256 byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; #endif byte badKey16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x66 }; byte badKey24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; byte badKey32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; XMEMSET(&gmac, 0, sizeof(Gmac)); ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0); #ifdef WOLFSSL_AES_128 ExpectIntEQ(wc_GmacSetKey(&gmac, key16, sizeof(key16)/sizeof(byte)), 0); #endif #ifdef WOLFSSL_AES_192 ExpectIntEQ(wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)), 0); #endif #ifdef WOLFSSL_AES_256 ExpectIntEQ(wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)), 0); #endif /* Pass in bad args. */ ExpectIntEQ(wc_GmacSetKey(NULL, key16, sizeof(key16)/sizeof(byte)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_GmacSetKey(&gmac, NULL, sizeof(key16)/sizeof(byte)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_GmacSetKey(&gmac, badKey16, sizeof(badKey16)/sizeof(byte)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_GmacSetKey(&gmac, badKey24, sizeof(badKey24)/sizeof(byte)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_GmacSetKey(&gmac, badKey32, sizeof(badKey32)/sizeof(byte)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); wc_AesFree(&gmac.aes); #endif return EXPECT_RESULT(); } /* END test_wc_GmacSetKey */ /* * unit test for wc_GmacUpdate */ int test_wc_GmacUpdate(void) { EXPECT_DECLS; #if !defined(NO_AES) && defined(HAVE_AESGCM) Gmac gmac; #ifdef WOLFSSL_AES_128 const byte key16[] = { 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01, 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8 }; #endif #ifdef WOLFSSL_AES_192 byte key24[] = { 0x41, 0xc5, 0xda, 0x86, 0x67, 0xef, 0x72, 0x52, 0x20, 0xff, 0xe3, 0x9a, 0xe0, 0xac, 0x59, 0x0a, 0xc9, 0xfc, 0xa7, 0x29, 0xab, 0x60, 0xad, 0xa0 }; #endif #ifdef WOLFSSL_AES_256 byte key32[] = { 0x78, 0xdc, 0x4e, 0x0a, 0xaf, 0x52, 0xd9, 0x35, 0xc3, 0xc0, 0x1e, 0xea, 0x57, 0x42, 0x8f, 0x00, 0xca, 0x1f, 0xd4, 0x75, 0xf5, 0xda, 0x86, 0xa4, 0x9c, 0x8d, 0xd7, 0x3d, 0x68, 0xc8, 0xe2, 0x23 }; #endif #ifdef WOLFSSL_AES_128 const byte authIn[] = { 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9, 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77 }; #endif #ifdef WOLFSSL_AES_192 const byte authIn2[] = { 0x8b, 0x5c, 0x12, 0x4b, 0xef, 0x6e, 0x2f, 0x0f, 0xe4, 0xd8, 0xc9, 0x5c, 0xd5, 0xfa, 0x4c, 0xf1 }; #endif const byte authIn3[] = { 0xb9, 0x6b, 0xaa, 0x8c, 0x1c, 0x75, 0xa6, 0x71, 0xbf, 0xb2, 0xd0, 0x8d, 0x06, 0xbe, 0x5f, 0x36 }; #ifdef WOLFSSL_AES_128 const byte tag1[] = { /* Known. */ 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43, 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b }; #endif #ifdef WOLFSSL_AES_192 const byte tag2[] = { /* Known */ 0x20, 0x4b, 0xdb, 0x1b, 0xd6, 0x21, 0x54, 0xbf, 0x08, 0x92, 0x2a, 0xaa, 0x54, 0xee, 0xd7, 0x05 }; #endif const byte tag3[] = { /* Known */ 0x3e, 0x5d, 0x48, 0x6a, 0xa2, 0xe3, 0x0b, 0x22, 0xe0, 0x40, 0xb8, 0x57, 0x23, 0xa0, 0x6e, 0x76 }; #ifdef WOLFSSL_AES_128 const byte iv[] = { 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94, 0xe2, 0x8c, 0x8f, 0x16 }; #endif #ifdef WOLFSSL_AES_192 const byte iv2[] = { 0x05, 0xad, 0x13, 0xa5, 0xe2, 0xc2, 0xab, 0x66, 0x7e, 0x1a, 0x6f, 0xbc }; #endif const byte iv3[] = { 0xd7, 0x9c, 0xf2, 0x2d, 0x50, 0x4c, 0xc7, 0x93, 0xc3, 0xfb, 0x6c, 0x8a }; byte tagOut[16]; byte tagOut2[24]; byte tagOut3[32]; /* Init stack variables. */ XMEMSET(&gmac, 0, sizeof(Gmac)); XMEMSET(tagOut, 0, sizeof(tagOut)); XMEMSET(tagOut2, 0, sizeof(tagOut2)); XMEMSET(tagOut3, 0, sizeof(tagOut3)); #ifdef WOLFSSL_AES_128 ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_GmacSetKey(&gmac, key16, sizeof(key16)), 0); ExpectIntEQ(wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn), tagOut, sizeof(tag1)), 0); ExpectIntEQ(XMEMCMP(tag1, tagOut, sizeof(tag1)), 0); wc_AesFree(&gmac.aes); #endif #ifdef WOLFSSL_AES_192 ExpectNotNull(XMEMSET(&gmac, 0, sizeof(Gmac))); ExpectIntEQ(wc_AesInit(&gmac.aes, HEAP_HINT, INVALID_DEVID), 0); ExpectIntEQ(wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)), 0); ExpectIntEQ(wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2, sizeof(authIn2), tagOut2, sizeof(tag2)), 0); ExpectIntEQ(XMEMCMP(tagOut2, tag2, sizeof(tag2)), 0); wc_AesFree(&gmac.aes); #endif #ifdef WOLFSSL_AES_256 ExpectNotNull(XMEMSET(&gmac, 