1 // Copyright 2017 The Fuchsia Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <limits.h>
6 #include <stddef.h>
7 #include <stdint.h>
8
9 #include <crypto/bytes.h>
10 #include <crypto/cipher.h>
11 #include <unittest/unittest.h>
12 #include <zircon/errors.h>
13 #include <zircon/types.h>
14
15 #include "utils.h"
16
17 namespace crypto {
18 namespace testing {
19 namespace {
20
21 // See utils.h; the following macros allow reusing tests for each of the supported Ciphers.
22 #define EACH_PARAM(OP, Test) \
23 OP(Test, Cipher, AES256_XTS)
24
TestGetLengths_Uninitialized(void)25 bool TestGetLengths_Uninitialized(void) {
26 BEGIN_TEST;
27 size_t len;
28 EXPECT_ZX(Cipher::GetKeyLen(Cipher::kUninitialized, &len), ZX_ERR_INVALID_ARGS);
29 EXPECT_ZX(Cipher::GetIVLen(Cipher::kUninitialized, &len), ZX_ERR_INVALID_ARGS);
30 EXPECT_ZX(Cipher::GetIVLen(Cipher::kUninitialized, &len), ZX_ERR_INVALID_ARGS);
31 END_TEST;
32 }
33
TestGetLengths_AES256_XTS(void)34 bool TestGetLengths_AES256_XTS(void) {
35 BEGIN_TEST;
36 size_t key_len;
37 EXPECT_ZX(Cipher::GetKeyLen(Cipher::kAES256_XTS, nullptr), ZX_ERR_INVALID_ARGS);
38 EXPECT_OK(Cipher::GetKeyLen(Cipher::kAES256_XTS, &key_len));
39 EXPECT_EQ(key_len, 64U);
40
41 size_t iv_len;
42 EXPECT_ZX(Cipher::GetIVLen(Cipher::kAES256_XTS, nullptr), ZX_ERR_INVALID_ARGS);
43 EXPECT_OK(Cipher::GetIVLen(Cipher::kAES256_XTS, &iv_len));
44 EXPECT_EQ(iv_len, 16U);
45
46 size_t block_size;
47 EXPECT_ZX(Cipher::GetIVLen(Cipher::kAES256_XTS, nullptr), ZX_ERR_INVALID_ARGS);
48 EXPECT_OK(Cipher::GetIVLen(Cipher::kAES256_XTS, &block_size));
49 EXPECT_EQ(block_size, 16U);
50 END_TEST;
51 }
52
TestInitEncrypt_Uninitialized(void)53 bool TestInitEncrypt_Uninitialized(void) {
54 BEGIN_TEST;
55 Cipher cipher;
56 Secret key;
57 Bytes iv;
58 EXPECT_ZX(cipher.InitEncrypt(Cipher::kUninitialized, key, iv), ZX_ERR_INVALID_ARGS);
59 END_TEST;
60 }
61
TestInitEncrypt(Cipher::Algorithm cipher)62 bool TestInitEncrypt(Cipher::Algorithm cipher) {
63 BEGIN_TEST;
64 Cipher encrypt;
65 Secret key;
66 Bytes iv;
67 ASSERT_OK(GenerateKeyMaterial(cipher, &key, &iv));
68
69 // Bad key
70 Secret bad_key;
71 ASSERT_OK(bad_key.Generate(key.len() - 1));
72 EXPECT_ZX(encrypt.InitEncrypt(cipher, bad_key, iv), ZX_ERR_INVALID_ARGS);
73
74 // Bad IV
75 Bytes bad_iv;
76 ASSERT_OK(bad_iv.Copy(iv.get(), iv.len() - 1));
77 EXPECT_ZX(encrypt.InitEncrypt(cipher, key, bad_iv), ZX_ERR_INVALID_ARGS);
78
79 // Bad alignment
80 EXPECT_ZX(encrypt.InitEncrypt(cipher, key, iv, PAGE_SIZE - 1), ZX_ERR_INVALID_ARGS);
81
82 // Valid with and without alignment
83 EXPECT_OK(encrypt.InitEncrypt(cipher, key, iv));
84 EXPECT_OK(encrypt.InitEncrypt(cipher, key, iv, PAGE_SIZE));
85
86 END_TEST;
87 }
