cachepc-qemu

Fork of AMDESE/qemu with changes for cachepc side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-qemu
Log | Files | Refs | Submodules | LICENSE | sfeed.txt

test-crypto-xts.c (21671B)


      1/*
      2 * QEMU Crypto XTS cipher mode
      3 *
      4 * Copyright (c) 2015-2018 Red Hat, Inc.
      5 *
      6 * This library is free software; you can redistribute it and/or
      7 * modify it under the terms of the GNU Lesser General Public
      8 * License as published by the Free Software Foundation; either
      9 * version 2.1 of the License, or (at your option) any later version.
     10 *
     11 * This library is distributed in the hope that it will be useful,
     12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
     13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     14 * Lesser General Public License for more details.
     15 *
     16 * You should have received a copy of the GNU Lesser General Public
     17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
     18 *
     19 * This code is originally derived from public domain / WTFPL code in
     20 * LibTomCrypt crytographic library http://libtom.org. The XTS code
     21 * was donated by Elliptic Semiconductor Inc (www.ellipticsemi.com)
     22 * to the LibTom Projects
     23 *
     24 */
     25
     26#include "qemu/osdep.h"
     27#include "crypto/init.h"
     28#include "crypto/xts.h"
     29#include "crypto/aes.h"
     30
     31typedef struct {
     32    const char *path;
     33    int keylen;
     34    unsigned char key1[32];
     35    unsigned char key2[32];
     36    uint64_t seqnum;
     37    unsigned long PTLEN;
     38    unsigned char PTX[512], CTX[512];
     39} QCryptoXTSTestData;
     40
     41static const QCryptoXTSTestData test_data[] = {
     42    /* #1 32 byte key, 32 byte PTX */
     43    {
     44        "/crypto/xts/t-1-key-32-ptx-32",
     45        32,
     46        { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     47          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
     48        { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     49          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
     50        0,
     51        32,
     52        { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     53          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     54          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     55          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
     56        { 0x91, 0x7c, 0xf6, 0x9e, 0xbd, 0x68, 0xb2, 0xec,
     57          0x9b, 0x9f, 0xe9, 0xa3, 0xea, 0xdd, 0xa6, 0x92,
     58          0xcd, 0x43, 0xd2, 0xf5, 0x95, 0x98, 0xed, 0x85,
     59          0x8c, 0x02, 0xc2, 0x65, 0x2f, 0xbf, 0x92, 0x2e },
     60    },
     61
     62    /* #2, 32 byte key, 32 byte PTX */
     63    {
     64        "/crypto/xts/t-2-key-32-ptx-32",
     65        32,
     66        { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
     67          0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 },
     68        { 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
     69          0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 },
     70        0x3333333333LL,
     71        32,
     72        { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
     73          0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
     74          0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
     75          0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
     76        { 0xc4, 0x54, 0x18, 0x5e, 0x6a, 0x16, 0x93, 0x6e,
     77          0x39, 0x33, 0x40, 0x38, 0xac, 0xef, 0x83, 0x8b,
     78          0xfb, 0x18, 0x6f, 0xff, 0x74, 0x80, 0xad, 0xc4,
     79          0x28, 0x93, 0x82, 0xec, 0xd6, 0xd3, 0x94, 0xf0 },
     80    },
     81
     82    /* #5 from xts.7, 32 byte key, 32 byte PTX */
     83    {
     84        "/crypto/xts/t-5-key-32-ptx-32",
     85        32,
     86        { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
     87          0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 },
     88        { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8,
     89          0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 },
     90        0x123456789aLL,
     91        32,
     92        { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