0, sizeof(Gmac))); ExpectIntEQ(wc_AesInit(&gmac.aes, HEAP_HINT, INVALID_DEVID), 0); ExpectIntEQ(wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)), 0); ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3), tagOut3, sizeof(tag3)), 0); ExpectIntEQ(XMEMCMP(tag3, tagOut3, sizeof(tag3)), 0); wc_AesFree(&gmac.aes); #endif /* Pass bad args. */ ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_GmacUpdate(NULL, iv3, sizeof(iv3), authIn3, sizeof(authIn3), tagOut3, sizeof(tag3)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3), tagOut3, sizeof(tag3) - 5), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3), tagOut3, sizeof(tag3) + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); wc_AesFree(&gmac.aes); #endif return EXPECT_RESULT(); } /* END test_wc_GmacUpdate */ /******************************************************************************* * AES-CCM ******************************************************************************/ /* * unit test for wc_AesCcmSetKey */ int test_wc_AesCcmSetKey(void) { EXPECT_DECLS; #ifdef HAVE_AESCCM Aes aes; const byte key16[] = { 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf }; const byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; const byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; XMEMSET(&aes, 0, sizeof(Aes)); ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); #ifdef WOLFSSL_AES_128 ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16)), 0); #endif #ifdef WOLFSSL_AES_192 ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24)), 0); #endif #ifdef WOLFSSL_AES_256 ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32)), 0); #endif /* Test bad args. */ ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16) - 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24) - 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32) - 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); wc_AesFree(&aes); #endif return EXPECT_RESULT(); } /* END test_wc_AesCcmSetKey */ /* * Unit test function for wc_AesCcmEncrypt and wc_AesCcmDecrypt */ int test_wc_AesCcmEncryptDecrypt(void) { EXPECT_DECLS; #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) Aes aes; const byte key16[] = { 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf }; /* plaintext */ const byte plainT[] = { 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e }; /* nonce */ const byte iv[] = { 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5 }; const byte c[] = { /* cipher text. */ 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2, 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80, 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84 }; const byte t[] = { /* Auth tag */ 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 }; const byte authIn[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; byte cipherOut[sizeof(plainT)]; byte authTag[sizeof(t)]; #ifdef HAVE_AES_DECRYPT byte plainOut[sizeof(cipherOut)]; #endif XMEMSET(&aes, 0, sizeof(Aes)); ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16)), 0); ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), 0); ExpectIntEQ(XMEMCMP(cipherOut, c, sizeof(c)), 0); ExpectIntEQ(XMEMCMP(t, authTag, sizeof(t)), 0); #ifdef HAVE_AES_DECRYPT ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), 0); ExpectIntEQ(XMEMCMP(plainOut, plainT, sizeof(plainT)), 0); #endif /* Pass in bad args. Encrypt*/ ExpectIntEQ(wc_AesCcmEncrypt(NULL, cipherOut, plainT, sizeof(cipherOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCcmEncrypt(&aes, NULL, plainT, sizeof(cipherOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, NULL, sizeof(cipherOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), NULL, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), iv, sizeof(iv), NULL, sizeof(authTag), authIn , sizeof(authIn)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn , sizeof(authIn)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn , sizeof(authIn)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); #ifdef HAVE_AES_DECRYPT /* Pass in bad args. Decrypt*/ ExpectIntEQ(wc_AesCcmDecrypt(NULL, plainOut, cipherOut, sizeof(plainOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCcmDecrypt(&aes, NULL, cipherOut, sizeof(plainOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, NULL, sizeof(plainOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), NULL, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), iv, sizeof(iv), NULL, sizeof(authTag), authIn, sizeof(authIn)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn, sizeof(authIn)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn, sizeof(authIn)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); #endif wc_AesFree(&aes); #endif /* HAVE_AESCCM */ return EXPECT_RESULT(); } /* END test_wc_AesCcmEncryptDecrypt */ #if defined(WOLFSSL_AES_EAX) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) /******************************************************************************* * AES-EAX ******************************************************************************/ /* * Testing test_wc_AesEaxVectors() */ int test_wc_AesEaxVectors(void) { EXPECT_DECLS; typedef struct { byte key[AES_256_KEY_SIZE]; int key_length; byte iv[WC_AES_BLOCK_SIZE]; int iv_length; byte aad[WC_AES_BLOCK_SIZE * 2]; int aad_length; byte msg[WC_AES_BLOCK_SIZE * 5]; int msg_length; byte ct[WC_AES_BLOCK_SIZE * 5]; int ct_length; byte tag[WC_AES_BLOCK_SIZE]; int tag_length; int valid; } AadVector; /* Test vectors obtained from Google wycheproof project * https://github.com/google/wycheproof * from testvectors/aes_eax_test.json */ const AadVector vectors[] = { { /* key, key length */ {0x23, 0x39, 0x52, 0xde, 0xe4, 0xd5, 0xed, 0x5f, 0x9b, 0x9c, 0x6d, 0x6f, 0xf8, 0x0f, 0xf4, 0x78}, 16, /* iv, iv length */ {0x62, 0xec, 0x67, 0xf9, 0xc3, 0xa4, 0xa4, 0x07, 0xfc, 0xb2, 0xa8, 0xc4, 0x90, 0x31, 0xa8, 0xb3}, 16, /* aad, aad length */ {0x6b, 0xfb, 0x91, 0x4f, 0xd0, 0x7e, 0xae, 0x6b}, 8, /* msg, msg length */ {0x00}, 0, /* ct, ct length */ {0x00}, 0, /* tag, tag length */ {0xe0, 0x37, 0x83, 0x0e, 0x83, 0x89, 0xf2, 0x7b, 0x02, 0x5a, 0x2d, 0x65, 0x27, 0xe7, 0x9d, 0x01}, 16, /* valid */ 1, }, { /* key, key length */ {0x91, 0x94, 0x5d, 0x3f, 0x4d, 0xcb, 0xee, 0x0b, 0xf4, 0x5e, 0xf5, 0x22, 0x55, 0xf0, 0x95, 0xa4}, 16, /* iv, iv length */ {0xbe, 0xca, 0xf0, 0x43, 0xb0, 0xa2, 0x3d, 0x84, 0x31, 0x94, 0xba, 0x97, 0x2c, 0x66, 0xde, 0xbd}, 16, /* aad, aad length */ {0xfa, 0x3b, 0xfd, 0x48, 0x06, 0xeb, 0x53, 0xfa}, 8, /* msg, msg length */ {0xf7, 0xfb}, 2, /* ct, ct length */ {0x19, 0xdd}, 2, /* tag, tag length */ {0x5c, 0x4c, 0x93, 0x31, 0x04, 0x9d, 0x0b, 0xda, 0xb0, 0x27, 0x74, 0x08, 0xf6, 0x79, 0x67, 0xe5}, 16, /* valid */ 1, }, { /* key, key length */ {0x01, 0xf7, 0x4a, 0xd6, 0x40, 0x77, 0xf2, 0xe7, 0x04, 0xc0, 0xf6, 0x0a, 0xda, 0x3d, 0xd5, 0x23}, 16, /* iv, iv length */ {0x70, 0xc3, 0xdb, 0x4f, 0x0d, 0x26, 0x36, 0x84, 0x00, 0xa1, 0x0e, 0xd0, 0x5d, 0x2b, 0xff, 0x5e}, 16, /* aad, aad length */ {0x23, 0x4a, 0x34, 0x63, 0xc1, 0x26, 0x4a, 0xc6}, 8, /* msg, msg length */ {0x1a, 0x47, 0xcb, 0x49, 0x33}, 5, /* ct, ct length */ {0xd8, 0x51, 0xd5, 0xba, 0xe0}, 5, /* tag, tag length */ {0x3a, 0x59, 0xf2, 0x38, 0xa2, 0x3e, 0x39, 0x19, 0x9d, 0xc9, 0x26, 0x66, 0x26, 0xc4, 0x0f, 0x80}, 16, /* valid */ 1, }, { /* key, key length */ {0xd0, 0x7c, 0xf6, 0xcb, 0xb7, 0xf3, 0x13, 0xbd, 0xde, 0x66, 0xb7, 0x27, 0xaf, 0xd3, 0xc5, 0xe8}, 16, /* iv, iv length */ {0x84, 0x08, 0xdf, 0xff, 0x3c, 0x1a, 0x2b, 0x12, 0x92, 0xdc, 0x19, 0x9e, 0x46, 0xb7, 0xd6, 0x17}, 16, /* aad, aad length */ {0x33, 0xcc, 0xe2, 0xea, 0xbf, 0xf5, 0xa7, 0x9d}, 8, /* msg, msg length */ {0x48, 0x1c, 0x9e, 0x39, 0xb1}, 5, /* ct, ct length */ {0x63, 0x2a, 0x9d, 0x13, 0x1a}, 5, /* tag, tag length */ {0xd4, 0xc1, 0x68, 0xa4, 0x22, 0x5d, 0x8e, 0x1f, 0xf7, 0x55, 0x93, 0x99, 0x74, 0xa7, 0xbe, 0xde}, 16, /* valid */ 1, }, { /* key, key length */ {0x35, 0xb6, 0xd0, 0x58, 0x00, 0x05, 0xbb, 0xc1, 0x2b, 0x05, 0x87, 0x12, 0x45, 0x57, 0xd2, 0xc2}, 16, /* iv, iv length */ {0xfd, 0xb6, 0xb0, 0x66, 0x76, 0xee, 0xdc, 0x5c, 0x61, 0xd7, 0x42, 0x76, 0xe1, 0xf8, 0xe8, 0x16}, 16, /* aad, aad length */ {0xae, 0xb9, 0x6e, 0xae, 0xbe, 0x29, 0x70, 0xe9}, 8, /* msg, msg length */ {0x40, 0xd0, 0xc0, 0x7d, 0xa5, 0xe4}, 6, /* ct, ct length */ {0x07, 0x1d, 0xfe, 0x16, 0xc6, 0x75}, 6, /* tag, tag length */ {0xcb, 0x06, 0x77, 0xe5, 0x36, 0xf7, 0x3a, 0xfe, 0x6a, 0x14, 0xb7, 0x4e, 0xe4, 0x98, 0x44, 0xdd}, 16, /* valid */ 1, }, { /* key, key length */ {0xbd, 0x8e, 0x6e, 0x11, 0x47, 0x5e, 0x60, 0xb2, 0x68, 0x78, 0x4c, 0x38, 0xc6, 0x2f, 0xeb, 0x22}, 16, /* iv, iv length */ {0x6e, 0xac, 0x5c, 0x93, 0x07, 0x2d, 0x8e, 0x85, 0x13, 0xf7, 0x50, 0x93, 0x5e, 0x46, 0xda, 0x1b}, 16, /* aad, aad length */ {0xd4, 0x48, 0x2d, 