DEFINE_EACH(TestInitEncrypt)88 DEFINE_EACH(TestInitEncrypt)
89
90 bool TestInitDecrypt_Uninitialized(void) {
91 BEGIN_TEST;
92 Cipher decrypt;
93 Secret key;
94 Bytes iv;
95 EXPECT_ZX(decrypt.InitDecrypt(Cipher::kUninitialized, key, iv), ZX_ERR_INVALID_ARGS);
96 END_TEST;
97 }
98
TestInitDecrypt(Cipher::Algorithm cipher)99 bool TestInitDecrypt(Cipher::Algorithm cipher) {
100 BEGIN_TEST;
101 Cipher decrypt;
102 Secret key;
103 Bytes iv;
104 ASSERT_OK(GenerateKeyMaterial(cipher, &key, &iv));
105
106 // Bad key
107 Secret bad_key;
108 ASSERT_OK(bad_key.Generate(key.len() - 1));
109 EXPECT_ZX(decrypt.InitDecrypt(cipher, bad_key, iv), ZX_ERR_INVALID_ARGS);
110
111 // Bad IV
112 Bytes bad_iv;
113 ASSERT_OK(bad_iv.Copy(iv.get(), iv.len() - 1));
114 EXPECT_ZX(decrypt.InitDecrypt(cipher, key, bad_iv), ZX_ERR_INVALID_ARGS);
115
116 // Bad alignment
117 EXPECT_ZX(decrypt.InitDecrypt(cipher, key, iv, PAGE_SIZE - 1), ZX_ERR_INVALID_ARGS);
118
119 // Valid with and without tweak
120 EXPECT_OK(decrypt.InitDecrypt(cipher, key, iv));
121 EXPECT_OK(decrypt.InitDecrypt(cipher, key, iv, PAGE_SIZE));
122
123 END_TEST;
124 }
DEFINE_EACH(TestInitDecrypt)125 DEFINE_EACH(TestInitDecrypt)
126
127 bool TestEncryptStream(Cipher::Algorithm cipher) {
128 BEGIN_TEST;
129 size_t len = PAGE_SIZE;
130 Secret key;
131 Bytes iv, ptext;
132 ASSERT_OK(GenerateKeyMaterial(cipher, &key, &iv));
133 ASSERT_OK(ptext.Randomize(len));
134 uint8_t ctext[len];
135
136 // Not initialized
137 Cipher encrypt;
138 EXPECT_ZX(encrypt.Encrypt(ptext.get(), len, ctext), ZX_ERR_BAD_STATE);
139 ASSERT_OK(encrypt.InitEncrypt(cipher, key, iv));
140
141 // Zero length
142 EXPECT_OK(encrypt.Encrypt(ptext.get(), 0, ctext));
143
144 // Bad texts
145 EXPECT_ZX(encrypt.Encrypt(nullptr, len, ctext), ZX_ERR_INVALID_ARGS);
146 EXPECT_ZX(encrypt.Encrypt(ptext.get(), len, nullptr), ZX_ERR_INVALID_ARGS);
147
148 // Wrong mode
149 EXPECT_ZX(encrypt.Decrypt(ptext.get(), len, ctext), ZX_ERR_BAD_STATE);
150
151 // Valid
152 EXPECT_OK(encrypt.Encrypt(ptext.get(), len, ctext));
153
154 // Reset
155 encrypt.Reset();
156 EXPECT_ZX(encrypt.Encrypt(ptext.get(), len, ctext), ZX_ERR_BAD_STATE);
157
158 END_TEST;
159 }
DEFINE_EACH(TestEncryptStream)160 DEFINE_EACH(TestEncryptStream)
161
162 bool TestEncryptRandomAccess(Cipher::Algorithm cipher) {
163 BEGIN_TEST;
164 size_t len = PAGE_SIZE;
165 Secret key;
166 Bytes iv, ptext;
167 ASSERT_OK(GenerateKeyMaterial(cipher, &key, &iv));
168 ASSERT_OK(ptext.Randomize(len));
169 uint8_t ctext[len];
170
171 // Not initialized
172 Cipher encrypt;
173 EXPECT_ZX(encrypt.Encrypt(ptext.get(), len, ctext), ZX_ERR_BAD_STATE);
174 ASSERT_OK(encrypt.InitEncrypt(cipher, key, iv, len));
175
176 // Zero length
