xref: /openbmc/qemu/tests/unit/test-crypto-xts.c (revision 05caa062)
1 /*
2  * QEMU Crypto XTS cipher mode
3  *
4  * Copyright (c) 2015-2018 Red Hat, Inc.
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  *
19  * This code is originally derived from public domain / WTFPL code in
20  * LibTomCrypt crytographic library http://libtom.org. The XTS code
21  * was donated by Elliptic Semiconductor Inc (www.ellipticsemi.com)
22  * to the LibTom Projects
23  *
24  */
25 
26 #include "qemu/osdep.h"
27 #include "crypto/init.h"
28 #include "crypto/xts.h"
29 #include "crypto/aes.h"
30 
31 typedef struct {
32     const char *path;
33     int keylen;
34     unsigned char key1[32];
35     unsigned char key2[32];
36     uint64_t seqnum;
37     unsigned long PTLEN;
38     unsigned char PTX[512], CTX[512];
39 } QCryptoXTSTestData;
40 
41 static const QCryptoXTSTestData test_data[] = {
42     /* #1 32 byte key, 32 byte PTX */
43     {
44         "/crypto/xts/t-1-key-32-ptx-32",
45         32,
46         { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
47           0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
48         { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
49           0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
50         0,
51         32,
52         { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
53           0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
54           0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
55           0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
56         { 0x91, 0x7c, 0xf6, 0x9e, 0xbd, 0x68, 0xb2, 0xec,
57           0x9b, 0x9f, 0xe9, 0xa3, 0xea, 0xdd, 0xa6, 0x92,
58           0xcd, 0x43, 0xd2, 0xf5, 0x95, 0x98, 0xed, 0x85,
59           0x8c, 0x02, 0xc2, 0x65, 0x2f, 0xbf, 0x92, 0x2e },
60     },
61 
62     /* #2, 32 byte key, 32 byte PTX */
63     {
64         "/crypto/xts/t-2-key-32-ptx-32",
65         32,
66         { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
67           0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 },
68         { 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
69           0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 },
70         0x3333333333LL,
71         32,
72         { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
73           0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
74           0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
75           0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
76         { 0xc4, 0x54, 0x18, 0x5e, 0x6a, 0x16, 0x93, 0x6e,
77           0x39, 0x33, 0x40, 0x38, 0xac, 0xef, 0x83, 0x8b,
78           0xfb, 0x18, 0x6f, 0xff, 0x74, 0x80, 0xad, 0xc4,
79           0x28, 0x93, 0x82, 0xec, 0xd6, 0xd3, 0x94, 0xf0 },
80     },
81 
82     /* #5 from xts.7, 32 byte key, 32 byte PTX */
83     {
84         "/crypto/xts/t-5-key-32-ptx-32",
85         32,
86         { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
87           0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 },
88         { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8,
89           0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 },
90         0x123456789aLL,
91         32,
92         { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
93           0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
94           0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
95           0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
96         { 0xb0, 0x1f, 0x86, 0xf8, 0xed, 0xc1, 0x86, 0x37,
97           0x06, 0xfa, 0x8a, 0x42, 0x53, 0xe3, 0x4f, 0x28,
98           0xaf, 0x31, 0x9d, 0xe3, 0x83, 0x34, 0x87, 0x0f,
99           0x4d, 0xd1, 0xf9, 0x4c, 0xbe, 0x98, 0x32, 0xf1 },
100     },
101 
102     /* #4, 32 byte key, 512 byte PTX  */
103     {
104         "/crypto/xts/t-4-key-32-ptx-512",
105         32,
106         { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45,
107           0x23, 0x53, 0x60, 0x28, 0x74, 0x71, 0x35, 0x26 },