0x1c, 0xa7, 0x8d, 0xce, 0x0f}, 8, /* msg, msg length */ {0x4d, 0xe3, 0xb3, 0x5c, 0x3f, 0xc0, 0x39, 0x24, 0x5b, 0xd1, 0xfb, 0x7d}, 12, /* ct, ct length */ {0x83, 0x5b, 0xb4, 0xf1, 0x5d, 0x74, 0x3e, 0x35, 0x0e, 0x72, 0x84, 0x14}, 12, /* tag, tag length */ {0xab, 0xb8, 0x64, 0x4f, 0xd6, 0xcc, 0xb8, 0x69, 0x47, 0xc5, 0xe1, 0x05, 0x90, 0x21, 0x0a, 0x4f}, 16, /* valid */ 1, }, { /* key, key length */ {0x7c, 0x77, 0xd6, 0xe8, 0x13, 0xbe, 0xd5, 0xac, 0x98, 0xba, 0xa4, 0x17, 0x47, 0x7a, 0x2e, 0x7d}, 16, /* iv, iv length */ {0x1a, 0x8c, 0x98, 0xdc, 0xd7, 0x3d, 0x38, 0x39, 0x3b, 0x2b, 0xf1, 0x56, 0x9d, 0xee, 0xfc, 0x19}, 16, /* aad, aad length */ {0x65, 0xd2, 0x01, 0x79, 0x90, 0xd6, 0x25, 0x28}, 8, /* msg, msg length */ {0x8b, 0x0a, 0x79, 0x30, 0x6c, 0x9c, 0xe7, 0xed, 0x99, 0xda, 0xe4, 0xf8, 0x7f, 0x8d, 0xd6, 0x16, 0x36}, 17, /* ct, ct length */ {0x02, 0x08, 0x3e, 0x39, 0x79, 0xda, 0x01, 0x48, 0x12, 0xf5, 0x9f, 0x11, 0xd5, 0x26, 0x30, 0xda, 0x30}, 17, /* tag, tag length */ {0x13, 0x73, 0x27, 0xd1, 0x06, 0x49, 0xb0, 0xaa, 0x6e, 0x1c, 0x18, 0x1d, 0xb6, 0x17, 0xd7, 0xf2}, 16, /* valid */ 1, }, { /* key, key length */ {0x5f, 0xff, 0x20, 0xca, 0xfa, 0xb1, 0x19, 0xca, 0x2f, 0xc7, 0x35, 0x49, 0xe2, 0x0f, 0x5b, 0x0d}, 16, /* iv, iv length */ {0xdd, 0xe5, 0x9b, 0x97, 0xd7, 0x22, 0x15, 0x6d, 0x4d, 0x9a, 0xff, 0x2b, 0xc7, 0x55, 0x98, 0x26}, 16, /* aad, aad length */ {0x54, 0xb9, 0xf0, 0x4e, 0x6a, 0x09, 0x18, 0x9a}, 8, /* msg, msg length */ {0x1b, 0xda, 0x12, 0x2b, 0xce, 0x8a, 0x8d, 0xba, 0xf1, 0x87, 0x7d, 0x96, 0x2b, 0x85, 0x92, 0xdd, 0x2d, 0x56}, 18, /* ct, ct length */ {0x2e, 0xc4, 0x7b, 0x2c, 0x49, 0x54, 0xa4, 0x89, 0xaf, 0xc7, 0xba, 0x48, 0x97, 0xed, 0xcd, 0xae, 0x8c, 0xc3}, 18, /* tag, tag length */ {0x3b, 0x60, 0x45, 0x05, 0x99, 0xbd, 0x02, 0xc9, 0x63, 0x82, 0x90, 0x2a, 0xef, 0x7f, 0x83, 0x2a}, 16, /* valid */ 1, }, { /* key, key length */ {0xa4, 0xa4, 0x78, 0x2b, 0xcf, 0xfd, 0x3e, 0xc5, 0xe7, 0xef, 0x6d, 0x8c, 0x34, 0xa5, 0x61, 0x23}, 16, /* iv, iv length */ {0xb7, 0x81, 0xfc, 0xf2, 0xf7, 0x5f, 0xa5, 0xa8, 0xde, 0x97, 0xa9, 0xca, 0x48, 0xe5, 0x22, 0xec}, 16, /* aad, aad length */ {0x89, 0x9a, 0x17, 0x58, 0x97, 0x56, 0x1d, 0x7e}, 8, /* msg, msg length */ {0x6c, 0xf3, 0x67, 0x20, 0x87, 0x2b, 0x85, 0x13, 0xf6, 0xea, 0xb1, 0xa8, 0xa4, 0x44, 0x38, 0xd5, 0xef, 0x11}, 18, /* ct, ct length */ {0x0d, 0xe1, 0x8f, 0xd0, 0xfd, 0xd9, 0x1e, 0x7a, 0xf1, 0x9f, 0x1d, 0x8e, 0xe8, 0x73, 0x39, 0x38, 0xb1, 0xe8}, 18, /* tag, tag length */ {0xe7, 0xf6, 0xd2, 0x23, 0x16, 0x18, 0x10, 0x2f, 0xdb, 0x7f, 0xe5, 0x5f, 0xf1, 0x99, 0x17, 0x00}, 16, /* valid */ 1, }, { /* key, key length */ {0x83, 0x95, 0xfc, 0xf1, 0xe9, 0x5b, 0xeb, 0xd6, 0x97, 0xbd, 0x01, 0x0b, 0xc7, 0x66, 0xaa, 0xc3}, 16, /* iv, iv length */ {0x22, 0xe7, 0xad, 0xd9, 0x3c, 0xfc, 0x63, 0x93, 0xc5, 0x7e, 0xc0, 0xb3, 0xc1, 0x7d, 0x6b, 0x44}, 16, /* aad, aad length */ {0x12, 0x67, 0x35, 0xfc, 0xc3, 0x20, 0xd2, 0x5a}, 8, /* msg, msg length */ {0xca, 0x40, 0xd7, 0x44, 0x6e, 0x54, 0x5f, 0xfa, 0xed, 0x3b, 0xd1, 0x2a, 0x74, 0x0a, 0x65, 0x9f, 0xfb, 0xbb, 0x3c, 0xea, 0xb7}, 21, /* ct, ct length */ {0xcb, 0x89, 0x20, 0xf8, 0x7a, 0x6c, 0x75, 0xcf, 0xf3, 0x96, 0x27, 0xb5, 0x6e, 0x3e, 0xd1, 0x97, 0xc5, 0x52, 0xd2, 0x95, 0xa7}, 21, /* tag, tag length */ {0xcf, 0xc4, 0x6a, 0xfc, 0x25, 0x3b, 0x46, 0x52, 0xb1, 0xaf, 0x37, 0x95, 0xb1, 0x24, 0xab, 0x6e}, 16, /* valid */ 1, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75, 0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, /* ct, ct length */ {0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23, 0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13, 0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93, 0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68}, 32, /* tag, tag length */ {0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf, 0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e}, 16, /* valid */ 1, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0xae, 0xf0, 0x3d, 0x00, 0x59, 0x84, 0x94, 0xe9, 0xfb, 0x03, 0xcd, 0x7d, 0x8b, 0x59, 0x08, 0x66}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, /* ct, ct length */ {0xd1, 0x9a, 0xc5, 0x98, 0x49, 0x02, 0x6a, 0x91, 0xaa, 0x1b, 0x9a, 0xec, 0x29, 0xb1, 0x1a, 0x20, 0x2a, 0x4d, 0x73, 0x9f, 0xd8, 0x6c, 0x28, 0xe3, 0xae, 0x3d, 0x58, 0x8e, 0xa2, 0x1d, 0x70, 0xc6}, 32, /* tag, tag length */ {0xc3, 0x0f, 0x6c, 0xd9, 0x20, 0x20, 0x74, 0xed, 