177 EXPECT_OK(encrypt.Encrypt(ptext.get(), 0, 0, ctext));
178
179 // Bad texts
180 EXPECT_ZX(encrypt.Encrypt(nullptr, 0, len, ctext), ZX_ERR_INVALID_ARGS);
181 EXPECT_ZX(encrypt.Encrypt(ptext.get(), 0, len, nullptr), ZX_ERR_INVALID_ARGS);
182
183 // Wrong mode
184 EXPECT_ZX(encrypt.Decrypt(ptext.get(), 0, len, ctext), ZX_ERR_BAD_STATE);
185
186 // Bad offset
187 EXPECT_ZX(encrypt.Encrypt(ptext.get(), 1, len, ctext), ZX_ERR_INVALID_ARGS);
188
189 // Valid
190 EXPECT_OK(encrypt.Encrypt(ptext.get(), len, len, ctext));
191
192 // Reset
193 encrypt.Reset();
194 EXPECT_ZX(encrypt.Encrypt(ptext.get(), len, ctext), ZX_ERR_BAD_STATE);
195
196 END_TEST;
197 }
DEFINE_EACH(TestEncryptRandomAccess)198 DEFINE_EACH(TestEncryptRandomAccess)
199
200 bool TestDecryptStream(Cipher::Algorithm cipher) {
201 BEGIN_TEST;
202 size_t len = PAGE_SIZE;
203 Secret key;
204 Bytes iv, ptext;
205 ASSERT_OK(GenerateKeyMaterial(cipher, &key, &iv));
206 ASSERT_OK(ptext.Randomize(len));
207 uint8_t ctext[len];
208 uint8_t result[len];
209 Cipher encrypt;
210 ASSERT_OK(encrypt.InitEncrypt(cipher, key, iv));
211 ASSERT_OK(encrypt.Encrypt(ptext.get(), len, ctext));
212
213 // Not initialized
214 Cipher decrypt;
215 EXPECT_ZX(decrypt.Decrypt(ctext, len, result), ZX_ERR_BAD_STATE);
216 ASSERT_OK(decrypt.InitDecrypt(cipher, key, iv));
217
218 // Zero length
219 EXPECT_OK(decrypt.Decrypt(ctext, 0, result));
220
221 // Bad texts
222 EXPECT_ZX(decrypt.Decrypt(nullptr, len, result), ZX_ERR_INVALID_ARGS);
223 EXPECT_ZX(decrypt.Decrypt(ctext, len, nullptr), ZX_ERR_INVALID_ARGS);
224
225 // Wrong mode
226 EXPECT_ZX(decrypt.Encrypt(ctext, len, result), ZX_ERR_BAD_STATE);
227
228 // Valid
229 EXPECT_OK(decrypt.Decrypt(ctext, len, result));
230 EXPECT_EQ(memcmp(ptext.get(), result, len), 0);
231
232 // Mismatched key, iv
233 Secret bad_key;
234 Bytes bad_iv;
235 ASSERT_OK(GenerateKeyMaterial(cipher, &bad_key, &bad_iv));
236
237 ASSERT_OK(decrypt.InitDecrypt(cipher, bad_key, iv));
238 EXPECT_OK(decrypt.Decrypt(ctext, len, result));
239 EXPECT_NE(memcmp(ptext.get(), result, len), 0);
240
241 ASSERT_OK(decrypt.InitDecrypt(cipher, key, bad_iv));
242 EXPECT_OK(decrypt.Decrypt(ctext, len, result));
243 EXPECT_NE(memcmp(ptext.get(), result, len), 0);
244
245 // Bad stream order
246 ASSERT_OK(decrypt.InitDecrypt(cipher, key, iv));
247 EXPECT_OK(decrypt.Decrypt(ctext, len / 2, result + (len / 2)));
248 EXPECT_OK(decrypt.Decrypt(ctext + (len / 2), len / 2, result));
249 EXPECT_NE(memcmp(ptext.get(), result, len), 0);
250
251 // Modified
252 ctext[0] ^= 1;
253 ASSERT_OK(decrypt.InitDecrypt(cipher, key, iv));
254 EXPECT_OK(decrypt.Decrypt(ctext, len, result));
255 EXPECT_NE(memcmp(ptext.get(), result, len), 0);
256
257 // Reset