     93          0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
     94          0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
     95          0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
     96        { 0xb0, 0x1f, 0x86, 0xf8, 0xed, 0xc1, 0x86, 0x37,
     97          0x06, 0xfa, 0x8a, 0x42, 0x53, 0xe3, 0x4f, 0x28,
     98          0xaf, 0x31, 0x9d, 0xe3, 0x83, 0x34, 0x87, 0x0f,
     99          0x4d, 0xd1, 0xf9, 0x4c, 0xbe, 0x98, 0x32, 0xf1 },
    100    },
    101
    102    /* #4, 32 byte key, 512 byte PTX  */
    103    {
    104        "/crypto/xts/t-4-key-32-ptx-512",
    105        32,
    106        { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45,
    107          0x23, 0x53, 0x60, 0x28, 0x74, 0x71, 0x35, 0x26 },
    108        { 0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93,
    109          0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95 },
    110        0,
    111        512,
    112        {
    113            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
    114            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
    115            0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
    116            0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
    117            0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
    118            0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
    119            0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
    120            0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
    121            0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
    122            0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
    123            0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
    124            0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
    125            0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
    126            0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
    127            0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
    128            0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
    129            0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
    130            0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
    131            0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
    132            0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
    133            0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
    134            0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
    135            0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
    136            0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
    137            0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
    138            0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
    139            0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
    140            0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
    141            0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
    142            0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
    143            0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
    144            0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
    145            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
    146            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
    147            0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
    148            0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
    149            0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
    150            0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
    151            0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
    152            0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
    153            0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
    154            0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
    155            0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
    156            0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
    157            0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
    158            0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