0x6e, 0x2a, 0x2a, 0x36, 0x0e, 0xac, 0x8c, 0x47}, 16, /* valid */ 1, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x55, 0xd1, 0x25, 0x11, 0xc6, 0x96, 0xa8, 0x0d, 0x05, 0x14, 0xd1, 0xff, 0xba, 0x49, 0xca, 0xda}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, /* ct, ct length */ {0x21, 0x08, 0x55, 0x8a, 0xc4, 0xb2, 0xc2, 0xd5, 0xcc, 0x66, 0xce, 0xa5, 0x1d, 0x62, 0x10, 0xe0, 0x46, 0x17, 0x7a, 0x67, 0x63, 0x1c, 0xd2, 0xdd, 0x8f, 0x09, 0x46, 0x97, 0x33, 0xac, 0xb5, 0x17}, 32, /* tag, tag length */ {0xfc, 0x35, 0x5e, 0x87, 0xa2, 0x67, 0xbe, 0x3a, 0xe3, 0xe4, 0x4c, 0x0b, 0xf3, 0xf9, 0x9b, 0x2b}, 16, /* valid */ 1, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x79, 0x42, 0x2d, 0xdd, 0x91, 0xc4, 0xee, 0xe2, 0xde, 0xae, 0xf1, 0xf9, 0x68, 0x30, 0x53, 0x04}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, /* ct, ct length */ {0x4d, 0x2c, 0x15, 0x24, 0xca, 0x4b, 0xaa, 0x4e, 0xef, 0xcc, 0xe6, 0xb9, 0x1b, 0x22, 0x7e, 0xe8, 0x3a, 0xba, 0xff, 0x81, 0x05, 0xdc, 0xaf, 0xa2, 0xab, 0x19, 0x1f, 0x5d, 0xf2, 0x57, 0x50, 0x35}, 32, /* tag, tag length */ {0xe2, 0xc8, 0x65, 0xce, 0x2d, 0x7a, 0xbd, 0xac, 0x02, 0x4c, 0x6f, 0x99, 0x1a, 0x84, 0x83, 0x90}, 16, /* valid */ 1, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x0a, 0xf5, 0xaa, 0x7a, 0x76, 0x76, 0xe2, 0x83, 0x06, 0x30, 0x6b, 0xcd, 0x9b, 0xf2, 0x00, 0x3a}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, /* ct, ct length */ {0x8e, 0xb0, 0x1e, 0x62, 0x18, 0x5d, 0x78, 0x2e, 0xb9, 0x28, 0x7a, 0x34, 0x1a, 0x68, 0x62, 0xac, 0x52, 0x57, 0xd6, 0xf9, 0xad, 0xc9, 0x9e, 0xe0, 0xa2, 0x4d, 0x9c, 0x22, 0xb3, 0xe9, 0xb3, 0x8a}, 32, /* tag, tag length */ {0x39, 0xc3, 0x39, 0xbc, 0x8a, 0x74, 0xc7, 0x5e, 0x2c, 0x65, 0xc6, 0x11, 0x95, 0x44, 0xd6, 0x1e}, 16, /* valid */ 1, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0xaf, 0x5a, 0x03, 0xae, 0x7e, 0xdd, 0x73, 0x47, 0x1b, 0xdc, 0xdf, 0xac, 0x5e, 0x19, 0x4a, 0x60}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, /* ct, ct length */ {0x94, 0xc5, 0xd2, 0xac, 0xa6, 0xdb, 0xbc, 0xe8, 0xc2, 0x45, 0x13, 0xa2, 0x5e, 0x09, 0x5c, 0x0e, 0x54, 0xa9, 0x42, 0x86, 0x0d, 0x32, 0x7a, 0x22, 0x2a, 0x81, 0x5c, 0xc7, 0x13, 0xb1, 0x63, 0xb4}, 32, /* tag, tag length */ {0xf5, 0x0b, 0x30, 0x30, 0x4e, 0x45, 0xc9, 0xd4, 0x11, 0xe8, 0xdf, 0x45, 0x08, 0xa9, 0x86, 0x12}, 16, /* valid */ 1, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0xb3, 0x70, 0x87, 0x68, 0x0f, 0x0e, 0xdd, 0x5a, 0x52, 0x22, 0x8b, 0x8c, 0x7a, 0xae, 0xa6, 0x64}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33}, 64, /* ct, ct length */ {0x3b, 0xb6, 0x17, 0x3e, 0x37, 0x72, 0xd4, 0xb6, 0x2e, 0xef, 0x37, 0xf9, 0xef, 0x07, 0x81, 0xf3, 0x60, 0xb6, 0xc7, 0x4b, 0xe3, 0xbf, 0x6b, 0x37, 0x10, 0x67, 0xbc, 0x1b, 0x09, 0x0d, 0x9d, 0x66, 0x22, 0xa1, 0xfb, 0xec, 0x6a, 0xc4, 0x71, 0xb3, 0x34, 0x9c, 0xd4, 0x27, 0x7a, 0x10, 0x1d, 0x40, 0x89, 0x0f, 0xbf, 0x27, 0xdf, 0xdc, 0xd0, 0xb4, 0xe3, 0x78, 0x1f, 0x98, 0x06, 0xda, 0xab, 0xb6}, 64, /* tag, tag length */ {0xa0, 0x49, 0x87, 0x45, 0xe5, 0x99, 0x99, 0xdd, 0xc3, 0x2d, 0x5b, 0x14, 0x02, 0x41, 0x12, 0x4e}, 16, /* valid */ 1, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x4f, 0x80, 0x2d, 0xa6, 0x2a, 0x38, 0x45, 0x55, 0xa1, 0x9b, 0xc2, 0xb3, 0x82, 0xeb, 0x25, 0xaf}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44}, 80, /* ct, ct length */ {0xe9, 0xb0, 0xbb, 0x88, 0x57, 0x81, 0x8c, 0xe3, 0x20, 0x1c, 0x36, 0x90, 0xd2, 0x1d, 0xaa, 0x7f, 0x26, 0x4f, 0xb8, 0xee, 0x93, 0xcc, 0x7a, 0x46, 0x74, 0xea, 0x2f, 0xc3, 0x2b, 0xf1, 0x82, 0xfb, 0x2a, 0x7e, 0x8a, 0xd5, 0x15, 0x07, 0xad, 0x4f, 0x31, 0xce, 0xfc, 0x23, 0x56, 0xfe, 0x79, 0x36, 0xa7, 0xf6, 0xe1, 0x9f, 0x95, 0xe8, 0x8f, 0xdb, 0xf1, 0x76, 0x20, 0x91, 0x6d, 0x3a, 0x6f, 0x3d, 0x01, 0xfc, 0x17, 0xd3, 0x58, 0x67, 0x2f, 0x77, 0x7f, 0xd4, 0x09, 0x92, 0x46, 0xe4, 0x36, 0xe1}, 80, /* tag, tag length */ {0x67, 0x91, 0x0b, 0xe7, 0x44, 0xb8, 0x31, 0x5a, 0xe0, 0xeb, 0x61, 0x24, 0x59, 0x0c, 0x5d, 0x8b}, 16, /* valid */ 1, }, { /* key, key length */ {0xb6, 0x7b, 0x1a, 0x6e, 0xfd, 0xd4, 0x0d, 0x37, 0x08, 0x0f, 0xbe, 0x8f, 0x80, 0x47, 0xae, 0xb9}, 16, /* iv, iv length */ {0xfa, 0x29, 0x4b, 0x12, 0x99, 0x72, 0xf7, 0xfc, 0x5b, 0xbd, 0x5b, 0x96, 0xbb, 0xa8, 0x37, 0xc9}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x00}, 0, /* ct, ct length */ {0x00}, 0, /* tag, tag length */ {0xb1, 0x4b, 0x64, 0xfb, 0x58, 0x98, 0x99, 0x69, 0x95, 0x70, 0xcc, 0x91, 