108         { 0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93,
109           0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95 },
110         0,
111         512,
112         {
113             0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
114             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
115             0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
116             0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
117             0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
118             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
119             0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
120             0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
121             0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
122             0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
123             0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
124             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
125             0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
126             0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
127             0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
128             0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
129             0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
130             0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
131             0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
132             0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
133             0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
134             0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
135             0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
136             0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
137             0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
138             0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
139             0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
140             0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
141             0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
142             0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
143             0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
144             0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
145             0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
146             0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
147             0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
148             0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
149             0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
150             0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
151             0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
152             0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
153             0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
154             0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
155             0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
156             0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
157             0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
158             0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
159             0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
160             0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
161             0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
162             0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
163             0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
164             0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
165             0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
166             0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
167             0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
168             0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
169             0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
170             0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
171             0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
172             0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
173             0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
174             0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
175             0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
176             0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
177         },
178         {
179             0x27, 0xa7, 0x47, 0x9b, 0xef, 0xa1, 0xd4, 0x76,
180             0x48, 0x9f, 0x30, 0x8c, 0xd4, 0xcf, 0xa6, 0xe2,
181             0xa9, 0x6e, 0x4b, 0xbe, 0x32, 0x08, 0xff, 0x25,
182             0x28, 0x7d, 0xd3, 0x81, 0x96, 0x16, 0xe8, 0x9c,
183             0xc7, 0x8c, 0xf7, 0xf5, 0xe5, 0x43, 0x44, 0x5f,
184             0x83, 0x33, 0xd8, 0xfa, 0x7f, 0x56, 0x00, 0x00,
185             0x05, 0x27, 0x9f, 0xa5, 0xd8, 0xb5, 0xe4, 0xad,
186             0x40, 0xe7, 0x36, 0xdd, 0xb4, 0xd3, 0x54, 0x12,
187             0x32, 0x80, 0x63, 0xfd, 0x2a, 0xab, 0x53, 0xe5,
188             0xea, 0x1e, 0x0a, 0x9f, 0x33, 0x25, 0x00, 0xa5,
189             0xdf, 0x94, 0x87, 0xd0, 0x7a, 0x5c, 0x92, 0xcc,
190             0x51, 0x2c, 0x88, 0x66, 0xc7, 0xe8, 0x60, 0xce,
191             0x93, 0xfd, 0xf1, 0x66, 0xa2, 0x49, 0x12, 0xb4,
192             0x22, 0x97, 0x61, 0x46, 0xae, 0x20, 0xce, 0x84,
193             0x6b, 0xb7, 0xdc, 0x9b, 0xa9, 0x4a, 0x76, 0x7a,
194             0xae, 0xf2, 0x0c, 0x0d, 0x61, 0xad, 0x02, 0x65,
195             0x5e, 0xa9, 0x2d, 0xc4, 0xc4, 0xe4, 0x1a, 0x89,
196             0x52, 0xc6, 0x51, 0xd3, 0x31, 0x74, 0xbe, 0x51,
197             0xa1, 0x0c, 0x42, 0x11, 0x10, 0xe6, 0xd8, 0x15,
198             0x88, 0xed, 0xe8, 0x21, 0x03, 0xa2, 0x52, 0xd8,
199             0xa7, 0x50, 0xe8, 0x76, 0x8d, 0xef, 0xff, 0xed,
200             0x91, 0x22, 0x81, 0x0a, 0xae, 0xb9, 0x9f, 0x91,
201             0x72, 0xaf, 0x82, 0xb6, 0x04, 0xdc, 0x4b, 0x8e,
202             0x51, 0xbc, 0xb0, 0x82, 0x35, 0xa6, 0xf4, 0x34,
203             0x13, 0x32, 0xe4, 0xca, 0x60, 0x48, 0x2a, 0x4b,
204             0xa1, 0xa0, 0x3b, 0x3e, 0x65, 0x00, 0x8f, 0xc5,
205             0xda, 0x76, 0xb7, 0x0b, 0xf1, 0x69, 0x0d, 0xb4,
206             0xea, 0xe2, 0x9c, 0x5f, 0x1b, 0xad, 0xd0, 0x3c,
207             0x5c, 0xcf, 0x2a, 0x55, 0xd7, 0x05, 0xdd, 0xcd,
208             0x86, 0xd4, 0x49, 0x51, 0x1c, 0xeb, 0x7e, 0xc3,
209             0x0b, 0xf1, 0x2b, 0x1f, 0xa3, 0x5b, 0x91, 0x3f,
210             0x9f, 0x74, 0x7a, 0x8a, 0xfd, 0x1b, 0x13, 0x0e,
211             0x94, 0xbf, 0xf9, 0x4e, 0xff, 0xd0, 0x1a, 0x91,
212             0x73, 0x5c, 0xa1, 0x72, 0x6a, 0xcd, 0x0b, 0x19,
213             0x7c, 0x4e, 0x5b, 0x03, 0x39, 0x36, 0x97, 0xe1,
214             0x26, 0x82, 0x6f, 0xb6, 0xbb, 0xde, 0x8e, 0xcc,
215             0x1e, 0x08, 0x29, 0x85, 0x16, 0xe2, 0xc9, 0xed,
216             0x03, 0xff, 0x3c, 0x1b, 0x78, 0x60, 0xf6, 0xde,
217             0x76, 0xd4, 0xce, 0xcd, 0x94, 0xc8, 0x11, 0x98,
218             0x55, 0xef, 0x52, 0x97, 0xca, 0x67, 0xe9, 0xf3,
219             0xe7, 0xff, 0x72, 0xb1, 0xe9, 0x97, 0x85, 0xca,
220             0x0a, 0x7e, 0x77, 0x20, 0xc5, 0xb3, 0x6d, 0xc6,
221             0xd7, 0x2c, 0xac, 0x95, 0x74, 0xc8, 0xcb, 0xbc,
222             0x2f, 0x80, 0x1e, 0x23, 0xe5, 0x6f, 0xd3, 0x44,
223             0xb0, 0x7f, 0x22, 0x15, 0x4b, 0xeb, 0xa0, 0xf0,
224             0x8c, 0xe8, 0x89, 0x1e, 0x64, 0x3e, 0xd9, 0x95,
225             0xc9, 0x4d, 0x9a, 0x69, 0xc9, 0xf1, 0xb5, 0xf4,
226             0x99, 0x02, 0x7a, 0x78, 0x57, 0x2a, 0xee, 0xbd,
227             0x74, 0xd2, 0x0c, 0xc3, 0x98, 0x81, 0xc2, 0x13,
228             0xee, 0x77, 0x0b, 0x10, 0x10, 0xe4, 0xbe, 0xa7,