    159            0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
    160            0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
    161            0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
    162            0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
    163            0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
    164            0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
    165            0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
    166            0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
    167            0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
    168            0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
    169            0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
    170            0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
    171            0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
    172            0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
    173            0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
    174            0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
    175            0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
    176            0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
    177        },
    178        {
    179            0x27, 0xa7, 0x47, 0x9b, 0xef, 0xa1, 0xd4, 0x76,
    180            0x48, 0x9f, 0x30, 0x8c, 0xd4, 0xcf, 0xa6, 0xe2,
    181            0xa9, 0x6e, 0x4b, 0xbe, 0x32, 0x08, 0xff, 0x25,
    182            0x28, 0x7d, 0xd3, 0x81, 0x96, 0x16, 0xe8, 0x9c,
    183            0xc7, 0x8c, 0xf7, 0xf5, 0xe5, 0x43, 0x44, 0x5f,
    184            0x83, 0x33, 0xd8, 0xfa, 0x7f, 0x56, 0x00, 0x00,
    185            0x05, 0x27, 0x9f, 0xa5, 0xd8, 0xb5, 0xe4, 0xad,
    186            0x40, 0xe7, 0x36, 0xdd, 0xb4, 0xd3, 0x54, 0x12,
    187            0x32, 0x80, 0x63, 0xfd, 0x2a, 0xab, 0x53, 0xe5,
    188            0xea, 0x1e, 0x0a, 0x9f, 0x33, 0x25, 0x00, 0xa5,
    189            0xdf, 0x94, 0x87, 0xd0, 0x7a, 0x5c, 0x92, 0xcc,
    190            0x51, 0x2c, 0x88, 0x66, 0xc7, 0xe8, 0x60, 0xce,
    191            0x93, 0xfd, 0xf1, 0x66, 0xa2, 0x49, 0x12, 0xb4,
    192            0x22, 0x97, 0x61, 0x46, 0xae, 0x20, 0xce, 0x84,
    193            0x6b, 0xb7, 0xdc, 0x9b, 0xa9, 0x4a, 0x76, 0x7a,
    194            0xae, 0xf2, 0x0c, 0x0d, 0x61, 0xad, 0x02, 0x65,
    195            0x5e, 0xa9, 0x2d, 0xc4, 0xc4, 0xe4, 0x1a, 0x89,
    196            0x52, 0xc6, 0x51, 0xd3, 0x31, 0x74, 0xbe, 0x51,
    197            0xa1, 0x0c, 0x42, 0x11, 0x10, 0xe6, 0xd8, 0x15,
    198            0x88, 0xed, 0xe8, 0x21, 0x03, 0xa2, 0x52, 0xd8,
    199            0xa7, 0x50, 0xe8, 0x76, 0x8d, 0xef, 0xff, 0xed,
    200            0x91, 0x22, 0x81, 0x0a, 0xae, 0xb9, 0x9f, 0x91,
    201            0x72, 0xaf, 0x82, 0xb6, 0x04, 0xdc, 0x4b, 0x8e,
    202            0x51, 0xbc, 0xb0, 0x82, 0x35, 0xa6, 0xf4, 0x34,
    203            0x13, 0x32, 0xe4, 0xca, 0x60, 0x48, 0x2a, 0x4b,
    204            0xa1, 0xa0, 0x3b, 0x3e, 0x65, 0x00, 0x8f, 0xc5,
    205            0xda, 0x76, 0xb7, 0x0b, 0xf1, 0x69, 0x0d, 0xb4,
    206            0xea, 0xe2, 0x9c, 0x5f, 0x1b, 0xad, 0xd0, 0x3c,
    207            0x5c, 0xcf, 0x2a, 0x55, 0xd7, 0x05, 0xdd, 0xcd,
    208            0x86, 0xd4, 0x49, 0x51, 0x1c, 0xeb, 0x7e, 0xc3,
    209            0x0b, 0xf1, 0x2b, 0x1f, 0xa3, 0x5b, 0x91, 0x3f,
    210            0x9f, 0x74, 0x7a, 0x8a, 0xfd, 0x1b, 0x13, 0x0e,
    211            0x94, 0xbf, 0xf9, 0x4e, 0xff, 0xd0, 0x1a, 0x91,
    212            0x73, 0x5c, 0xa1, 0x72, 0x6a, 0xcd, 0x0b, 0x19,
    213            0x7c, 0x4e, 0x5b, 0x03, 0x39, 0x36, 0x97, 0xe1,
    214            0x26, 0x82, 0x6f, 0xb6, 0xbb, 0xde, 0x8e, 0xcc,
    215            0x1e, 0x08, 0x29, 0x85, 0x16, 0xe2, 0xc9, 0xed,
    216            0x03, 0xff, 0x3c, 0x1b, 0x78, 0x60, 0xf6, 0xde,
    217            0x76, 0xd4, 0xce, 0xcd, 0x94, 0xc8, 0x11, 0x98,
    218            0x55, 0xef, 0x52, 0x97, 0xca, 0x67, 0xe9, 0xf3,
    219            0xe7, 0xff, 0x72, 0xb1, 0xe9, 0x97, 0x85, 0xca,
    220            0x0a, 0x7e, 0x77, 0x20, 0xc5, 0xb3, 0x6d, 0xc6,
    221            0xd7, 0x2c, 0xac, 0x95, 0x74, 0xc8, 0xcb, 0xbc,
    222            0x2f, 0x80, 0x1e, 0x23, 0xe5, 0x6f, 0xd3, 0x44,
    223            0xb0, 0x7f, 0x22, 0x15, 0x4b, 0xeb, 0xa0, 0xf0,