258 decrypt.Reset();
259 EXPECT_ZX(decrypt.Decrypt(ctext, len, result), ZX_ERR_BAD_STATE);
260
261 END_TEST;
262 }
DEFINE_EACH(TestDecryptStream)263 DEFINE_EACH(TestDecryptStream)
264
265 bool TestDecryptRandomAccess(Cipher::Algorithm cipher) {
266 BEGIN_TEST;
267 size_t len = PAGE_SIZE;
268 Secret key;
269 Bytes iv, ptext;
270 ASSERT_OK(GenerateKeyMaterial(cipher, &key, &iv));
271 ASSERT_OK(ptext.Randomize(len));
272 uint8_t ctext[len];
273 uint8_t result[len];
274 Cipher encrypt;
275 ASSERT_OK(encrypt.InitEncrypt(cipher, key, iv, len / 4));
276 ASSERT_OK(encrypt.Encrypt(ptext.get(), len, len, ctext));
277
278 // Not initialized
279 Cipher decrypt;
280 EXPECT_ZX(decrypt.Decrypt(ctext, 0, len, result), ZX_ERR_BAD_STATE);
281 ASSERT_OK(decrypt.InitDecrypt(cipher, key, iv, len / 4));
282
283 // Zero length
284 EXPECT_OK(decrypt.Decrypt(ctext, 0, 0, result));
285
286 // Bad texts
287 EXPECT_ZX(decrypt.Decrypt(nullptr, 0, len, result), ZX_ERR_INVALID_ARGS);
288 EXPECT_ZX(decrypt.Decrypt(ctext, 0, len, nullptr), ZX_ERR_INVALID_ARGS);
289
290 // Wrong mode
291 EXPECT_ZX(decrypt.Encrypt(ctext, 0, len, result), ZX_ERR_BAD_STATE);
292
293 // Bad offset
294 EXPECT_ZX(decrypt.Decrypt(ctext, 1, len, result), ZX_ERR_INVALID_ARGS);
295
296 // Valid
297 EXPECT_OK(decrypt.Decrypt(ctext, len, len, result));
298 EXPECT_EQ(memcmp(ptext.get(), result, len), 0);
299
300 // Mismatched key, iv and offset
301 Secret bad_key;
302 Bytes bad_iv;
303 ASSERT_OK(GenerateKeyMaterial(cipher, &bad_key, &bad_iv));
304
305 ASSERT_OK(decrypt.InitDecrypt(cipher, bad_key, iv, len / 4));
306 EXPECT_OK(decrypt.Decrypt(ctext, len, len, result));
307 EXPECT_NE(memcmp(ptext.get(), result, len), 0);
308
309 ASSERT_OK(decrypt.InitDecrypt(cipher, key, bad_iv, len / 4));
310 EXPECT_OK(decrypt.Decrypt(ctext, len, len, result));
311 EXPECT_NE(memcmp(ptext.get(), result, len), 0);
312
313 ASSERT_OK(decrypt.InitDecrypt(cipher, key, bad_iv, len / 4));
314 EXPECT_OK(decrypt.Decrypt(ctext, 0, len, result));
315 EXPECT_NE(memcmp(ptext.get(), result, len), 0);
316
317 // Modified
318 ctext[0] ^= 1;
319 ASSERT_OK(decrypt.InitDecrypt(cipher, key, iv, len / 4));
320 EXPECT_OK(decrypt.Decrypt(ctext, len, len, result));
321 EXPECT_NE(memcmp(ptext.get(), result, len), 0);
322
323 // Reset
324 decrypt.Reset();
325 EXPECT_ZX(decrypt.Decrypt(ctext, 0, len, result), ZX_ERR_BAD_STATE);
326 END_TEST;
327 }
DEFINE_EACH(TestDecryptRandomAccess)328 DEFINE_EACH(TestDecryptRandomAccess)
329
330 // The following tests are taken from NIST's SP 800-38E. The non-byte aligned tests vectors are
331 // omitted; as they are not supported. Of those remaining, every tenth is selected up to number 200
332 // as a representative sample.