229             0x18, 0x84, 0x69, 0x77, 0xae, 0x11, 0x9f, 0x7a,
230             0x02, 0x3a, 0xb5, 0x8c, 0xca, 0x0a, 0xd7, 0x52,
231             0xaf, 0xe6, 0x56, 0xbb, 0x3c, 0x17, 0x25, 0x6a,
232             0x9f, 0x6e, 0x9b, 0xf1, 0x9f, 0xdd, 0x5a, 0x38,
233             0xfc, 0x82, 0xbb, 0xe8, 0x72, 0xc5, 0x53, 0x9e,
234             0xdb, 0x60, 0x9e, 0xf4, 0xf7, 0x9c, 0x20, 0x3e,
235             0xbb, 0x14, 0x0f, 0x2e, 0x58, 0x3c, 0xb2, 0xad,
236             0x15, 0xb4, 0xaa, 0x5b, 0x65, 0x50, 0x16, 0xa8,
237             0x44, 0x92, 0x77, 0xdb, 0xd4, 0x77, 0xef, 0x2c,
238             0x8d, 0x6c, 0x01, 0x7d, 0xb7, 0x38, 0xb1, 0x8d,
239             0xeb, 0x4a, 0x42, 0x7d, 0x19, 0x23, 0xce, 0x3f,
240             0xf2, 0x62, 0x73, 0x57, 0x79, 0xa4, 0x18, 0xf2,
241             0x0a, 0x28, 0x2d, 0xf9, 0x20, 0x14, 0x7b, 0xea,
242             0xbe, 0x42, 0x1e, 0xe5, 0x31, 0x9d, 0x05, 0x68,
243         }
244     },
245 
246     /* #7, 32 byte key, 17 byte PTX */
247     {
248         "/crypto/xts/t-7-key-32-ptx-17",
249         32,
250         { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
251           0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 },
252         { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8,
253           0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 },
254         0x123456789aLL,
255         17,
256         { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
257           0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 },
258         { 0x6c, 0x16, 0x25, 0xdb, 0x46, 0x71, 0x52, 0x2d,
259           0x3d, 0x75, 0x99, 0x60, 0x1d, 0xe7, 0xca, 0x09, 0xed },
260     },
261 
262     /* #15, 32 byte key, 25 byte PTX */
263     {
264         "/crypto/xts/t-15-key-32-ptx-25",
265         32,
266         { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
267           0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 },
268         { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8,
269           0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 },
270         0x123456789aLL,
271         25,
272         { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
273           0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
274           0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18 },
275         { 0x8f, 0x4d, 0xcb, 0xad, 0x55, 0x55, 0x8d, 0x7b,
276           0x4e, 0x01, 0xd9, 0x37, 0x9c, 0xd4, 0xea, 0x22,
277           0xed, 0xbf, 0x9d, 0xac, 0xe4, 0x5d, 0x6f, 0x6a, 0x73 },
278     },
279 
280     /* #21, 32 byte key, 31 byte PTX */
281     {
282         "/crypto/xts/t-21-key-32-ptx-31",
283         32,
284         { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
285           0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 },
286         { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8,
287           0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 },
288         0x123456789aLL,
289         31,
290         { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
291           0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
292           0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
293           0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e },
294         { 0xd0, 0x5b, 0xc0, 0x90, 0xa8, 0xe0, 0x4f, 0x1b,
295           0x3d, 0x3e, 0xcd, 0xd5, 0xba, 0xec, 0x0f, 0xd4,
296           0xed, 0xbf, 0x9d, 0xac, 0xe4, 0x5d, 0x6f, 0x6a,
297           0x73, 0x06, 0xe6, 0x4b, 0xe5, 0xdd, 0x82 },
298     },
299 };
300 
301 #define STORE64L(x, y)                                                  \
302     do {                                                                \
303         (y)[7] = (unsigned char)(((x) >> 56) & 255);                    \
304         (y)[6] = (unsigned char)(((x) >> 48) & 255);                    \
305         (y)[5] = (unsigned char)(((x) >> 40) & 255);                    \
306         (y)[4] = (unsigned char)(((x) >> 32) & 255);                    \