    224            0x8c, 0xe8, 0x89, 0x1e, 0x64, 0x3e, 0xd9, 0x95,
    225            0xc9, 0x4d, 0x9a, 0x69, 0xc9, 0xf1, 0xb5, 0xf4,
    226            0x99, 0x02, 0x7a, 0x78, 0x57, 0x2a, 0xee, 0xbd,
    227            0x74, 0xd2, 0x0c, 0xc3, 0x98, 0x81, 0xc2, 0x13,
    228            0xee, 0x77, 0x0b, 0x10, 0x10, 0xe4, 0xbe, 0xa7,
    229            0x18, 0x84, 0x69, 0x77, 0xae, 0x11, 0x9f, 0x7a,
    230            0x02, 0x3a, 0xb5, 0x8c, 0xca, 0x0a, 0xd7, 0x52,
    231            0xaf, 0xe6, 0x56, 0xbb, 0x3c, 0x17, 0x25, 0x6a,
    232            0x9f, 0x6e, 0x9b, 0xf1, 0x9f, 0xdd, 0x5a, 0x38,
    233            0xfc, 0x82, 0xbb, 0xe8, 0x72, 0xc5, 0x53, 0x9e,
    234            0xdb, 0x60, 0x9e, 0xf4, 0xf7, 0x9c, 0x20, 0x3e,
    235            0xbb, 0x14, 0x0f, 0x2e, 0x58, 0x3c, 0xb2, 0xad,
    236            0x15, 0xb4, 0xaa, 0x5b, 0x65, 0x50, 0x16, 0xa8,
    237            0x44, 0x92, 0x77, 0xdb, 0xd4, 0x77, 0xef, 0x2c,
    238            0x8d, 0x6c, 0x01, 0x7d, 0xb7, 0x38, 0xb1, 0x8d,
    239            0xeb, 0x4a, 0x42, 0x7d, 0x19, 0x23, 0xce, 0x3f,
    240            0xf2, 0x62, 0x73, 0x57, 0x79, 0xa4, 0x18, 0xf2,
    241            0x0a, 0x28, 0x2d, 0xf9, 0x20, 0x14, 0x7b, 0xea,
    242            0xbe, 0x42, 0x1e, 0xe5, 0x31, 0x9d, 0x05, 0x68,
    243        }
    244    },
    245
    246    /* #7, 32 byte key, 17 byte PTX */
    247    {
    248        "/crypto/xts/t-7-key-32-ptx-17",
    249        32,
    250        { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
    251          0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 },
    252        { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8,
    253          0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 },
    254        0x123456789aLL,
    255        17,
    256        { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
    257          0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 },
    258        { 0x6c, 0x16, 0x25, 0xdb, 0x46, 0x71, 0x52, 0x2d,
    259          0x3d, 0x75, 0x99, 0x60, 0x1d, 0xe7, 0xca, 0x09, 0xed },
    260    },
    261
    262    /* #15, 32 byte key, 25 byte PTX */
    263    {
    264        "/crypto/xts/t-15-key-32-ptx-25",
    265        32,
    266        { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
    267          0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 },
    268        { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8,
    269          0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 },
    270        0x123456789aLL,
    271        25,
    272        { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
    273          0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
    274          0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18 },
    275        { 0x8f, 0x4d, 0xcb, 0xad, 0x55, 0x55, 0x8d, 0x7b,
    276          0x4e, 0x01, 0xd9, 0x37, 0x9c, 0xd4, 0xea, 0x22,
    277          0xed, 0xbf, 0x9d, 0xac, 0xe4, 0x5d, 0x6f, 0x6a, 0x73 },
    278    },
    279
    280    /* #21, 32 byte key, 31 byte PTX */
    281    {
    282        "/crypto/xts/t-21-key-32-ptx-31",
    283        32,
    284        { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
    285          0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0 },
    286        { 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8,
    287          0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0 },
    288        0x123456789aLL,
    289        31,
    290        { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
    291          0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
    292          0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
    293          0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e },
    294        { 0xd0, 0x5b, 0xc0, 0x90, 0xa8, 0xe0, 0x4f, 0x1b,
    295          0x3d, 0x3e, 0xcd, 0xd5, 0xba, 0xec, 0x0f, 0xd4,
    296          0xed, 0xbf, 0x9d, 0xac, 0xe4, 0x5d, 0x6f, 0x6a,
    297          0x73, 0x06, 0xe6, 0x4b, 0xe5, 0xdd, 0x82 },
    298    },
    299};
    300
    301#define STORE64L(x, y)                                                  \
    302    do {                                                                \
    303        (y)[7] = (unsigned char)(((x) >> 56) & 255);                    \
    304        (y)[6] = (unsigned char)(((x) >> 48) & 255);                    \