333 bool TestSP800_TC(Cipher::Algorithm cipher, const char* xkey, const char* xiv, const char* xptext,
334 const char* xctext) {
335 BEGIN_TEST;
336 Secret key;
337 Bytes iv, ctext, ptext;
338 ASSERT_OK(HexToSecret(xkey, &key));
339 ASSERT_OK(HexToBytes(xiv, &iv));
340 ASSERT_OK(HexToBytes(xptext, &ptext));
341 ASSERT_OK(HexToBytes(xctext, &ctext));
342 size_t len = ctext.len();
343 uint8_t tmp[len];
344
345 Cipher encrypt;
346 EXPECT_OK(encrypt.InitEncrypt(cipher, key, iv));
347 EXPECT_OK(encrypt.Encrypt(ptext.get(), len, tmp));
348 EXPECT_EQ(memcmp(tmp, ctext.get(), len), 0);
349
350 Cipher decrypt;
351 EXPECT_OK(decrypt.InitDecrypt(cipher, key, iv));
352 EXPECT_OK(decrypt.Decrypt(ctext.get(), len, tmp));
353 EXPECT_EQ(memcmp(tmp, ptext.get(), len), 0);
354 END_TEST;
355 }
356
357 // clang-format off
358
359 // See https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/aes/XTSTestVectors.zip
TestSP800_38E_TC010(void)360 bool TestSP800_38E_TC010(void) {
361 return TestSP800_TC(Cipher::kAES256_XTS,
362 // key
363 "5d4240766e71216ab73da19ea88027488759c3c83aad8223bcb60ad5559f913d1fa858154fbb8217c04ca352b22e492cf9ea81d1a87838125c90a1340d04f8cf",
364 // iv
365 "08496af5e9e51e06e562ad121ed422e4",
366 // ptext
367 "ab5ead893b99dc72e927c82edf40c3e9617c6789d9d488d63a91ed7d37892eba",
368 // ctext
369 "a8fb3a8bb9c1158d08610636137db4bc2adf2907291e965efe91e5b804c2f3f8");
370 }
371
TestSP800_38E_TC020(void)372 bool TestSP800_38E_TC020(void) {
373 return TestSP800_TC(Cipher::kAES256_XTS,
374 // key
375 "c9032290ea6c1b8fe8448fdb6e7e48ef0d81c1a0bc84a9052e40807e515733ed93e55838a88ff1c78509c62afb26d52a8ff687846601b0930771e6df1d1f3c4d",
376 // iv
377 "30ffaecc5c0843078b13d370d912ede9",
378 // ptext
379 "a02ffe56131167a1b12136f04bb71786aade3b06adf578fd8d998e39a9846c12",
380 // ctext
381 "5ab207394fc7a0728a2c683a880d4daee8c20553d91722816a76340e2b4e6662");
382 }
383
TestSP800_38E_TC030(void)384 bool TestSP800_38E_TC030(void) {
385 return TestSP800_TC(Cipher::kAES256_XTS,
386 // key
387 "d9dd2f932b39b82c666352b104b15b31f714cde49d9d2e019aa1e73db3818b8eddaf4f47f6f1fc173eec2e0c30674803de8780f945d8005d9fe995785912354b",
388 // iv
389 "dfc989f8d81871a2bfe7839b94dc8a9f",
390 // ptext
391 "72660b85b4cb16ed7334404fa39877b62a15ebdee777bd1013df9f6733372b62",
392 // ctext
393 "ae4dd2851a8c12efc5a49cfcb7d98f6eb3a8b6d76400aaf53ca6c7fe142a6689");
394 }
395
TestSP800_38E_TC040(void)396 bool TestSP800_38E_TC040(void) {
397 return TestSP800_TC(Cipher::kAES256_XTS,
398 // key
399 "d77104e5756ca260c3c5912439b7f8c81716d5c4a457e24d104ae50b40167a80ff03e0682729d824dfa8c84c794b80303dc9ff0585088ee6532565bec63ad7c2",
400 // iv
401 "e9dc846cef4a2c41b4a020f44c233f47",
402 // ptext
403 "c125edd5ff5eaf875cc4b2bba5fb7dc47a2a1dbe5cba38b213372188890f153f",
404 // ctext
405 "cada4e269a208e1ee4b3379a4ede5dea049a93fd8e0f5b26069800b0789a0319");
406 }
407
TestSP800_38E_TC050(void)408 bool TestSP800_38E_TC050(void) {
409 return TestSP800_TC(Cipher::kAES256_XTS,
410 // key
411 "0406cefa3e16325e0b820591b5d45bbf21164b521ded97628835f2d3be7ecca18d1ba0e5d47f10b969420f59c02e731161a2a262b55b5f35f6f8ef365159f50d",
412 // iv