0x60, 0xe3, 0x98, 0x96}, 16, /* valid */ 1, }, { /* key, key length */ {0x20, 0x9e, 0x6d, 0xbf, 0x2a, 0xd2, 0x6a, 0x10, 0x54, 0x45, 0xfc, 0x02, 0x07, 0xcd, 0x9e, 0x9a}, 16, /* iv, iv length */ {0x94, 0x77, 0x84, 0x9d, 0x6c, 0xcd, 0xfc, 0xa1, 0x12, 0xd9, 0x2e, 0x53, 0xfa, 0xe4, 0xa7, 0xca}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x01}, 1, /* ct, ct length */ {0x1d}, 1, /* tag, tag length */ {0x52, 0xa5, 0xf6, 0x00, 0xfe, 0x53, 0x38, 0x02, 0x6a, 0x7c, 0xb0, 0x9c, 0x11, 0x64, 0x00, 0x82}, 16, /* valid */ 1, }, { /* key, key length */ {0xa5, 0x49, 0x44, 0x2e, 0x35, 0x15, 0x40, 0x32, 0xd0, 0x7c, 0x86, 0x66, 0x00, 0x6a, 0xa6, 0xa2}, 16, /* iv, iv length */ {0x51, 0x71, 0x52, 0x45, 0x68, 0xe8, 0x1d, 0x97, 0xe8, 0xc4, 0xde, 0x4b, 0xa5, 0x6c, 0x10, 0xa0}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x11, 0x82, 0xe9, 0x35, 0x96, 0xca, 0xc5, 0x60, 0x89, 0x46, 0x40, 0x0b, 0xc7, 0x3f, 0x3a}, 15, /* ct, ct length */ {0xd7, 0xb8, 0xa6, 0xb4, 0x3d, 0x2e, 0x9f, 0x98, 0xc2, 0xb4, 0x4c, 0xe5, 0xe3, 0xcf, 0xdb}, 15, /* tag, tag length */ {0x1b, 0xdd, 0x52, 0xfc, 0x98, 0x7d, 0xaf, 0x0e, 0xe1, 0x92, 0x34, 0xc9, 0x05, 0xea, 0x64, 0x5f}, 16, /* valid */ 1, }, { /* key, key length */ {0x95, 0x8b, 0xcd, 0xb6, 0x6a, 0x39, 0x52, 0xb5, 0x37, 0x01, 0x58, 0x2a, 0x68, 0xa0, 0xe4, 0x74}, 16, /* iv, iv length */ {0x0e, 0x6e, 0xc8, 0x79, 0xb0, 0x2c, 0x6f, 0x51, 0x69, 0x76, 0xe3, 0x58, 0x98, 0x42, 0x8d, 0xa7}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x14, 0x04, 0x15, 0x82, 0x3e, 0xcc, 0x89, 0x32, 0xa0, 0x58, 0x38, 0x4b, 0x73, 0x8e, 0xa6, 0xea, 0x6d, 0x4d, 0xfe, 0x3b, 0xbe, 0xee}, 22, /* ct, ct length */ {0x73, 0xe5, 0xc6, 0xf0, 0xe7, 0x03, 0xa5, 0x2d, 0x02, 0xf7, 0xf7, 0xfa, 0xeb, 0x1b, 0x77, 0xfd, 0x4f, 0xd0, 0xcb, 0x42, 0x1e, 0xaf}, 22, /* tag, tag length */ {0x6c, 0x15, 0x4a, 0x85, 0x96, 0x8e, 0xdd, 0x74, 0x77, 0x65, 0x75, 0xa4, 0x45, 0x0b, 0xd8, 0x97}, 16, /* valid */ 1, }, { /* key, key length */ {0x96, 0x5b, 0x75, 0x7b, 0xa5, 0x01, 0x8a, 0x8d, 0x66, 0xed, 0xc7, 0x8e, 0x0c, 0xee, 0xe8, 0x6b}, 16, /* iv, iv length */ {0x2e, 0x35, 0x90, 0x1a, 0xe7, 0xd4, 0x91, 0xee, 0xcc, 0x88, 0x38, 0xfe, 0xdd, 0x63, 0x14, 0x05}, 16, /* aad, aad length */ {0xdf, 0x10, 0xd0, 0xd2, 0x12, 0x24, 0x24, 0x50}, 8, /* msg, msg length */ {0x36, 0xe5, 0x7a, 0x76, 0x39, 0x58, 0xb0, 0x2c, 0xea, 0x9d, 0x6a, 0x67, 0x6e, 0xbc, 0xe8, 0x1f}, 16, /* ct, ct length */ {0x93, 0x6b, 0x69, 0xb6, 0xc9, 0x55, 0xad, 0xfd, 0x15, 0x53, 0x9b, 0x9b, 0xe4, 0x98, 0x9c, 0xb6}, 16, /* tag, tag length */ {0xee, 0x15, 0xa1, 0x45, 0x4e, 0x88, 0xfa, 0xad, 0x8e, 0x48, 0xa8, 0xdf, 0x29, 0x83, 0xb4, 0x25}, 16, /* valid */ 1, }, { /* key, key length */ {0x88, 0xd0, 0x20, 0x33, 0x78, 0x1c, 0x7b, 0x41, 0x64, 0x71, 0x1a, 0x05, 0x42, 0x0f, 0x25, 0x6e}, 16, /* iv, iv length */ {0x7f, 0x29, 0x85, 0x29, 0x63, 0x15, 0x50, 0x7a, 0xa4, 0xc0, 0xa9, 0x3d, 0x5c, 0x12, 0xbd, 0x77}, 16, /* aad, aad length */ {0x7c, 0x57, 0x1d, 0x2f, 0xbb, 0x5f, 0x62, 0x52, 0x3c, 0x0e, 0xb3, 0x38, 0xbe, 0xf9, 0xa9}, 15, /* msg, msg length */ {0xd9, 0x8a, 0xdc, 0x03, 0xd9, 0xd5, 0x82, 0x73, 0x2e, 0xb0, 0x7d, 0xf2, 0x3d, 0x7b, 0x9f, 0x74}, 16, /* ct, ct length */ {0x67, 0xca, 0xac, 0x35, 0x44, 0x3a, 0x31, 0x38, 0xd2, 0xcb, 0x81, 0x1f, 0x0c, 0xe0, 0x4d, 0xd2}, 16, /* tag, tag length */ {0xb7, 0x96, 0x8e, 0x0b, 0x56, 0x40, 0xe3, 0xb2, 0x36, 0x56, 0x96, 0x53, 0x20, 0x8b, 0x9d, 0xeb}, 16, /* valid */ 1, }, { /* key, key length */ {0x51, 0x58, 0x40, 0xcf, 0x67, 0xd2, 0xe4, 0x0e, 0xb6, 0x5e, 0x54, 0xa2, 0x4c, 0x72, 0xcb, 0xf2}, 16, /* iv, iv length */ {0xbf, 0x47, 0xaf, 0xdf, 0xd4, 0x92, 0x13, 0x7a, 0x24, 0x23, 0x6b, 0xc3, 0x67, 0x97, 0xa8, 0x8e}, 16, /* aad, aad length */ {0x16, 0x84, 0x3c, 0x09, 0x1d, 0x43, 0xb0, 0xa1, 0x91, 0xd0, 0xc7, 0x3d, 0x15, 0x60, 0x1b, 0xe9}, 16, /* msg, msg length */ {0xc8, 0x34, 0x58, 0x8c, 0xb6, 0xda, 0xf9, 0xf0, 0x6d, 0xd2, 0x35, 0x19, 0xf4, 0xbe, 0x9f, 0x56}, 16, /* ct, ct length */ {0x20, 0x0a, 0xc4, 0x51, 0xfb, 0xeb, 0x0f, 0x61, 0x51, 0xd6, 0x15, 0x83, 0xa4, 0x3b, 0x73, 0x43}, 16, /* tag, tag length */ {0x2a, 0xd4, 0x3e, 0x4c, 0xaa, 0x51, 0x98, 0x3a, 0x9d, 0x4d, 0x24, 0x48, 0x1b, 0xf4, 0xc8, 0x39}, 16, /* valid */ 1, }, { /* key, key length */ {0x2e, 0x44, 0x92, 0xd4, 0x44, 0xe5, 0xb6, 0xf4, 0xce, 0xc8, 0xc2, 0xd3, 0x61, 0x5a, 0xc8, 0x58}, 16, /* iv, iv length */ {0xd0, 0x2b, 0xf0, 0x76, 0x3a, 0x9f, 0xef, 0xbf, 0x70, 0xc3, 0x3a, 0xee, 0x1e, 