307         (y)[3] = (unsigned char)(((x) >> 24) & 255);                    \
308         (y)[2] = (unsigned char)(((x) >> 16) & 255);                    \
309         (y)[1] = (unsigned char)(((x) >> 8) & 255);                     \
310         (y)[0] = (unsigned char)((x) & 255);                            \
311     } while (0)
312 
313 struct TestAES {
314     AES_KEY enc;
315     AES_KEY dec;
316 };
317 
318 static void test_xts_aes_encrypt(const void *ctx,
319                                  size_t length,
320                                  uint8_t *dst,
321                                  const uint8_t *src)
322 {
323     const struct TestAES *aesctx = ctx;
324 
325     AES_encrypt(src, dst, &aesctx->enc);
326 }
327 
328 
329 static void test_xts_aes_decrypt(const void *ctx,
330                                  size_t length,
331                                  uint8_t *dst,
332                                  const uint8_t *src)
333 {
334     const struct TestAES *aesctx = ctx;
335 
336     AES_decrypt(src, dst, &aesctx->dec);
337 }
338 
339 
340 static void test_xts(const void *opaque)
341 {
342     const QCryptoXTSTestData *data = opaque;
343     uint8_t out[512], Torg[16], T[16];
344     uint64_t seq;
345     struct TestAES aesdata;
346     struct TestAES aestweak;
347 
348     AES_set_encrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.enc);
349     AES_set_decrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.dec);
350     AES_set_encrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.enc);
351     AES_set_decrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.dec);
352 
353     seq = data->seqnum;
354     STORE64L(seq, Torg);
355     memset(Torg + 8, 0, 8);
356 
357     memcpy(T, Torg, sizeof(T));
358     xts_encrypt(&aesdata, &aestweak,
359                 test_xts_aes_encrypt,
360                 test_xts_aes_decrypt,
361                 T, data->PTLEN, out, data->PTX);
362 
363     g_assert(memcmp(out, data->CTX, data->PTLEN) == 0);
364 
365     memcpy(T, Torg, sizeof(T));
366     xts_decrypt(&aesdata, &aestweak,
367                 test_xts_aes_encrypt,
368                 test_xts_aes_decrypt,
369                 T, data->PTLEN, out, data->CTX);
370 
371     g_assert(memcmp(out, data->PTX, data->PTLEN) == 0);
372 }
373 
374 
375 static void test_xts_split(const void *opaque)
376 {
377     const QCryptoXTSTestData *data = opaque;
378     uint8_t out[512], Torg[16], T[16];
379     uint64_t seq;
380     unsigned long len = data->PTLEN / 2;
381     struct TestAES aesdata;
382     struct TestAES aestweak;
383 
384     AES_set_encrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.enc);
385     AES_set_decrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.dec);
386     AES_set_encrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.enc);
387     AES_set_decrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.dec);
388 
389     seq = data->seqnum;
390     STORE64L(seq, Torg);
391     memset(Torg + 8, 0, 8);
392 
393     memcpy(T, Torg, sizeof(T));
394     xts_encrypt(&aesdata, &aestweak,
395                 test_xts_aes_encrypt,
396                 test_xts_aes_decrypt,
397                 T, len, out, data->PTX);
398     xts_encrypt(&aesdata, &aestweak,
399                 test_xts_aes_encrypt,
400                 test_xts_aes_decrypt,
401                 T, len, &out[len], &data->PTX[len]);
402 
403     g_assert(memcmp(out, data->CTX, data->PTLEN) == 0);
404 
405     memcpy(T, Torg, sizeof(T));
406     xts_decrypt(&aesdata, &aestweak,
407                 test_xts_aes_encrypt,
408                 test_xts_aes_decrypt,
409                 T, len, out, data->CTX);
410     xts_decrypt(&aesdata, &aestweak,
411                 test_xts_aes_encrypt,
412                 test_xts_aes_decrypt,
413                 T, len, &out[len], &data->CTX[len]);
414 
415     g_assert(memcmp(out, data->PTX, data->PTLEN) == 0);
416 }
417 
418 
419 static void test_xts_unaligned(const void *opaque)