413 "9ab2ef46133b547a8ab880e17000aba1",
414 // ptext
415 "cfe237a9399d58034a6ca7f0066a96374235c1659ca7e7fc978a1db2cb30263a",
416 // ctext
417 "d2f5bfe75ba30148aaf42b56e264e1827f29b8097f06322d4c7c74bcb2ff540c");
418 }
419
TestSP800_38E_TC060(void)420 bool TestSP800_38E_TC060(void) {
421 return TestSP800_TC(Cipher::kAES256_XTS,
422 // key
423 "bade4d98d950bc1c0f9af6c0449df05955ad9db136fdab98b07f359b3a3781d44ccd04a9bdbf2191099dd74705811c9cbf26173dba5ca9c1c89566f061d0c943",
424 // iv
425 "28b0fe036e623143923e8bbc34588269",
426 // ptext
427 "70ccd34838671d1699a89e113edcae8fd312415b6f8fd5d00b02705887822497",
428 // ctext
429 "b090dcd79bfc77f1a5ed3470dca309d018c1c82b39832a2e4f355e43a787f643");
430 }
431
TestSP800_38E_TC070(void)432 bool TestSP800_38E_TC070(void) {
433 return TestSP800_TC(Cipher::kAES256_XTS,
434 // key
435 "b353e17f495d6b6a24357a6a6c30372d8e6d79923f0e0b62224af47240123ed909f5a94a299a0cbda4ba99e864698803101507e7027041fe04eed90336d89c76",
436 // iv
437 "45c9b9a9842445dd369f2f9408c76813",
438 // ptext
439 "d265b71fb89677540d73c441368299c4162e9f5c070c3856813245f0ed402fab",
440 // ctext
441 "48126086975de6b282a5acdbeec5777e5f5955d7f938f3c56fe69a91b8b63401");
442 }
443
TestSP800_38E_TC080(void)444 bool TestSP800_38E_TC080(void) {
445 return TestSP800_TC(Cipher::kAES256_XTS,
446 // key
447 "2c7ca38b0445ca7345c53d05e433a84e93617723ec4f22a9e3c4d822fdda9a88748d653b83ea170668fae1b22525afd3aa78e1f09106a22d640d853524a80b5a",
448 // iv
449 "44ddb8c843750a34a598c4b1f91d9230",
450 // ptext
451 "847417b53e2fe4662e6197409e869dcc16c3b1902cbcd5ed01b5b60d890c4f79",
452 // ctext
453 "187d4fd73abe3cb652f58a3860e0d8ca36509b10b5843c693160a18824b45ff3");
454 }
455
TestSP800_38E_TC090(void)456 bool TestSP800_38E_TC090(void) {
457 return TestSP800_TC(Cipher::kAES256_XTS,
458 // key
459 "9051e843a1a216c0bbad5d67e2e30ee414ae0ec29675deca56507ef011ba7f3f273edd58ea12c02ad03ebe2405702a0b8ac33016d216e22af0f1141998ea488b",
460 // iv
461 "b4599993e7c9b1c96a49828ad0eb0d24",
462 // ptext
463 "dd09c1fc4932cbebdcc02fd5ae3cd84c69cceaebca4fecfc6f975ca211fbe205",
464 // ctext
465 "a818957f0e23cdd3b9d579ba40997a9be651566996f656be257a806a36c2756f");
466 }
467
TestSP800_38E_TC100(void)468 bool TestSP800_38E_TC100(void) {
469 return TestSP800_TC(Cipher::kAES256_XTS,
470 // key
471 "198363340a2c104edecef6ada540a9c3a752c4fdcab8d16fff1823d98d959389b92bfd43a9df083600e07f712d6f04a20456d452ec6cb7e836da36581ff7ea33",
472 // iv
473 "3738f1d2fa33ed4fd3dc8345a77c3195",
474 // ptext
475 "8e9369480e1c33bd5e4f9355cc81acc0a97bac373ab8a292874fe7103b16ed95",
476 // ctext
477 "3a23189b53f33da3976c3db3a945cbe89b7cbae84f00dc691b4a113ebefe65b2");
478 }
479
TestSP800_38E_TC110(void)480 bool TestSP800_38E_TC110(void) {
481 return TestSP800_TC(Cipher::kAES256_XTS,
482 // key
483 "6b1984c24e7eb6628e3a11c9ccd2594033a3a0d9016eae65c2f24e09b9a66e9fe9d163a506dfbccf2d93e8991e2fc560e10435b890b5889a5003e4bf817dc3e0",
484 // iv
485 "6bb0d3ae4fa86e431619e407d59ad4f4",
486 // ptext
487 "6a741a945bfbf0c67afd43ba1f841816c099515805d0fc1f7dbf6de900e0aa7a219c88563271b009d1ac90eb7dc99735",
488 // ctext