0x9d, 0xa1, 0xd6}, 16, /* aad, aad length */ {0x90, 0x4d, 0x86, 0xf1, 0x33, 0xce, 0xc1, 0x5a, 0x0c, 0x3c, 0xaf, 0x14, 0xd7, 0xe0, 0x29, 0xc8, 0x2a, 0x07, 0x70, 0x5a, 0x23, 0xf0, 0xd0, 0x80}, 24, /* msg, msg length */ {0x9e, 0x62, 0xd6, 0x51, 0x1b, 0x0b, 0xda, 0x7d, 0xd7, 0x74, 0x0b, 0x61, 0x4d, 0x97, 0xba, 0xe0}, 16, /* ct, ct length */ {0x27, 0xc6, 0xe9, 0xa6, 0x53, 0xc5, 0x25, 0x3c, 0xa1, 0xc5, 0x67, 0x3f, 0x97, 0xb9, 0xb3, 0x3e}, 16, /* tag, tag length */ {0x2d, 0x58, 0x12, 0x71, 0xe1, 0xfa, 0x9e, 0x36, 0x86, 0x13, 0x6c, 0xaa, 0x8f, 0x4d, 0x6c, 0x8e}, 16, /* valid */ 1, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe4, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0x66, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe6, 0x0f, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe6, 0x0e, 0x7c, 0xd0, 0x13, 0xa6, 0xdb, 0xf2, 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe6, 0x0e, 0x7c, 0x50, 0x12, 0xa6, 0xdb, 0xf2, 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe6, 0x0e, 0x7c, 0x50, 0x11, 0xa6, 0xdb, 0xf2, 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0x72, 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, 0x53, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, 0xd2, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, 0x52, 0xb8, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, 0x52, 0x98, 0xb0, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, 0x52, 0x98, 0xb1, 0x92, 0x9a, 0xc3, 0x56, 0xa7}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, 0x52, 0x98, 0xb1, 0x92, 0x99, 0xc3, 0x56, 0xa7}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, 0x52, 0x98, 0xb1, 0x92, 0x1b, 0xc3, 0x56, 0xa7}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa6}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa5}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xe7}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0x27}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, 0x53, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe6, 0x0e, 0x7c, 0xd0, 0x13, 0xa6, 0xdb, 0x72, 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0x72, 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0x27}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0x19, 0xf1, 0x83, 0xaf, 0xec, 0x59, 0x24, 0x0d, 0xad, 0x67, 0x4e, 0x6d, 0x64, 0x3c, 0xa9, 0x58}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0x66, 0x8e, 0xfc, 0xd0, 0x93, 0x26, 0x5b, 0x72, 0xd2, 0x18, 0x31, 0x12, 0x1b, 0x43, 0xd6, 0x27}, 16, /* valid */ 0, }, { /* key, key length */ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, /* iv, iv length */ {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, /* aad, aad length */ {0x00}, 0, /* msg, msg length */ {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, /* ct, ct length */ {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, /* tag, tag length */ {0xe7, 0x0f, 0x7d, 0x51, 0x12, 0xa7, 0xda, 0xf3, 0x53, 0x99, 0xb0, 0x93, 0x9a, 0xc2, 0x57, 0xa6}, 16, /* valid */ 0, }, }; byte ciphertext[sizeof(vectors[0].ct)]; byte authtag[sizeof(vectors[0].tag)]; int i; int len; int ret; for (i = 0; i < (int)(sizeof(vectors)/sizeof(vectors[0])); i++) { XMEMSET(ciphertext, 0, sizeof(ciphertext)); len = sizeof(authtag); ExpectIntEQ(wc_AesEaxEncryptAuth(vectors[i].key, vectors[i].key_length, ciphertext, vectors[i].msg, vectors[i].msg_length, vectors[i].iv, vectors[i].iv_length, authtag, len, vectors[i].aad, vectors[i].aad_length), 0); /* check ciphertext matches vector */ ExpectIntEQ(XMEMCMP(ciphertext, vectors[i].ct, vectors[i].ct_length), 0); /* check that computed tag matches vector only for vectors marked asx * valid */ ret = XMEMCMP(authtag, vectors[i].tag, len); if (vectors[i].valid) { ExpectIntEQ(ret, 0); } else { ExpectIntNE(ret, 0); } XMEMSET(ciphertext, 0, sizeof(ciphertext)); /* Decrypt, checking that the computed auth tags match */ ExpectIntEQ(wc_AesEaxDecryptAuth(vectors[i].key, vectors[i].key_length, ciphertext, vectors[i].ct, vectors[i].ct_length, vectors[i].iv, vectors[i].iv_length, authtag, len, vectors[i].aad, vectors[i].aad_length), 0); /* check decrypted ciphertext matches vector plaintext */ ExpectIntEQ(XMEMCMP(ciphertext, vectors[i].msg, vectors[i].msg_length), 0); } return EXPECT_RESULT(); } /* END test_wc_AesEaxVectors */ /* * Testing test_wc_AesEaxEncryptAuth() */ int test_wc_AesEaxEncryptAuth(void) { EXPECT_DECLS; const