    305        (y)[5] = (unsigned char)(((x) >> 40) & 255);                    \
    306        (y)[4] = (unsigned char)(((x) >> 32) & 255);                    \
    307        (y)[3] = (unsigned char)(((x) >> 24) & 255);                    \
    308        (y)[2] = (unsigned char)(((x) >> 16) & 255);                    \
    309        (y)[1] = (unsigned char)(((x) >> 8) & 255);                     \
    310        (y)[0] = (unsigned char)((x) & 255);                            \
    311    } while (0)
    312
    313struct TestAES {
    314    AES_KEY enc;
    315    AES_KEY dec;
    316};
    317
    318static void test_xts_aes_encrypt(const void *ctx,
    319                                 size_t length,
    320                                 uint8_t *dst,
    321                                 const uint8_t *src)
    322{
    323    const struct TestAES *aesctx = ctx;
    324
    325    AES_encrypt(src, dst, &aesctx->enc);
    326}
    327
    328
    329static void test_xts_aes_decrypt(const void *ctx,
    330                                 size_t length,
    331                                 uint8_t *dst,
    332                                 const uint8_t *src)
    333{
    334    const struct TestAES *aesctx = ctx;
    335
    336    AES_decrypt(src, dst, &aesctx->dec);
    337}
    338
    339
    340static void test_xts(const void *opaque)
    341{
    342    const QCryptoXTSTestData *data = opaque;
    343    uint8_t out[512], Torg[16], T[16];
    344    uint64_t seq;
    345    struct TestAES aesdata;
    346    struct TestAES aestweak;
    347
    348    AES_set_encrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.enc);
    349    AES_set_decrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.dec);
    350    AES_set_encrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.enc);
    351    AES_set_decrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.dec);
    352
    353    seq = data->seqnum;
    354    STORE64L(seq, Torg);
    355    memset(Torg + 8, 0, 8);
    356
    357    memcpy(T, Torg, sizeof(T));
    358    xts_encrypt(&aesdata, &aestweak,
    359                test_xts_aes_encrypt,
    360                test_xts_aes_decrypt,
    361                T, data->PTLEN, out, data->PTX);
    362
    363    g_assert(memcmp(out, data->CTX, data->PTLEN) == 0);
    364
    365    memcpy(T, Torg, sizeof(T));
    366    xts_decrypt(&aesdata, &aestweak,
    367                test_xts_aes_encrypt,
    368                test_xts_aes_decrypt,
    369                T, data->PTLEN, out, data->CTX);
    370
    371    g_assert(memcmp(out, data->PTX, data->PTLEN) == 0);
    372}
    373
    374
    375static void test_xts_split(const void *opaque)
    376{
    377    const QCryptoXTSTestData *data = opaque;
    378    uint8_t out[512], Torg[16], T[16];
    379    uint64_t seq;
    380    unsigned long len = data->PTLEN / 2;
    381    struct TestAES aesdata;
    382    struct TestAES aestweak;
    383
    384    AES_set_encrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.enc);
    385    AES_set_decrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.dec);
    386    AES_set_encrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.enc);
    387    AES_set_decrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.dec);
    388
    389    seq = data->seqnum;
    390    STORE64L(seq, Torg);
    391    memset(Torg + 8, 0, 8);
    392
    393    memcpy(T, Torg, sizeof(T));
    394    xts_encrypt(&aesdata, &aestweak,
    395                test_xts_aes_encrypt,
    396                test_xts_aes_decrypt,
    397                T, len, out, data->PTX);
    398    xts_encrypt(&aesdata, &aestweak,
    399                test_xts_aes_encrypt,
    400                test_xts_aes_decrypt,
    401                T, len, &out[len], &data->PTX[len]);
    402
    403    g_assert(memcmp(out, data->CTX, data->PTLEN) == 0);
    404
    405    memcpy(T, Torg, sizeof(T));
    406    xts_decrypt(&aesdata, &aestweak,
    407                test_xts_aes_encrypt,
    408                test_xts_aes_decrypt,
    409                T, len, out, data->CTX);
    410    xts_decrypt(&aesdata, &aestweak,
    411                test_xts_aes_encrypt,
    412                test_xts_aes_decrypt,
    413                T, len, &out[len], &data->CTX[len]);
    414
    415    g_assert(memcmp(out, data->PTX, data->PTLEN) == 0);