489 "e47bce292baa63bef316f680a5f480a7b883dfab6ed5a57f7e29ecb89e354a31c9b174c4abad6cbababa19140c4620a3");
490 }
491
TestSP800_38E_TC120(void)492 bool TestSP800_38E_TC120(void) {
493 return TestSP800_TC(Cipher::kAES256_XTS,
494 // key
495 "10c2e0ee117d7c83bcc1422b1c75445fdca94530eac7c9292e76a2766766368d7f852c6f6b25e8448e9e315b761dcb1a31290b643535a66de5c2bc1e5e3978f7",
496 // iv
497 "5879b20b8e420dbc2258ac2edc8c227a",
498 // ptext
499 "95fa154a5845e016c11482071cc2078108eca943b4a3a7bdb65c09ebaf4c7b5b529dc5a718b34f488dd8bab912207da9",
500 // ctext
501 "6edfac840de7a7e9a4718eb8a1270004806bf4d1ef6249c13b482d390cac49e31f8e1bffc387c2837f2c891eb8e1243a");
502 }
503
TestSP800_38E_TC130(void)504 bool TestSP800_38E_TC130(void) {
505 return TestSP800_TC(Cipher::kAES256_XTS,
506 // key
507 "43401c1696961f2cfa7f2f825c0bd08683219ef7a3b8f2352c6a27afa14424de31ceb11b0983b981b3cc59f712d7513bbd78b97724544fba99a7370698c1f586",
508 // iv
509 "78753fb9e9fa3bff92ed0419cddc538b",
510 // ptext
511 "7b57a6803504864254cf8dc951502410d9cdc6cd2bcc5ba15d8253f42b8f5a6886ac7c7d00c1487012e02c670540e100",
512 // ctext
513 "99dc0c7a5041257055a6a857ab29191552c63a5432c6371dead034f1167746bfb84c260b304eca8e6ec315dab732e03a");
514 }
515
TestSP800_38E_TC140(void)516 bool TestSP800_38E_TC140(void) {
517 return TestSP800_TC(Cipher::kAES256_XTS,
518 // key
519 "1e30686246d41359c6b98bc474ca7c70bfd1b1167183d099443b50050b9abc031d2491249b64dae81532d55e5ec4b8fc0942956b8016e70c05c07c2f9281294a",
520 // iv
521 "7bf88e00f309e50739b2eb9b8fa8ce07",
522 // ptext
523 "df6a4358a3aefbf2490a0cf00e7b7be13ed08881003e140a4681bc794a5327f06ac3fb54cb89be10130ee742bc28ba57",
524 // ctext
525 "fb051d28b1f2d0f225afe2b5738eb3ed30a050642436fd9c65aa3160997204d05efdbb9d0ccda19a497ba135ff0490e4");
526 }
527
TestSP800_38E_TC150(void)528 bool TestSP800_38E_TC150(void) {
529 return TestSP800_TC(Cipher::kAES256_XTS,
530 // key
531 "b4713941c6a4ffdbfe2bffdcca09631911e91f1260e650d389803b1aa89f5789fb8ead890218105b63c6d8af1cdaecb8da8c807a16e97ebdab860c169431f596",
532 // iv
533 "737ec14228a09f9c52041d9dbfcdd013",
534 // ptext
535 "be7735fe5eed83198698d1597dcfbb5ece39a067a1d0b7486cdf9e80767a55317da178b7ad276974abd4d069604668a6",
536 // ctext
537 "aef253795f84d13f90706d34d925394c3d9c3bdc06772fded8ee9cd82b407f06482c679672fa4225c8db8f036eb71eb3");
538 }
539
TestSP800_38E_TC160(void)540 bool TestSP800_38E_TC160(void) {
541 return TestSP800_TC(Cipher::kAES256_XTS,
542 // key
543 "02f5f16166ff196ecbd88d90ece619f1815e6dcfce2827a407fe1201c4a4c82956318912d9c7a6e12ab2f69e17b83c0ec42fc9abb25629e66c37b8583c2ef9bb",
544 // iv
545 "bc9ab46c8d61620d078ecd0fe2cc9796",
546 // ptext
547 "f163a11a1169c6befcf999c68253f24c35bec8416d7bb738309e8f4cdaed4cc4146bddb71388ffe6361c44b30ceb76b4",
548 // ctext
549 "feaa6a8a357f3427dfb745cd2eebb3bd893efaac50cf6fcee3495f6292257954873dcdfca9bef8cec8f032d7fc378481");
550 }
551
TestSP800_38E_TC170(void)552 bool TestSP800_38E_TC170(void) {
553 return TestSP800_TC(Cipher::kAES256_XTS,
554 // key
555 "b67995bece5a587ffdfa9d63ce82700eabaec701312aac591ae4c13045b17832fbffb96fe953be24ad4e22ac146eff566453fb9abec7c80b7d4f849dba96ec2d",
556 // iv
557 "952d9dbe6d2b70eca8f11a68bd260e46",