byte key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; const byte iv[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; const byte aad[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}; const byte msg[] = {0x00, 0x01, 0x02, 0x03, 0x04}; byte ciphertext[sizeof(msg)]; byte authtag[WC_AES_BLOCK_SIZE]; int i; int len; len = sizeof(authtag); ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), ciphertext, msg, sizeof(msg), iv, sizeof(iv), authtag, (word32)len, aad, sizeof(aad)), 0); /* Test null checking */ ExpectIntEQ(wc_AesEaxEncryptAuth(NULL, sizeof(key), ciphertext, msg, sizeof(msg), iv, sizeof(iv), authtag, (word32)len, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), NULL, msg, sizeof(msg), iv, sizeof(iv), authtag, (word32)len, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), ciphertext, NULL, sizeof(msg), iv, sizeof(iv), authtag, (word32)len, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), ciphertext, msg, sizeof(msg), NULL, sizeof(iv), authtag, (word32)len, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), ciphertext, msg, sizeof(msg), iv, sizeof(iv), NULL, (word32)len, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), ciphertext, msg, sizeof(msg), iv, sizeof(iv), authtag, (word32)len, NULL, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Test bad key lengths */ for (i = 0; i <= 32; i++) { int exp_ret; if (i == AES_128_KEY_SIZE || i == AES_192_KEY_SIZE || i == AES_256_KEY_SIZE) { exp_ret = 0; } else { exp_ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); } ExpectIntEQ(wc_AesEaxEncryptAuth(key, (word32)i, ciphertext, msg, sizeof(msg), iv, sizeof(iv), authtag, (word32)len, aad, sizeof(aad)), exp_ret); } /* Test auth tag size out of range */ len = WC_AES_BLOCK_SIZE + 1; ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), ciphertext, msg, sizeof(msg), iv, sizeof(iv), authtag, (word32)len, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); return EXPECT_RESULT(); } /* END test_wc_AesEaxEncryptAuth() */ /* * Testing test_wc_AesEaxDecryptAuth() */ int test_wc_AesEaxDecryptAuth(void) { EXPECT_DECLS; const byte key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; const byte iv[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; const byte aad[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}; const byte ct[] = {0x00, 0x01, 0x02, 0x03, 0x04}; /* Garbage tag that should always fail for above aad */ const byte tag[] = {0xFE, 0xED, 0xBE, 0xEF, 0xDE, 0xAD, 0xC0, 0xDE, 0xCA, 0xFE, 0xBE, 0xEF, 0xDE, 0xAF, 0xBE, 0xEF}; byte plaintext[sizeof(ct)]; int i; int len; len = sizeof(tag); ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), plaintext, ct, sizeof(ct), iv, sizeof(iv), tag, (word32)len, aad, sizeof(aad)), WC_NO_ERR_TRACE(AES_EAX_AUTH_E)); /* Test null checking */ ExpectIntEQ(wc_AesEaxDecryptAuth(NULL, sizeof(key), plaintext, ct, sizeof(ct), iv, sizeof(iv), tag, (word32)len, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), NULL, ct, sizeof(ct), iv, sizeof(iv), tag, (word32)len, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), plaintext, NULL, sizeof(ct), iv, sizeof(iv), tag, (word32)len, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), plaintext, ct, sizeof(ct), NULL, sizeof(iv), tag, (word32)len, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), plaintext, ct, sizeof(ct), iv, sizeof(iv), NULL, (word32)len, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), plaintext, ct, sizeof(ct), iv, sizeof(iv), tag, (word32)len, NULL, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Test bad key lengths */ for (i = 0; i <= 32; i++) { int exp_ret; if (i == AES_128_KEY_SIZE || i == AES_192_KEY_SIZE || i == AES_256_KEY_SIZE) { exp_ret = WC_NO_ERR_TRACE(AES_EAX_AUTH_E); } else { exp_ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); } ExpectIntEQ(wc_AesEaxDecryptAuth(key, (word32)i, plaintext, ct, sizeof(ct), iv, sizeof(iv), tag, (word32)len, aad, sizeof(aad)), exp_ret); } /* Test auth tag size out of range */ len = WC_AES_BLOCK_SIZE + 1; ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), plaintext, ct, sizeof(ct), iv, sizeof(iv), tag, (word32)len, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); return EXPECT_RESULT(); } /* END test_wc_AesEaxDecryptAuth() */ #endif /* WOLFSSL_AES_EAX && * (!HAVE_FIPS || FIPS_VERSION_GE(5, 3)) && !HAVE_SELFTEST */