    416}
    417
    418
    419static void test_xts_unaligned(const void *opaque)
    420{
    421#define BAD_ALIGN 3
    422    const QCryptoXTSTestData *data = opaque;
    423    uint8_t in[512 + BAD_ALIGN], out[512 + BAD_ALIGN];
    424    uint8_t Torg[16], T[16 + BAD_ALIGN];
    425    uint64_t seq;
    426    struct TestAES aesdata;
    427    struct TestAES aestweak;
    428
    429    AES_set_encrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.enc);
    430    AES_set_decrypt_key(data->key1, data->keylen / 2 * 8, &aesdata.dec);
    431    AES_set_encrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.enc);
    432    AES_set_decrypt_key(data->key2, data->keylen / 2 * 8, &aestweak.dec);
    433
    434    seq = data->seqnum;
    435    STORE64L(seq, Torg);
    436    memset(Torg + 8, 0, 8);
    437
    438    /* IV not aligned */
    439    memcpy(T + BAD_ALIGN, Torg, 16);
    440    memcpy(in, data->PTX, data->PTLEN);
    441    xts_encrypt(&aesdata, &aestweak,
    442                test_xts_aes_encrypt,
    443                test_xts_aes_decrypt,
    444                T + BAD_ALIGN, data->PTLEN, out, in);
    445
    446    g_assert(memcmp(out, data->CTX, data->PTLEN) == 0);
    447
    448    /* plain text not aligned */
    449    memcpy(T, Torg, 16);
    450    memcpy(in + BAD_ALIGN, data->PTX, data->PTLEN);
    451    xts_encrypt(&aesdata, &aestweak,
    452                test_xts_aes_encrypt,
    453                test_xts_aes_decrypt,
    454                T, data->PTLEN, out, in + BAD_ALIGN);
    455
    456    g_assert(memcmp(out, data->CTX, data->PTLEN) == 0);
    457
    458    /* cipher text not aligned */
    459    memcpy(T, Torg, 16);
    460    memcpy(in, data->PTX, data->PTLEN);
    461    xts_encrypt(&aesdata, &aestweak,
    462                test_xts_aes_encrypt,
    463                test_xts_aes_decrypt,
    464                T, data->PTLEN, out + BAD_ALIGN, in);
    465
    466    g_assert(memcmp(out + BAD_ALIGN, data->CTX, data->PTLEN) == 0);
    467
    468
    469    /* IV not aligned */
    470    memcpy(T + BAD_ALIGN, Torg, 16);
    471    memcpy(in, data->CTX, data->PTLEN);
    472    xts_decrypt(&aesdata, &aestweak,
    473                test_xts_aes_encrypt,
    474                test_xts_aes_decrypt,
    475                T + BAD_ALIGN, data->PTLEN, out, in);
    476
    477    g_assert(memcmp(out, data->PTX, data->PTLEN) == 0);
    478
    479    /* cipher text not aligned */
    480    memcpy(T, Torg, 16);
    481    memcpy(in + BAD_ALIGN, data->CTX, data->PTLEN);
    482    xts_decrypt(&aesdata, &aestweak,
    483                test_xts_aes_encrypt,
    484                test_xts_aes_decrypt,
    485                T, data->PTLEN, out, in + BAD_ALIGN);
    486
    487    g_assert(memcmp(out, data->PTX, data->PTLEN) == 0);
    488
    489    /* plain text not aligned */
    490    memcpy(T, Torg, 16);
    491    memcpy(in, data->CTX, data->PTLEN);
    492    xts_decrypt(&aesdata, &aestweak,
    493                test_xts_aes_encrypt,
    494                test_xts_aes_decrypt,
    495                T, data->PTLEN, out + BAD_ALIGN, in);
    496
    497    g_assert(memcmp(out + BAD_ALIGN, data->PTX, data->PTLEN) == 0);
    498}
    499
    500
    501int main(int argc, char **argv)
    502{
    503    size_t i;
    504
    505    g_test_init(&argc, &argv, NULL);
    506
    507    g_assert(qcrypto_init(NULL) == 0);
    508
    509    for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
    510        gchar *path = g_strdup_printf("%s/basic", test_data[i].path);
    511        g_test_add_data_func(path, &test_data[i], test_xts);
    512        g_free(path);
    513
    514        /* skip the cases where the length is smaller than 2*blocklen
    515         * or the length is not a multiple of 32
    516         */
    517        if ((test_data[i].PTLEN >= 32) && !(test_data[i].PTLEN % 32)) {
    518            path = g_strdup_printf("%s/split", test_data[i].path);
    519            g_test_add_data_func(path, &test_data[i], test_xts_split);
    520            g_free(path);
    521        }
    522
    523        path = g_strdup_printf("%s/unaligned", test_data[i].path);
    524        g_test_add_data_func(path, &test_data[i], test_xts_unaligned);
    525        g_free(path);
    526    }
    527
    528    return g_test_run();
    529}