558 // ptext
559 "190e1bd6674eabd5f5954a439c6748c820d036913e6ce075e2c53f3a1c53dca62f99a2377a42ce685b33edb63917b2ff",
560 // ctext
561 "a458c4a4952c0cd01c096624ffe94f911197691b658f8daee6b1b853775173ded5761e07d9a1a39ef72d8b6242a1422e");
562 }
563
TestSP800_38E_TC180(void)564 bool TestSP800_38E_TC180(void) {
565 return TestSP800_TC(Cipher::kAES256_XTS,
566 // key
567 "4324b0fcdcfedc5af7f8170c157ef68680197f5901fb5f3c9b9f85db8319293066a4e1a61c5943865e7b2de129dd3a6db5d8865ac55722399a58822c4e51d0df",
568 // iv
569 "c0eb880e0ee09b46d3d28ad7b363a851",
570 // ptext
571 "e6082cecc24808a6b25e7659b24b71e77ec14887750a01fb9d387c2e90acc77243d7a0dbab70e41c34594a4ad197c8aa",
572 // ctext
573 "d3c5c210afd597feb2e188b0fc08e77992e2e75bd53cd60c507b2ebca37c7b7defadd06500ab67af7c00e5918fca8a16");
574 }
575
TestSP800_38E_TC190(void)576 bool TestSP800_38E_TC190(void) {
577 return TestSP800_TC(Cipher::kAES256_XTS,
578 // key
579 "458dfebe5a6e381da894a1551b95467f19fd475be6a61930ea7707c4f21f88cddd7283c59cc4211af68cc4273ab0e31bf24bee161a5690c754f46ee6392eb6fd",
580 // iv
581 "eb051cfab3db35ff7b3919ede9f79e93",
582 // ptext
583 "506a8565eb8d3a39e2cc9d32eb477cbbc621d6451e61fcb8528a6b1935071ffb31f18980ef586b97f02e257e09ca5f0b",
584 // ctext
585 "95943d6d57f17f5d626518cbc2c7175ab97cf74bbfc8571e8100a921061e68df4e193b53e4256356efbc42969ebebee1");
586 }
587
TestSP800_38E_TC200(void)588 bool TestSP800_38E_TC200(void) {
589 return TestSP800_TC(Cipher::kAES256_XTS,
590 // key
591 "28ab33a47b32dbe9ac4e33a7dd3bdea0fc47deae790c3f5c24cc4e97229ce0c0a15160ff5cc544e2b4e03b4ccd55cc685e93e4ddb2fad8879d0774e92780c521",
592 // iv
593 "3871b04b799f7c572168af16efe880cf",
594 // ptext
595 "abf99e347e086cad3676dba7d8ad30713de3852514c78db83ad75d75b686bab066f62431cefe3a98de7b713b72c926fc",
596 // ctext
597 "3501de2f9e6921c2ca6c6f5a7d642e7c6ad6cc1fc8f3ba496fc5ddc6580df5584bfed4bd02e48d898dbd06757b5f5b06");
598 }
599 // clang-format on
600
601 BEGIN_TEST_CASE(CipherTest)
602 RUN_TEST(TestGetLengths_Uninitialized)
603 RUN_EACH(TestGetLengths)
604 RUN_TEST(TestInitEncrypt_Uninitialized)
605 RUN_EACH(TestInitEncrypt)
606 RUN_TEST(TestInitDecrypt_Uninitialized)
607 RUN_EACH(TestInitDecrypt)
608 RUN_EACH(TestEncryptStream)
609 RUN_EACH(TestEncryptRandomAccess)
610 RUN_EACH(TestDecryptStream)
611 RUN_EACH(TestDecryptRandomAccess)
612 RUN_TEST(TestSP800_38E_TC010)
613 RUN_TEST(TestSP800_38E_TC020)
614 RUN_TEST(TestSP800_38E_TC030)
615 RUN_TEST(TestSP800_38E_TC040)
616 RUN_TEST(TestSP800_38E_TC050)
617 RUN_TEST(TestSP800_38E_TC060)
618 RUN_TEST(TestSP800_38E_TC070)
619 RUN_TEST(TestSP800_38E_TC080)
620 RUN_TEST(TestSP800_38E_TC090)
621 RUN_TEST(TestSP800_38E_TC100)
622 RUN_TEST(TestSP800_38E_TC110)
623 RUN_TEST(TestSP800_38E_TC120)
624 RUN_TEST(TestSP800_38E_TC130)
625 RUN_TEST(TestSP800_38E_TC140)
626 RUN_TEST(TestSP800_38E_TC150)
627 RUN_TEST(TestSP800_38E_TC160)
628 RUN_TEST(TestSP800_38E_TC170)
629 RUN_TEST(TestSP800_38E_TC180)
630 RUN_TEST(TestSP800_38E_TC190)
631 RUN_TEST(TestSP800_38E_TC200)
632 END_TEST_CASE(CipherTest)
633
634 } // namespace
635 } // namespace testing
636 } // namespace crypto
637