420 {
421 #define BAD_ALIGN 3
422     const QCryptoXTSTestData *data = opaque;
423     uint8_t in[512 + BAD_ALIGN], out[512 + BAD_ALIGN];
424     uint8_t Torg[16], T[16 + BAD_ALIGN];
425     uint64_t seq;
426     struct TestAES aesdata;
427     struct TestAES aestweak;
428 
429     AES_set_encrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.enc);
430     AES_set_decrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.dec);
431     AES_set_encrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.enc);
432     AES_set_decrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.dec);
433 
434     seq = data->seqnum;
435     STORE64L(seq, Torg);
436     memset(Torg + 8, 0, 8);
437 
438     /* IV not aligned */
439     memcpy(T + BAD_ALIGN, Torg, 16);
440     memcpy(in, data->PTX, data->PTLEN);
441     xts_encrypt(&aesdata, &aestweak,
442                 test_xts_aes_encrypt,
443                 test_xts_aes_decrypt,
444                 T + BAD_ALIGN, data->PTLEN, out, in);
445 
446     g_assert(memcmp(out, data->CTX, data->PTLEN) == 0);
447 
448     /* plain text not aligned */
449     memcpy(T, Torg, 16);
450     memcpy(in + BAD_ALIGN, data->PTX, data->PTLEN);
451     xts_encrypt(&aesdata, &aestweak,
452                 test_xts_aes_encrypt,
453                 test_xts_aes_decrypt,
454                 T, data->PTLEN, out, in + BAD_ALIGN);
455 
456     g_assert(memcmp(out, data->CTX, data->PTLEN) == 0);
457 
458     /* cipher text not aligned */
459     memcpy(T, Torg, 16);
460     memcpy(in, data->PTX, data->PTLEN);
461     xts_encrypt(&aesdata, &aestweak,
462                 test_xts_aes_encrypt,
463                 test_xts_aes_decrypt,
464                 T, data->PTLEN, out + BAD_ALIGN, in);
465 
466     g_assert(memcmp(out + BAD_ALIGN, data->CTX, data->PTLEN) == 0);
467 
468 
469     /* IV not aligned */
470     memcpy(T + BAD_ALIGN, Torg, 16);
471     memcpy(in, data->CTX, data->PTLEN);
472     xts_decrypt(&aesdata, &aestweak,
473                 test_xts_aes_encrypt,
474                 test_xts_aes_decrypt,
475                 T + BAD_ALIGN, data->PTLEN, out, in);
476 
477     g_assert(memcmp(out, data->PTX, data->PTLEN) == 0);
478 
479     /* cipher text not aligned */
480     memcpy(T, Torg, 16);
481     memcpy(in + BAD_ALIGN, data->CTX, data->PTLEN);
482     xts_decrypt(&aesdata, &aestweak,
483                 test_xts_aes_encrypt,
484                 test_xts_aes_decrypt,
485                 T, data->PTLEN, out, in + BAD_ALIGN);
486 
487     g_assert(memcmp(out, data->PTX, data->PTLEN) == 0);
488 
489     /* plain text not aligned */
490     memcpy(T, Torg, 16);
491     memcpy(in, data->CTX, data->PTLEN);
492     xts_decrypt(&aesdata, &aestweak,
493                 test_xts_aes_encrypt,
494                 test_xts_aes_decrypt,
495                 T, data->PTLEN, out + BAD_ALIGN, in);
496 
497     g_assert(memcmp(out + BAD_ALIGN, data->PTX, data->PTLEN) == 0);
498 }
499 
500 
501 int main(int argc, char **argv)
502 {
503     size_t i;
504 
505     g_test_init(&argc, &argv, NULL);
506 
507     g_assert(qcrypto_init(NULL) == 0);
508 
509     for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
510         gchar *path = g_strdup_printf("%s/basic", test_data[i].path);
511         g_test_add_data_func(path, &test_data[i], test_xts);
512         g_free(path);
513 
514         /* skip the cases where the length is smaller than 2*blocklen
515          * or the length is not a multiple of 32
516          */
517         if ((test_data[i].PTLEN >= 32) && !(test_data[i].PTLEN % 32)) {
518             path = g_strdup_printf("%s/split", test_data[i].path);
519             g_test_add_data_func(path, &test_data[i], test_xts_split);
520             g_free(path);
521         }
522 
523         path = g_strdup_printf("%s/unaligned", test_data[i].path);
524         g_test_add_data_func(path, &test_data[i], test_xts_unaligned);
525         g_free(path);
526     }
527 
528     return g_test_run();
529 }
530